Privacy Policy

Last updated: April 16, 2026

attachly.ai is operated by BE LABS B.V., a company registered in the Netherlands (KVK: 42022510), with its registered office at Raadhuisstraat 16, 7721 AX Dalfsen ("we," "us," or "our"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

1. Information We Collect

1.1 Account Information

When you sign in with Google, we receive your name, email address, and profile picture from your Google account. This information is used to create and identify yourattachly.ai account.

1.2 Gmail Data

We request read-only access to your Gmail account via the gmail.readonly OAuth scope. We use this access exclusively to:

• Scan email messages for attachments (we do not read or store the body text of your emails)
• Extract attachment metadata: filename, file size, MIME type, sender email, sender name, and date received
• Download attachment files to generate preview thumbnails and cache them for faster browsing

We never modify, delete, or send emails on your behalf. We do not read or store the content of your email messages.

1.3 Payment Information

Subscription payments are processed by Stripe. We do not store your credit card number, CVC, or billing address. Stripe provides us with a customer ID and subscription status, which we store to manage your plan.

1.4 Usage Data

We collect basic operational data such as the number of attachments synced, storage used, and AI queries made. This data is used to enforce plan limits and improve the service.

2. How We Use Your Information

• Provide the service: syncing, indexing, and displaying your Gmail attachments in a visual gallery
• AI-powered search: when you use AI chat, your attachment metadata (not file contents) is sent to our AI provider to answer your queries
• Subscription management: processing payments and enforcing plan limits
• Service improvement: understanding usage patterns to build a better product

3. Data Storage & Security

3.1 Where We Store Data

• Database: User accounts and attachment metadata are stored in a Supabase-hosted PostgreSQL database with row-level security
• File storage: Attachment thumbnails are stored in Supabase Storage (S3-compatible)
• Hosting: The application is hosted on AWS Amplify

3.2 Security Measures

• Gmail OAuth tokens are encrypted at rest using AES-256 encryption
• All data is transmitted over HTTPS/TLS
• Sessions are managed using cryptographically signed JSON Web Tokens (JWT)
• We follow the principle of least privilege—we only request read-only Gmail access

4. Third-Party Services

We use the following third-party services to operate attachly.ai. Each has its own privacy policy:

• Google OAuth & Gmail API — authentication and email attachment access (Google Privacy Policy)
• Supabase — database and file storage (Supabase Privacy Policy)
• Stripe — payment processing (Stripe Privacy Policy)
• Anthropic — AI-powered search and chat (Anthropic Privacy Policy)
• AWS — application hosting (AWS Privacy Policy)

5. Cookies

We use a single session cookie to keep you signed in. This cookie contains a cryptographically signed JWT and does not track you across other websites. We do not use advertising cookies or third-party tracking pixels.

6. Data Retention

• Account data is retained for as long as your account is active
• Attachment metadata and thumbnails are retained until you delete your account or disconnect your Gmail account
• Gmail OAuth tokens are revoked and deleted when you disconnect your Gmail account or delete your account

7. Your Rights

You have the right to:

• Access the data we hold about you
• Delete your account and all associated data by contacting us
• Revoke Gmail access at any time via Google Account Permissions
• Export your data (available on Business plans)

8. Google API Services User Data Policy

attachly.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Gmail data to provide and improve the attachment gallery features of the application
• We do not sell or share Gmail data with third parties for advertising purposes
• We do not allow humans to read your Gmail data unless (a) you give explicit consent, (b) it is necessary for security purposes, (c) to comply with applicable law, or (d) our use is limited to internal operations

9. Children's Privacy

attachly.ai is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the application. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at: privacy@attachly.ai

BE LABS B.V.
Raadhuisstraat 16
7721 AX Dalfsen
The Netherlands
KVK: 42022510