Security

Last updated: May 2026

MarkAI is built around Gmail integration. We take the security and privacy of your email data seriously. This page explains exactly what data we access, how we protect it, and who can ever see it.

What Gmail Data We Access and Why

When you connect your Gmail account, MarkAI requests the following OAuth scopes:

• Read email messages and threads — to display your inbox and conversation history inside MarkAI's unified inbox view.
• Read conversation context — to give the AI enough history to generate accurate, context-aware reply suggestions.
• Send email on your behalf — only when you explicitly choose to send an AI-drafted reply. MarkAI never sends email without your direct action.
• Manage drafts — to create reply drafts in your Gmail account, which you review before sending.

We request only the minimum permissions required to operate the service. We do not request access to contacts, calendar, Drive, or any other Google service beyond Gmail.

Email Content Storage

MarkAI does not store your email content beyond what is strictly required to generate reply suggestions. Email body text is passed to the AI model at the time of processing and is not written to persistent storage. Metadata (subject lines, sender/recipient addresses, timestamps, thread IDs) is stored to power the inbox view and analytics features.

Encryption

• In transit: All communication between your browser, our servers, and third-party APIs uses HTTPS/TLS. Data is never transmitted over unencrypted connections.
• At rest: Gmail OAuth tokens (which grant access to your Gmail) are encrypted using AES-128-CBC (Fernet encryption) before being written to the database. Your tokens are never stored in plaintext.
• Passwords: User account passwords are hashed with bcrypt and are never stored in recoverable form.

Data Sharing

We do not sell or share your data with anyone. The only exception is Anthropic (the company behind the Claude AI model), which receives email content solely to generate reply suggestions on your behalf. This processing is covered by Anthropic's Privacy Policy. No other third party receives your email data.

Employee Access

No MarkAI employee or contractor reads customer emails. Access to production systems is restricted and logged. We will only access email data in exceptional circumstances where you have explicitly asked us to investigate a technical issue and have granted permission.

Google OAuth Warning Screen

When you connect your Gmail account, Google may display a warning that reads "Google hasn't verified this app" or shows a caution screen before you proceed.

This warning is expected and does not mean MarkAI is unsafe. It appears because:

• MarkAI is a newer application that has not yet completed Google's formal verification process.
• Google's app verification review is currently in progress.
• All apps that request sensitive Gmail scopes display this screen before verification is complete, regardless of their actual security posture.

You can safely proceed past the warning. Our OAuth implementation follows Google's recommended security practices, and our use of Gmail data adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google API Compliance

MarkAI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not:

• Use Gmail data to serve advertisements
• Use Gmail data to train or improve AI models
• Share Gmail data with any third party except Anthropic, solely for reply generation
• Transfer Gmail data for any purpose unrelated to the MarkAI service

Contact

If you have a security concern, discovered a vulnerability, or have questions about how your data is handled, please contact us directly:

Email: [email protected]
Website: markhelp.me