Legal
Privacy Policy
Effective date: March 28, 2026
1. Introduction
SvareAI ("we", "us", "our") operates the svareai.com web application. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.
2. Information we collect
Account information — name, email address, and password when you register.
Payment information — processed and stored by Stripe. We do not store card numbers on our servers.
Email data — when you connect a Gmail account, we access message metadata (sender, recipient, subject, date), message bodies, labels, and thread information. This data is used solely to classify emails, generate draft replies, and display your conversations within the app.
Knowledge base content — documents, FAQs, and other materials you upload to train the AI on your business context.
Usage data — pages viewed, features used, browser type, and IP address, collected via standard server logs.
3. How we use your information
- To provide and operate the SvareAI service
- To classify incoming emails and generate AI-drafted replies
- To process payments and manage subscriptions
- To send transactional emails (account confirmation, password resets, billing receipts)
- To improve and troubleshoot the service
4. AI processing
Email content and knowledge base data are sent to third-party AI providers (currently Anthropic) to generate classifications and draft replies. These providers process data according to their own privacy policies and do not use your data to train their models.
5. Data sharing
We do not sell your personal information. We share data only with:
- Stripe — payment processing
- Anthropic — AI classification and reply generation
- Google — Gmail API access (governed by Google's API Services User Data Policy)
- Infrastructure providers — hosting and database services
6. Google API Services — Limited Use Disclosure
SvareAI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Gmail data to provide and improve the email features you explicitly authorise. We do not use Gmail data for advertising or share it with third parties except as described above.
7. Data retention
We retain your data for as long as your account is active. Email data is refreshed periodically and older processed data may be pruned. When you delete your account, we remove your personal data within 30 days, except where retention is required by law.
8. Security
We use encryption in transit (TLS) and at rest for sensitive credentials. OAuth tokens and API keys are stored using Laravel's encrypted storage. Access to production systems is restricted and audited.
9. Your rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal data
- Export your data in a portable format
- Revoke Gmail access at any time via your Google Account settings
- Delete your SvareAI account
10. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.
11. Changes to this policy
We will notify active users of material changes via email with at least 14 days' notice. Continued use after the effective date constitutes acceptance.
12. Contact
For privacy-related inquiries, contact us at support@svareai.com.
13. Cookies
SvareAI uses only strictly necessary cookies. These cookies are required for the website and application to function and cannot be disabled.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| XSRF-TOKEN | Cross-site request forgery protection — validates that form submissions originate from our site | Session | Strictly necessary |
| svareai_session | Maintains your login session while you use the application | Session | Strictly necessary |
| cookie_notice_dismissed | Remembers that you have dismissed the cookie notice (stored in localStorage, not a cookie) | Persistent | Preference |
We do not use analytics cookies, advertising cookies, or any third-party tracking scripts. No cookie consent is required for strictly necessary cookies under GDPR and the ePrivacy Directive.