Onit reads your Gmail to extract bills, renewals, and contracts so it can nudge you before deadlines and negotiation windows close. It uses read-only Gmail access, never sends or deletes mail, never stores full message bodies, and lets you disconnect in one tap.

Tokens and any retained snippets are encrypted at rest. Email content is processed by the OpenAI API for extraction; OpenAI's API terms forbid training on customer-submitted content by default. We do not sell data, we do not run advertising SDKs, and we do not train models on your email.

• Account info:your Google email, Google's stable user ID, display name, and avatar URL — supplied by Google when you sign in.
• Gmail OAuth tokens: access and refresh tokens issued by Google, encrypted at rest with AES-256-GCM.
• Extracted obligation fields: payee, amount, currency, due date, action-by date, category, and an up-to-2,000-character note from the source email used to give context inside notifications.
• Gmail message identifiers: the message ID and thread ID, used solely to deep-link back to the original email and to prevent duplicate obligations.
• Device push tokens: the Expo push token issued by your device, used to deliver nudge notifications.
• Operational metadata: timestamps, notification delivery receipts, and minimal request logs (IP, user agent, request ID) retained for 30 days for security and debugging.

• Full email bodies. We fetch them on demand and never persist them.
• Attachments, images, or HTML payloads.
• Your Google password — OAuth means we never see it.
• Contact lists, calendar data, files in Drive, or any non-Gmail scope.
• Advertising identifiers (IDFA / GAID).
• Behavioral analytics from third-party SDKs.

Onit requests the gmail.readonly scope — and only that scope. Onit cannot send mail, modify mail, archive mail, or delete mail. Onit's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• Gmail data is used only to provide and improve the Onit obligation tracker.
• We do not transfer Gmail data for serving advertisements.
• We do not allow humans to read Gmail data, except (a) with your explicit consent, (b) for security investigations, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
• We do not use Gmail data to develop, improve, or train generalized AI/ML models.

When a Gmail message passes a lightweight pre-filter (looks like it might describe a bill, renewal, or contract), Onit sends a truncated copy of that single message to the OpenAI API for structured extraction. OpenAI returns JSON with the obligation fields. OpenAI's API terms prohibit training on data submitted via the API by default.

The pre-filter blocks ~85% of inbox traffic from ever reaching OpenAI. Email content is not retained by Onit beyond the up-to-2,000-character obligation note described above; bodies are discarded immediately after extraction.

• OAuth access and refresh tokens are encrypted with AES-256-GCM. The encryption key lives only in the server process environment.
• Database-at-rest encryption is enabled at the storage layer.
• All transport is TLS 1.2 or better.
• Backups are encrypted and retained for 30 days.

The following vendors process limited categories of data on our behalf:

• Google LLC — OAuth, identity, Gmail API.
• OpenAI, OpCo, LLC — Chat Completions API (`gpt-5-mini`) for structured obligation extraction (per-message, not retained for training).
• Expo — push notification delivery (push token + payload).
• Apple Inc. — APNs push transport (when you use iOS).
• Hosting provider — server hosting, database hosting, and backups.

When you disconnect Gmail or delete your account, Onit purges all obligations, snippets, OAuth tokens, push tokens, and push receipts within 24 hours. Encrypted backups containing that data roll off within 30 days of the deletion. Operational logs are retained 30 days, then deleted.

Depending on where you live (GDPR, UK GDPR, CCPA, and similar laws), you may have rights to access, correct, export, or delete the personal data we hold about you, and to object to or restrict processing. To exercise any of these rights, email thovandeth@gmail.com from the address associated with your account. We respond within 30 days.

Onit is not directed to children under 16 and we do not knowingly collect data from them. If you believe a child has signed up, contact us and we will delete the account.

Material changes to this policy will be announced in-app and by email to the address on your account at least 14 days before they take effect. The current revision date is at the bottom of this page.

Onit is operated by V. Vandeth, Phnom Penh, Cambodia. For privacy questions or data requests, email thovandeth@gmail.com.