OushiOushiBack to home

Last updated · May 17, 2026

Privacy Policy

This policy explains what Oushi collects, why, and what we'll never do with it. We've tried to write it in plain English. If something is unclear, email us.

TL;DR

Oushi reads your Gmail so it can do its job. We don't sell your data, use it for ads, or train AI models on it. You can disconnect or delete everything anytime.

1. Who we are

Oushi (“Oushi,” “we,” “us”) is an AI inbox assistant. This Privacy Policy applies to the Oushi website and product at oushi.app(the “Service”).

By using Oushi, you agree to the practices described here.

2. What we collect

To do what we do, we need access to certain information:

Your Gmail content

Email subject lines, sender and recipient addresses, dates, message bodies, attachments, thread IDs, and labels. This is fetched live from Google's Gmail API using OAuth tokens you grant us. We also fetch your most recent sent messages to learn your writing voice.

Your Google account info

Your email address and Google account ID, used to identify your Oushi account and authenticate you on return visits.

OAuth tokens

Refresh and access tokens issued by Google so Oushi can read your inbox in the background. These are stored encrypted at rest.

Your Oushi-specific data

Your profile (bio, interests, priorities, noise), your topic boards, your feedback signals (which emails you mark as 'good' or 'not relevant'), your muted senders, and the memories Oushi extracts about your relationships and commitments.

Calendar data (if you grant the scope)

Read/write access to your primary Google Calendar, used only to create events you explicitly ask Oushi to save. We never read your calendar contents otherwise.

Basic analytics

We log standard server access info (IP address, request paths, error reports) for security and reliability. We do not use third-party advertising analytics.

3. Why we collect it

Every piece of data we collect is used to provide and improve the Service for you. Specifically:

  • Reading your Gmail content lets Oushi rank emails, write briefings, draft replies in your voice, and remember context across threads.
  • OAuth tokens let Oushi sync your inbox in the background without you logging in every time.
  • Your profile and feedback let Oushi personalize its rankings and drafts to you specifically.
  • Calendar access lets Oushi create events you ask it to save.
  • Server logs let us debug, prevent abuse, and keep the Service running.

4. Google API Services compliance

Oushi's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This specifically means:

  • We will never sell your Gmail data to anyone.
  • We will never use it for advertising, whether on Oushi or any third-party platform.
  • We will never use your Gmail content to train generalized AI or ML models. Your data is used to personalize your Oushi experience only.
  • We will not let humans read your Gmail content except in narrow cases: (a) with your explicit consent, (b) for security investigations (e.g., to detect abuse), (c) for required debugging where automated tools are insufficient, or (d) when legally required.
  • Sub-processors (described below) only process your data in service of providing Oushi to you, and they do not get standalone rights to your data.

5. Who else sees your data (sub-processors)

We use a small set of trusted infrastructure providers to operate Oushi. Each only sees the minimum data needed to do their job, and each has their own SOC2-compliant security posture.

Google

Hosts your Gmail and Calendar. Oushi reads from and writes to Google's APIs on your behalf with your OAuth consent.

Supabase

Stores your account, profile, topic boards, feedback, and indexed email metadata in a Postgres database. Hosted in the US.

Anthropic

Provides the Claude AI models that rank emails, write briefings, draft replies, and extract memory. Anthropic's API does not retain your data for training (per their data usage policy).

Vercel

Hosts the Oushi web application and runs background jobs (cron). Receives standard request logs.

Sub-processors may change as we evolve the product. We will update this policy if so.

6. How we store and protect your data

  • All data in transit is encrypted using TLS.
  • All data at rest is encrypted using industry-standard encryption (AES-256).
  • OAuth tokens are stored encrypted in the database and are never shown in our logs or analytics.
  • Row-level security is enforced in our database: even if there were a bug in our app, users cannot read each other's data.
  • We do not store your Google password — only the OAuth tokens Google issues us. Revoke them anytime at your Google Account → Security → Third-party apps.

7. How long we keep your data

We keep your data only as long as you use Oushi. If you delete your account, we delete all of your data from our systems within 30 days (with the exception of anonymized server logs, retained up to 90 days for security and debugging).

Synced email metadata is kept while you're an active user so we can show you your past inbox and surface old commitments. Memory entries auto-expire on a schedule (typically 30-365 days) unless you pin them.

8. Your rights

You can do all of the following yourself, anytime, from your Settings page:

  • Export your data: One-click JSON download of everything Oushi has about you — profile, boards, feedback, synced emails, memories.
  • Delete your account: One-click permanent deletion of everything across all our tables, plus your auth record.
  • Disconnect Gmail: Revoke Oushi's access via your Google Account at any time. Oushi will stop syncing immediately.
  • Edit or delete memories: View, pin, or forget any specific memory Oushi has formed about you.
  • Edit your profile: Update bio, interests, priorities, and noise filters at any time.

If you reside in the EU/UK, you also have the right to access, correct, port, or restrict processing of your personal data, and to lodge a complaint with your local data protection authority. To exercise these rights beyond what the in-app controls allow, email hi@oushi.app.

If you reside in California, you have additional rights under the CCPA, including the right to know what we collect, the right to delete, and the right not to be discriminated against for exercising your rights. We do not sell personal information.

9. Children

Oushi is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

10. International users

Oushi is operated from the United States and our infrastructure providers are primarily based in the US and EU. By using Oushi, you consent to your data being processed in the US.

11. Changes to this policy

When we make material changes to this policy, we'll update the “Last updated” date at the top and, where reasonable, notify you via email or in-app. Continued use of Oushi after changes means you accept the new policy.

12. Contact

Questions, requests, or concerns? Email hi@oushi.app. We aim to respond within a few business days.