Privacy Policy

Last updated: May 8, 2026

SmrtFlo is an email workflow application that helps users triage, tag, route, summarize, draft replies, create tasks, and manage calendar-related workflows connected to their Google account. This Privacy Policy explains what information SmrtFlo collects, how it is used, how Google user data is handled, and how users can request deletion or revoke access.

Information We Collect

SmrtFlo may collect account information, Google profile information, authentication session information, OAuth tokens needed to operate the app, Gmail message metadata and content, sender and recipient fields, subject lines, snippets, labels, threads, attachments when opened or analyzed, message state, Google Contacts data used for autocomplete and workflow fields, calendar lists, event availability, task due dates and notes, user preferences, workflow definitions, background job state, AI-generated workflow information, optional SMS notification information, optional microphone audio and transcripts for voice commands, and technical logs needed to secure, debug, and improve the service.

How We Use Information

SmrtFlo uses information to provide user-facing features including inbox sync, workflow views, important email tagging, auto categorization, auto routing, AI response preparation, custom reply polish, forwarding polish, task creation, calendar availability, reminders, and agentic analysis. SmrtFlo also uses logs and audit records to diagnose errors, prevent abuse, secure the service, and confirm that background processes completed correctly.

Google User Data

SmrtFlo accesses Google user data only after a user signs in with Google and grants permissions through Google OAuth. SmrtFlo uses Gmail data to display email workflows, tag important messages, categorize and route emails, prepare replies, show recipients and thread context, process selected attachments, and perform user-requested email actions such as applying labels, marking messages read or unread, moving or routing messages, trashing messages, sending replies, forwarding messages, and sending new emails.

SmrtFlo uses Google Calendar data to show availability, create or update user-requested calendar events, and support scheduling features. SmrtFlo uses Google Tasks data to create user-requested tasks. SmrtFlo uses Google Contacts data only to help users find recipients and complete email, reply, forwarding, scheduling, and workflow fields faster.

SmrtFlo does not sell Google user data, does not use Google user data for advertising, and does not transfer Google user data to advertising platforms, data brokers, or information resellers.

AI Processing

Some SmrtFlo features send selected email content, message metadata, attachments, user instructions, category preferences, and workflow context to AI service providers so the app can provide visible user-facing features such as tagging, routing suggestions, summaries, reply drafting, custom reply polish, forwarding polish, and analysis. SmrtFlo currently supports Google Gemini or Vertex AI for many AI features and Anthropic Claude for agentic analysis features when enabled.

SmrtFlo does not use Google user data to train, improve, or build generalized AI models, foundation models, or frontier models. SmrtFlo does not permit AI service providers to use Google user data for advertising or to train their generalized models.

Sharing and Service Providers

SmrtFlo shares information with service providers only as needed to operate the application, including cloud hosting, database/storage providers, Google APIs, AI providers, logging, security, and deployment infrastructure. Service providers may process information on SmrtFlo's behalf, but SmrtFlo does not permit them to sell Google user data or use it for advertising.

Security

SmrtFlo uses reasonable safeguards designed to protect data in transit and at rest, including HTTPS, access controls, encrypted storage for sensitive OAuth tokens, and operational controls for production systems. No system is perfectly secure. Users should protect their Google account, review OAuth permissions before granting access, and revoke access if they stop using SmrtFlo.

Retention and Deletion

SmrtFlo retains account, workflow, preference, generated, and Google-derived data for as long as needed to provide the service, comply with legal obligations, resolve disputes, maintain security, and improve reliability. Users may disconnect SmrtFlo from their Google Account at any time through Google Account permissions. Revoking access stops future access to Google data, but it may not automatically delete data already stored by SmrtFlo.

To request deletion of SmrtFlo-stored account data, email support@smrtflo.net. SmrtFlo will process deletion requests subject to legal, security, and operational retention requirements.

Google API Limited Use Disclosure

SmrtFlo's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Contact

Questions, privacy requests, and deletion requests may be sent to support@smrtflo.net.