Last updated: May 15, 2026 · Effective: May 15, 2026
RAI Inbox ("the App", Google Play package com.aermob.raiemail) is developed and operated by Aerendir Mobile Inc. ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the App.
1. Scope of This Policy
This Privacy Policy applies exclusively to the RAI Inbox Android application (package com.aermob.raiemail). For Aerendir Mobile Inc.'s corporate privacy policy covering our other products and services, see our Global Privacy Policy.
2. Information We Collect
Account information. When you sign in with Google, we receive your email address, name, and profile picture from Google's authentication service. For IMAP/Exchange accounts, server credentials are stored locally on your device only.
Email content and metadata. The App accesses the contents and metadata of messages in your Gmail mailbox (and any IMAP/Exchange accounts you connect) via the Gmail API under the OAuth scopes you grant during sign-in. This includes message bodies, attachments, sender and recipient addresses, subject lines, labels, thread structure, and timestamps. Email content is stored locally on your device and is transmitted off-device only when you invoke an AI feature (see Section 6).
Voice data. When you use voice commands or the "Hey RAI" wake word, audio is processed in real time and is not stored after processing.
Device-level context. Device model, OS version, locale, timezone, network type, battery level, and motion state, used only on-device to enable context-aware AI features.
Usage telemetry. On our relay server, we maintain per-user counters of AI request count, token consumption, and timestamps for billing, quota enforcement, and abuse prevention. We do not log or store the contents of messages or prompts.
We do not collect: your contact list (beyond what you authorize for smart recipient suggestions), your location (GPS or coarse), browsing history, SMS messages, call logs, or data from apps other than your email accounts.
3. Google API Services User Data — Limited Use Disclosure
RAI Inbox's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In particular:
No advertising. We do not use Gmail data for serving advertisements, including personalized, retargeted, or interest-based advertisements. RAI Inbox contains no advertising.
No third-party transfers except as permitted. We do not transfer Gmail data to third parties except as necessary to provide or improve user-facing features that are prominent in the App's user interface, or as required for security purposes (such as investigating abuse), or to comply with applicable law.
No human reading of Gmail data. We do not allow humans to read Gmail data, except (a) with your affirmative agreement for specific messages, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and anonymized.
No sale of Gmail data. We do not sell Gmail data under any circumstances.
4. Gmail OAuth Scopes Requested and Why
RAI Inbox requests the following Gmail OAuth scopes. Each is requested only for the user-facing functionality described below, and we have chosen the narrowest scopes that allow the App to function.
https://www.googleapis.com/auth/gmail.readonly
What the App does with this data: Reads messages, threads, labels, and metadata from your Gmail mailbox to display them in the App's inbox UI, organize them into threads, render attachments, and feed them into on-device AI features (triage, summarization, semantic search, draft generation).
Why a narrower scope is not sufficient:gmail.metadata does not provide message bodies, which are required to display email content the user expects to see in an email client and to power AI features that operate on message content.
https://www.googleapis.com/auth/gmail.send
What the App does with this data: Sends emails the user composes, including AI-assisted replies that the user reviews and approves before sending. The final outgoing message is always shown to the user and must be explicitly approved before transmission.
Why a narrower scope is not sufficient: No narrower Gmail scope allows the App to send mail on the user's behalf. gmail.compose would still permit sending and would additionally grant draft creation, which is not required.
We do not request gmail.modify, https://mail.google.com/, or any other Gmail scope beyond gmail.readonly and gmail.send.
5. How We Use Your Information
To provide and maintain email management features (read, send, organize, search)
To power AI-assisted email composition, summarization, and conversational chat about messages
To process voice commands and wake word detection
To sync emails across your connected accounts
To provide smart contact suggestions when composing
To improve the App through anonymous, aggregated analytics
6. Third-Party Data Processing
OpenAI (AI Features)
When you invoke an AI feature (AI-assisted reply, summarization, conversational chat about an email or thread), the relevant email content is sent from the App, through Aerendir's relay server, to OpenAI for inference.
Relay role. Aerendir's relay server acts only as an authenticated proxy. It forwards the request to OpenAI and returns the response. The relay does not log or store the contents of email messages, prompts, or AI responses.
OpenAI processing. Email content sent for inference is subject to OpenAI's API data usage terms, available at openai.com/policies/api-data-usage-policies. Under OpenAI's API terms, OpenAI does not use API inputs or outputs to train its models by default.
What the relay does store. Only per-user usage counters (request count, token count, timestamps, account identifier) for billing, quota enforcement, and abuse prevention. Never message bodies, prompts, or responses.
User control. AI features are opt-in. You can disable them in the App's Settings, in which case no email content is transmitted off-device for AI processing. Non-AI email functionality continues to work entirely on-device.
Stripe: Subscription payment processing, governed by Stripe's Privacy Policy. Stripe does not receive any of your email content.
7. On-Device Processing
All Gmail messages, attachments, and metadata synced to the App are stored locally on your device in a private, app-sandboxed SQLite database not accessible to other applications.
Vector embeddings used for on-device semantic search are computed locally on the device and stored encrypted at rest using AES-256-GCM with keys held in the Android Keystore.
Aerendir does not store your Gmail messages, attachments, or metadata on its servers. Your inbox data does not transit Aerendir's infrastructure except as a transient payload to OpenAI when you invoke an AI feature (see Section 6).
8. Data Storage and Security
We protect your data on the device and in transit using the following technical controls:
Device storage. Android File-Based Encryption (FBE), AES-256-XTS, hardware-backed via the device's Keystore and Trusted Execution Environment, applied to all app-private storage including the local SQLite database.
Credentials and OAuth tokens. Stored in Android EncryptedSharedPreferences using AES-256-SIV for keys and AES-256-GCM for values, with the master key managed by the Android Keystore.
Vector embeddings. Encrypted with AES-256-GCM; key managed by the Android Keystore.
User-initiated backups. Encrypted with AES-256-GCM, using a key derived from a user-supplied password via PBKDF2-HMAC-SHA256 (100,000 iterations, 256-bit key, 256-bit salt).
Network transport. All traffic between the App, the Aerendir relay, the Gmail API, and OpenAI is transmitted over TLS 1.2 or higher.
Independent security assessment. RAI Inbox is undergoing an independent CASA Tier 2 security assessment, conducted by TAC Security (Assessment ID: RAIInboxv123CASATie). Static security scanning and the self-assessment questionnaire (SAQ) have completed with clean results; the full assessment is in progress.
Although we take appropriate measures to safeguard against unauthorized disclosure of information, no system of electronic storage or transmission can be guaranteed to be 100% secure.
9. Permissions
The App requests the following Android permissions:
Internet: To sync emails and connect to AI services
Microphone: For voice commands and wake word detection
Contacts: For smart recipient suggestions when composing emails
Accounts: For Google Sign-In and multi-account management
Foreground Service: For background email sync
10. Data Retention and Deletion
On-device data. Gmail data stored locally on your device persists until you sign out, clear the App's storage, or uninstall the App. Signing out triggers a wipe of the local Gmail database and cached credentials.
Relay-side usage counters. Aerendir retains per-user usage counters for up to twelve (12) months for billing and quota enforcement, after which they are deleted. No message content is retained at any time.
Revoking access. Revoke RAI Inbox's access to your Gmail account at any time at myaccount.google.com/permissions. Revocation immediately prevents the App from making further Gmail API calls on your behalf.
Deletion requests. Email info@aermob.com with subject line "RAI Inbox Data Deletion Request". Verified requests are actioned within 30 days.
11. Your Rights
Remove your account and all local data from the App at any time
Delete your account and all associated server-side data using the Delete Account button in the App's settings
Disable AI features in Settings to prevent any email content from being transmitted off-device
12. Children's Privacy
The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Material changes will be communicated via an in-App notice prior to taking effect. Continued use of the App after changes constitutes acceptance of the revised policy.