Legal
Last updated: 18 March 2026. We've written this in plain English because we believe you deserve to understand exactly what happens with your data. No jargon, no buried clauses.
IntuiReply is an AI email assistant for small business owners. We are based in Norway and operate as the data controller for all personal data collected through our service and website. If you have any questions about this policy or your data, you can reach us at contact@intuireply.com.
We only collect data that is necessary to provide the service. Here is exactly what we collect and why:
Gmail access. When you connect your Gmail account, we request two specific permissions. Read access (gmail.readonly) lets us read your sent emails to learn your writing style and detect new incoming emails via Gmail's History API. Draft creation (gmail.compose) lets us create draft replies in your Gmail Drafts folder. We store an OAuth refresh token to maintain your connection between sessions. IntuiReply never sends emails on your behalf. Every draft requires your explicit action to send.
Your sent emails. During setup, we fetch up to 100 of your sent emails to analyse your writing style. This content is processed by our AI to build a style profile and is not stored as raw email text. Only the resulting style summary is saved.
Your website. You provide your website URL during onboarding. We scrape publicly available pages to extract information about your products, prices, and policies. This becomes your business knowledge base, stored in your private account.
Account information. Your email address is collected when you sign up and is used to manage your account, communicate with you about billing, and provide support.
Payment information. Payments are processed by Stripe. We never see or store your card details. Stripe handles all payment data securely under their own privacy policy.
Website analytics. We use Google Analytics to understand how visitors use our marketing website (intuireply.com). This data is anonymised and used to improve the site.
We want to be direct about this. We will never sell your data to anyone. We do not share your emails, writing style, or business information with other IntuiReply users. Your data is held in your own isolated database. It is completely separate from every other customer's data. We do not use your data for any of the following purposes: targeted advertising, user advertisements, personalised advertisements, retargeted advertisements, interest-based advertisements, selling to data brokers, providing to information resellers, determining credit-worthiness, lending purposes, creating databases for unrelated purposes, or training AI models. We do not transfer your data to any third party for any of these purposes.
We do not allow humans to read your Google user data unless you have given affirmative consent for a specific message, it is necessary for security purposes such as investigating abuse, it is necessary to comply with applicable law, or the data has been aggregated and anonymised for internal operations.
When you connect Gmail, your sent emails are analysed by OpenAI's API (GPT-4o) to create a writing style profile. When a new email arrives, the incoming message is sent to OpenAI's API (GPT-4o-mini) along with your style profile and website knowledge base to generate a draft reply. Your data is used to generate that specific draft and nothing else.
Under our agreement with OpenAI, data submitted via the API is not used to train OpenAI's models. OpenAI processes the data and returns a result. They do not retain your email content after processing. Your emails are not used to make AI smarter for other people. The writing style and business knowledge we build for you stays in your private database and is only ever used to generate your own drafts.
Running IntuiReply requires a small number of trusted third-party services. Here is each one and what they do:
Google / Gmail API: We use Google's OAuth system to connect to your Gmail account and create draft replies inside it.
OpenAI: We use the OpenAI API to generate email drafts. Your data is processed under OpenAI's API data usage policy, which does not permit training on API input data.
Stripe: Handles all payment processing. We never see your card details. Stripe is PCI-DSS compliant.
Supabase: Our database and authentication provider. Your data is stored in a Supabase-hosted PostgreSQL database in the EU. Each customer has their own isolated database row with row-level security.
Firecrawl: Used during your onboarding to scrape your website. Your website's publicly available content is fetched once to build your business knowledge base.
Google Analytics: Anonymous traffic analytics on our marketing website. No personal data from the product app is shared with Google Analytics.
Your account data (email address, Gmail connection, writing style profile, and business knowledge base) is retained for as long as your subscription is active. We retain your personal information only for the length of time needed to fulfil the purposes outlined in this privacy policy. When your subscription ends or you delete your account, we do not keep your data beyond what is necessary.
When you delete your account, all of your data is permanently deleted immediately. This includes your Gmail OAuth tokens, your style profile, your business knowledge base, and your processed email history. There is no recovery after deletion. You can delete your account at any time from your account settings, or you may request deletion by emailing us at contact@intuireply.com.
Website analytics data is retained according to Google Analytics' default settings (26 months), and is not linked to individual user accounts.
Under GDPR, you have the following rights regarding your personal data:
Access: You can request a copy of the personal data we hold about you.
Correction: If any of your data is inaccurate, you can ask us to correct it.
Deletion: You can delete your account and all associated data at any time from your account settings. Deletion is immediate and permanent.
Portability: You can request your data in a portable, machine-readable format.
Objection: You can object to processing of your data where we rely on legitimate interest as the legal basis (for example, website analytics).
To exercise any of these rights, email us at contact@intuireply.com. We will respond within 30 days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with Datatilsynet, Norway's data protection authority, at datatilsynet.no.
Some of the third-party services we use, including OpenAI and Stripe, are based in the United States. When your data is processed by these services, it may be transferred outside the European Economic Area (EEA).
We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these transfers. Supabase, where your data is primarily stored, hosts data within the EU.
Our marketing website (intuireply.com) uses Google Analytics cookies to collect anonymous data about how visitors use the site. No personal information is collected through these cookies.
The product app (app.intuireply.com) uses only the cookies necessary to keep you logged in. No third-party tracking cookies are used in the app.
You can disable cookies at any time in your browser settings. Disabling analytics cookies will not affect your ability to use IntuiReply.
If we make significant changes to this privacy policy, we will notify you by email before the changes take effect. If we change how we use data obtained from Google APIs, we will notify you and obtain your consent before the new use takes effect. Minor updates (such as clarifications or grammar fixes) will be reflected here without a separate notification.
The date at the top of this page always shows when the policy was last updated.
We're a small team and we take your privacy seriously. If you have any questions about this policy or how we handle your data, email us at contact@intuireply.com. We'll respond personally. Not with a form letter.
IntuiReply's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we only use Google user data to provide and improve the core email drafting features visible in our app. We do not transfer Google user data to others except as necessary to provide the service, for security purposes, to comply with applicable law, or as part of a merger or acquisition with prior user consent. We do not use or transfer Google user data for any of the following purposes: targeted advertising, user advertisements, personalised advertisements, retargeted advertisements, interest-based advertisements, selling to data brokers, providing to information resellers, determining credit-worthiness, lending purposes, creating databases for unrelated purposes, or training AI models. We do not allow humans to read Google user data unless the user has given affirmative consent, it is necessary for security or legal purposes, or the data is aggregated and anonymised for internal operations. If we change how we use data obtained from Google APIs, we will notify you and obtain your consent before the new use takes effect.
IntuiReply is designed for business use and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at contact@intuireply.com and we will delete it promptly.
We take the security of your data seriously. Security procedures are in place to protect the confidentiality of your data at every level. All data transmitted between your browser and our servers is encrypted using HTTPS (TLS). Your Gmail OAuth tokens, writing style profiles, and business knowledge bases are stored in encrypted databases with row-level security, meaning each customer's data is technically isolated from every other customer at the database level. We use Supabase, which hosts data within the EU on infrastructure that meets SOC 2 and ISO 27001 standards. Access to production systems is restricted to essential personnel only. We regularly review our security practices to ensure your data remains protected.
.avif)
