Privacy Policy

Last updated: 2026-05-15

This Privacy Policy describes how ptm-gtd ("the application", "we", "our") handles data. The application is a personal-use tool operated by its developer for managing their own tasks and emails. It is not offered as a service to other users.

1. Data we access

The application accesses email content from a single dedicated Gmail account (gtd-umang@gmail.com) that is owned and controlled by the developer. The application is authorized via Google OAuth with read-only access (gmail.readonly scope).

The application does not access, read, or process emails from any account other than the dedicated forwarding inbox owned by the developer.

2. How we use the data

Emails received in the dedicated forwarding inbox are parsed by the application to extract task information. Parsing is performed using third-party AI providers (see Section 4). Extracted task data is stored in a private database accessible only to the developer.

The application uses email content for the sole purpose of producing actionable task entries in the developer's personal task manager. No emails or extracted data are shared, displayed publicly, or used for any other purpose.

3. Data storage and retention

Email content and extracted tasks are stored in an Amazon Web Services (AWS) Relational Database Service (RDS) PostgreSQL database in the us-east-1 region. Storage is encrypted at rest. OAuth refresh tokens are additionally encrypted at the application layer using AWS Key Management Service (KMS).

Data is retained until the developer manually archives or deletes it. There is no automatic retention period.

4. Third-party services

The application transmits email content to the following third-party AI providers for parsing and analysis:

• Anthropic (Claude API) — used to extract structured task fields (title, area, stakeholder, time estimate, due date) from email content. See Anthropic's Privacy Policy.
• OpenAI (ChatGPT API) — used to generate suggested automation candidates for accepted tasks. See OpenAI's Privacy Policy.

The application also uses the following service providers for hosting, email delivery, and infrastructure:

• Amazon Web Services (AWS) — application hosting, database storage, secrets management, scheduled tasks. See AWS Privacy Notice.
• Google (Gmail API) — source of email content via authorized read-only access. See Google Privacy Policy.
• Resend — transactional email delivery for application login links. See Resend Privacy Policy.

5. Single-user access

The application uses single-email-allowlist authentication. Only the developer's personal email address can authenticate. No other users may log in or access the application or its data.

6. Data subject rights

The developer is the sole data subject for this application. The developer may at any time:

• Revoke the application's Gmail access via the Google Account permissions page.
• Export all stored tasks as CSV from the application's settings.
• Permanently delete the application's database, terminating all stored data.

7. Security

The application enforces HTTPS-only access, AES-256 encryption at rest for the database, KMS envelope encryption for sensitive credentials, magic-link authentication with single-email allowlist, and IAM least-privilege access to AWS resources.

8. Changes

This Privacy Policy may be updated to reflect changes in the application's behavior. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

For questions about this Privacy Policy or the application's data practices, contact: ugajjar@clearsummitgroup.com.