← Back to PigeonMCP

Privacy Policy

Last updated: April 12, 2026

1. Information We Collect

Account information: Email address, name, and password hash when you create an account. If you sign in with Google, we receive your name and email from Google.

Connected email accounts: OAuth tokens (encrypted) for Gmail and Outlook accounts. App passwords (encrypted) for IMAP accounts. We store the email address and provider type for each connected account.

Usage data: Server logs including IP addresses, request timestamps, and error information. These are retained for operational purposes and automatically purged.

2. Information We Do NOT Collect

• We do not store, cache, or index your email content
• We do not read your emails except when explicitly requested through MCP tools
• We do not share your data with third parties
• We do not use your data for advertising or training AI models

3. How We Use Your Information

• To authenticate you and maintain your session
• To connect to your email providers on your behalf
• To fetch, search, and send email when requested through MCP tools
• To diagnose and fix technical issues

4. Data Security

OAuth tokens and passwords are encrypted at rest using AES-256-GCM with per-user derived encryption keys. All connections use HTTPS. We follow industry security practices including rate limiting, input validation, and SSRF protection.

5. Data Retention

Account data is retained as long as your account is active. When you disconnect an email account, its stored tokens are immediately deleted. When you delete your account, all associated data is permanently removed.

6. Third-Party Services

We use the following third-party services:

• Google APIs: Gmail API and Google People API for connected Google accounts
• Microsoft Graph: For connected Outlook accounts
• Neon: PostgreSQL database hosting
• Fly.io: Application hosting

7. Your Rights

You may at any time:

• View your connected accounts in the dashboard
• Disconnect any email account
• Delete your PigeonMCP account
• Request a copy of your stored data

8. Changes to This Policy

We may update this policy as our practices evolve. We will notify users of material changes.

9. Contact

Privacy questions may be directed to support@brunchlabs.com.