Brevity Logo

Privacy Policy

Brevity ("we", "our", "us") is a desktop email client that lets you securely access your Gmail account. Brevity is built with a local-first architecture: your email data stays on your device. This policy explains what data we collect, what we do not collect, and how our opt-in AI features work.

Data We Collect

  • Google OAuth Information. When you sign in with Gmail, Google provides tokens so the app can access Gmail on your behalf. We request the minimum OAuth scopes needed (mail.google.com) and never see or store your Google password.
  • Local Application Data. Your email content is stored and cached locally on your computer only. We do not copy your inbox, email bodies, or attachments to Brevity servers.
  • Opt-In AI Feature Data. Brevity chat and AI workflows are optional. We only send content to Anthropic when you choose to use chat or configure/enable an AI workflow. If you do not opt in, your data is not sent to Anthropic.
  • Browser Extension Data. If you install the optional Brevity Browser Connector Chrome extension, it can—only after you explicitly authorize each task—access web page content (text, URLs, page titles) and capture screenshots in a dedicated browser tab controlled by the AI assistant. This data is transmitted only to your local Brevity desktop app over a localhost connection. Page content and screenshots may then be sent to Anthropic as part of the opt-in AI features described above. The extension does not access browsing activity outside of its own dedicated tabs, and no browser data is sent to Brevity servers.
  • Basic Product Telemetry (PostHog). We use PostHog for basic product analytics and reliability (for example, app diagnostics and user-submitted bug report events). We do not log or store the contents of your emails in PostHog.
  • Website Analytics. Our website (withbrevity.email) uses Vercel analytics to measure aggregate traffic such as page views and downloads.
  • Advertising Analytics (Meta). Our website uses the Meta Pixel and Meta Conversions API to measure the effectiveness of our advertising campaigns on Facebook and Instagram. These tools may collect information such as your IP address, browser type, pages visited, and actions taken on our website (for example, downloading the app or completing a purchase). Meta may use a cookie (_fbp) to identify your browser and a click identifier (_fbc) to associate your visit with a specific ad interaction. We share hashed (irreversible, one-way encrypted) email addresses with Meta for conversion measurement. We do not share the contents of your emails or any data from the Brevity desktop application with Meta.

How We Use Your Data

We use collected data to:

  • Authenticate you with Google and maintain your session.
  • Display your inbox, send email, and provide core functionality processed locally on your device.
  • Provide optional AI chat and AI workflow automation only when you opt in and use those features.
  • Measure high-level product reliability and website performance.

What We Cannot Access

  • We cannot see the contents of your emails on our servers.
  • We cannot take over your Google account, including for support.
  • We do not have a server-side inbox copy we can browse.

Data Sharing

We do not sell, rent, or monetize your personal data or email content. We share data only:

  • With Google to authenticate your account via OAuth 2.0.
  • With Anthropic only when you opt into chat or AI workflows and invoke those features. This may include email content from your local inbox and, if you use the Browser Connector extension, web page content and screenshots from authorized browsing tasks.
  • With PostHog for basic product telemetry and diagnostics. Email content is not logged there.
  • With Meta Platforms, Inc. for advertising measurement. We share hashed email addresses and website interaction data (page views, downloads, purchases) to measure ad campaign performance. Meta processes this data under its own privacy policy. You can opt out of Meta's tracking via your browser's cookie settings or Meta's Ad Preferences.
  • With service providers who host our website (Vercel), only as needed to provide that service.
  • When required by law (e.g., valid subpoena) after we exhaust options to contest the request and, if legally permitted, notify you.

Security

We follow industry standards to protect data:

  • All network traffic between your device and Google’s servers is encrypted with TLS 1.3.
  • Access to any cloud services we use is restricted and audited.

Data Retention

OAuth tokens and local email caches reside on your device and are removed when you sign out or uninstall the application. Product telemetry is retained for a limited period consistent with our operational needs.

Your Privacy Rights

Depending on where you live, you may have rights under laws such as the GDPR (EU/UK), CCPA (California), or similar regulations. These may include the right to access, correct, delete, or restrict processing of your personal data. To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

Google API Services Compliance

Brevity’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not have the ability to access your inbox content on our servers.

Changes to This Policy

We may update this Privacy Policy to reflect changes to our practices or for legal reasons. If we make material changes, we will provide notice through the app or our website at least 14  days before the update becomes effective.

Contact Us

For questions or concerns about this policy, contact our Data Protection Officer at [email protected].

Last updated: March 14, 2026