Short version: Signal reads your Gmail in your browser to triage messages. We do not store your emails. We do not sell your data. Ever.
1. Who We Are
Signal ("we", "us", "our") is a notification triage tool operated by Signal Labs. Our website is signal-triage.net. You can contact us at signaltriage@gmail.com.
2. What Data We Collect
When you connect Gmail, Signal requests read-only access to your Gmail inbox via Google's OAuth 2.0 service. This gives us a temporary access token stored in your browser session. We use that token to:
- Fetch your most recent inbox messages directly from the Gmail API
- Read message metadata (sender, subject, date, labels)
- Score and rank messages by priority in your browser
We do not read message body content. We do not transmit your emails to our servers. All processing happens in your browser.
If you create an account, we store your email address and, optionally, a display name in our database (hosted on Supabase in the EU).
3. What We Do Not Collect
- Email body content
- Attachments
- Contact lists
- Historical email data beyond your current session
- Device identifiers or tracking pixels
4. How We Use Your Data
The Gmail access token is used solely to display your triaged inbox to you. It is never sent to our servers, logged, or shared with any third party.
Your account email is used only for authentication. We do not send marketing emails without your explicit consent.
5. Data Sharing
We do not sell, trade, or rent your personal data to third parties. We use the following sub-processors to operate the service:
- Supabase — authentication and account storage (EU region)
- Vercel — website hosting and delivery
- Google — Gmail API access (you authorise this directly via Google)
6. Your Rights
Under GDPR and applicable data protection law, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and data
- Withdraw your Gmail authorisation at any time via Google Account Permissions
To exercise any of these rights, email us at signaltriage@gmail.com.
7. Data Retention
Your account data is retained until you request deletion. Gmail session tokens expire when you close your browser or sign out. We do not retain any copy of your inbox data.
8. Cookies
We use session cookies only for authentication (managed by Supabase). We do not use advertising cookies, analytics cookies, or any third-party tracking.
9. Children's Privacy
Signal is not directed at children under 13. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.
10. Changes to This Policy
We may update this policy from time to time. We will note the date of the most recent revision at the top of this page. Continued use of Signal after changes constitutes acceptance of the updated policy.
11. Contact
Questions about privacy? Email signaltriage@gmail.com.