Privacy.

We request a read-only scope from your email provider. For Gmail this is the gmail.readonly scope, which allows us to search your inbox — but in practice we only ever fetch the From, Subject, and Date headers of matching messages (using Gmail's format=metadata request). For Outlook we request an equivalent read scope and access the same header fields. We never read message bodies or attachments, and neither scope permits sending, deleting, or modifying email.

We store the list of services we detect (name, domain, category, first/last seen date, an inactive/sensitive flag) plus a risk score, all tied to a scan ID. Your email address is associated with the scan so you can find it again. That's the entire dataset.

Access tokens are cleared from our database immediately after each scan completes (or fails). They are never persisted long-term. To run another scan you reconnect through OAuth, which issues a fresh token.

We don't sell your data. We don't share it with advertisers. We don't use third-party analytics or tracking cookies on this site.

You can delete a scan and all of its detected accounts at any time by sending an HTTP DELETE request to/api/scan/<scanId>. The scan and all its account rows are removed. Email hello@privvly.app if you'd like us to do it for you.

Questions, security reports, or deletion requests: hello@privvly.app.