Privacy Policy

Last updated: March 20, 2026

1. Introduction

Somra ("we," "our," or "us") is an AI-powered email management tool that helps you automatically label, route, and draft responses for your email inboxes. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at www.somra.app.

Somra's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. Data Accessed

When you connect your Google account to Somra, we request access to the following specific types of Google user data:

Google Account Information

When you sign in with Google OAuth, we receive your name, email address, and profile picture. We do not receive or store your Google password.

Gmail Data

With your explicit authorization, Somra accesses the following Gmail data through the Gmail API:

  • Email metadata: Sender, recipient, subject line, date, and existing labels
  • Email body content: The text content of incoming emails, used for AI categorization and labeling
  • Email labels: Reading and applying Gmail labels to organize your inbox
  • Draft creation: Creating draft responses in your Gmail account when configured
  • Sent emails: Reading your recent sent emails only when you opt in to the Brand Voice feature, to learn your writing style

Slack Data

If you optionally connect Slack, we access your workspace's channel list and user directory solely to route email notifications to your chosen destinations. We do not read your Slack messages.

User-Provided Content

This includes AI processing rules you write, context files you upload (such as PDFs or documents), and configuration preferences (timezone, AI model selection).

3. Data Usage

We use Google user data exclusively to provide and operate the Somra service as follows:

  • Email Processing: Incoming email content is sent to your selected AI provider for real-time analysis against your custom rules. The AI categorizes and labels emails, and optionally creates draft responses.
  • Slack Routing: When configured, email summaries and time-sensitive alerts are sent to your designated Slack channels or users.
  • Brand Voice: When you opt in, your recent sent emails are analyzed once to extract writing patterns. The resulting voice profile is stored as part of your configuration — the original sent emails are not stored.
  • Action Logging: We store metadata about actions taken (e.g., "email labeled as Action Required") so you can review your AI activity on the dashboard.

We do not use Google user data for advertising, marketing to third parties, training AI models, or any purpose unrelated to providing Somra's features. We do not allow humans to read your email content unless required for security purposes or by law.

4. Data Sharing

We share Google user data only in the following limited circumstances, solely to provide the service you configured:

  • AI Processing Providers: Email content is sent to the AI provider you selected in Settings (e.g., OpenAI, Google Gemini, or Anthropic) for real-time categorization and response drafting. This data is transmitted securely and is processed according to each provider's data usage policies. We do not send data to any AI provider you have not selected.
  • Slack (User-Configured): If you configure Slack routing, email summaries and alerts are delivered to your designated channels. Only the summary content you define is shared — not raw email data.
  • Infrastructure Providers: Our hosting and database providers process data as part of operating the service but do not independently access or use your Google data.

We do not sell, rent, or share Google user data with any third parties for advertising, analytics, or any commercial purpose. Data is shared only as described above to deliver the features you have configured.

5. Data Storage & Protection

We take the security of your data seriously and implement the following measures:

  • Email content is not stored: Email content is processed in real-time (in memory) and is not persistently stored on our servers. Only action metadata (labels applied, actions taken, timestamps) is retained.
  • Encrypted authentication: OAuth tokens are stored securely with encryption and are never exposed to the client-side application.
  • Access controls: Our database enforces row-level security, ensuring users can only access their own data.
  • No password storage: We use OAuth 2.0 exclusively — we never see or store your Google or Slack passwords.
  • Encryption in transit: All connections between your browser, our servers, and third-party APIs use HTTPS/TLS encryption.
  • Secure hosting: Our application and database are hosted on industry-standard platforms with enterprise-grade security certifications.

6. Data Retention & Deletion

What we retain

  • Email content: Never stored. Processed in real-time only.
  • Action metadata: Retained while your account is active (e.g., "email labeled as Updates").
  • Configuration data: AI rules, Slack routes, preferences, and context files are retained while your account is active.
  • OAuth tokens: Retained while your account is connected. Deleted immediately when you disconnect.

How to delete your data

You have full control over your data:

  • Pause processing: Toggle AI processing off for any inbox at any time from your dashboard.
  • Disconnect accounts: Remove Gmail or Slack connections from the dashboard, which immediately deletes associated tokens.
  • Revoke via Google: You can revoke Somra's access at any time from your Google Account security settings.
  • Delete account: Request complete deletion of your account and all associated data by contacting us at the email below. All data will be permanently deleted within 30 days.
  • Export data: You can request a copy of your stored data at any time.

7. Third-Party Services

We use the following third-party services to operate Somra. Each processes data only as necessary to provide the service:

  • Google APIs — Gmail access via OAuth 2.0 for email reading, labeling, and drafting
  • OpenAI, Google Gemini, and Anthropic APIs — AI-powered email analysis (user-selected)
  • Slack API — Notification and summary routing (user-configured)

Each of these services has their own privacy policies. We encourage you to review them.

8. Children's Privacy

Somra is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or an in-app notification. Continued use of Somra after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to request data deletion or export, please contact us at:

Email: fernando.anselmi@gmail.com