Legal

Privacy Policy

Last updated: 5 June 2026 · Effective: 5 June 2026

This Privacy Policy describes how the personal applications operated by Alexander Chepurko ("we", "us", the "operator") at app.chepurko.eu handle information. These applications are single-user and private: they exist to let the operator manage his own accounts and data. There is no public registration and no service is offered to third parties.

Scope

This policy covers the back-end services and OAuth integrations hosted at app.chepurko.eu, including a private AI assistant that connects to the operator's own Google account to help triage, organise, draft, and manage email, calendar and tasks on the operator's behalf.

Information We Access

Google account identity: your email address and basic profile, to identify the connected account.
Gmail data (via the Gmail API): message contents, headers, labels and related metadata, accessed under the gmail.modify and Gmail settings scopes, to read, organise, label, draft and send mail at the operator's direction.
OAuth tokens: access and refresh tokens issued by Google to maintain the connection.

No data from any person other than the operator (the account owner) is collected. The applications are not used to process other people's accounts.

How We Use Information

Solely to provide the assistant and related personal-productivity features to the account owner.
Email sending and calendar changes are performed only at the owner's explicit direction (draft-and-confirm by default).

Limited Use Disclosure (Google API Services User Data Policy)

The use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained from Google APIs is not:

sold, transferred, or disclosed to third parties, except as necessary to provide or improve the operator's own single-user features, for security, or to comply with applicable law;
used or transferred for serving advertisements;
used to train, develop, or improve generalized or non-personalized AI/ML models. Message content is only passed transiently to AI models to perform a task the owner requested (e.g. summarising or drafting), and is not retained by those models for training.

Human access to Google user data is limited to the operator and to what is necessary for security, to comply with law, or to perform operations the operator has authorised.

Storage & Security

OAuth tokens are stored with restricted file permissions / OS keyring on a private server controlled by the operator, not in any public or shared location.
Email content is processed transiently to perform requested tasks; durable copies are limited to what the assistant records for the owner (e.g. notes the owner asked it to keep) and remain on the operator's private infrastructure.
Connections use TLS/HTTPS.

Data Sharing

We do not sell or rent data. Data is not shared with third parties except: (a) infrastructure and AI service providers acting under contract solely to perform a task the owner requested, bound by their own confidentiality and the Limited Use terms above; or (b) where required by law.

Data Retention & Deletion

You may revoke this application's access at any time at myaccount.google.com/permissions, which invalidates its tokens.
To request deletion of any stored data, contact the operator (below); stored tokens and any retained data will be deleted.

Children

These are private personal tools and are not directed to children.

Changes

This policy may be updated; the "Last updated" date will change accordingly.

Contact

Alexander Chepurko — alex@chepurko.eu