Privacy Policy

Last updated: April 2026

Overview

StraEO (“we”, “us”, “our”) is a business intelligence platform for SME leaders. This policy explains what data we collect, how we use it, how we protect it, and your rights as a user.

StraEO is designed for use with Google Workspace accounts (business or organisation accounts). Consumer Gmail accounts are not supported for the digest integrations.

By using StraEO, you agree to this policy. If you don't agree, please don't use the service.

Information we collect

Account information

When you create an account we collect your name, work email address, and the name of your business. This is used to identify your account and personalise the product.

Google Workspace data (Gmail and Google Chat)

StraEO offers optional integrations with Gmail and Google Chat for users with Google Workspace accounts. These integrations are entirely optional — StraEO works without them. If you choose to connect, we request read-only access to:

  • Gmail (gmail.readonly): your email messages from the past 7 days — subject lines, sender addresses, message bodies, and timestamps. This is used solely to generate your personal weekly digest.
  • Google Chat (chat.spaces.readonly, chat.messages.readonly): messages and spaces you are a member of, from the past 7 days — sender names, message text, and timestamps. This is used solely to include your Chat collaboration activity in your weekly digest.
  • Google account profile (userinfo.email, userinfo.profile): your email address and display name, to identify which Workspace account is connected.
  • Google Contacts (contacts.readonly): contact display names, used to resolve sender names when presenting your communication patterns in the digest.

What we store from Google Workspace data

Raw email and Chat data (message bodies, sender details, timestamps) is fetched from Google, held in memory during digest generation, and then discarded. It is never written to our database.

What is stored is the AI-generated digest itself — the written narrative, trend summaries, and insights that Claude produces from your data. This is what you see when you open a past digest in the app. It reads like a personal briefing, not a message log, and does not directly expose the content of individual emails or Chat messages.

Your OAuth access tokens are stored encrypted and are used only to fetch your data at digest generation time.

StraEO's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for any purpose other than generating your personal weekly digest. We do not use it to serve advertising, build profiles, or for any secondary purpose.

Usage data

We collect anonymised usage data (pages visited, features used, session duration) to understand how people use StraEO and improve the product. This data is not linked to your identity.

How we use your information

  • To provide and operate the StraEO platform
  • To generate your weekly digest from connected Workspace data sources
  • To store your past digests so you can review them in the app
  • To communicate with you about your account and product updates you have opted into
  • To improve the product based on anonymised usage patterns
  • To respond to support requests

We do not use your Google Workspace data to serve advertising. We do not sell, rent, or share your personal data or Google account data with third parties, except as described in the Data Sharing section below.

Data sharing

We do not sell your data. We share data only with the following categories of service providers, each acting under a data processing agreement and not permitted to use your data for their own purposes:

  • Hosting and infrastructure: Vercel (application hosting) and Neon (database storage) process your data on our behalf.
  • Email delivery: Resend delivers your weekly digest email. The digest content is passed to Resend for sending and is not retained by them beyond delivery.
  • AI processing: to generate your digest, structured summaries of your email and Chat activity are sent to Anthropic's Claude API. Anthropic processes this data solely to generate the digest and does not use it to train models. We send the minimum data needed — quoted reply histories are stripped before sending, and content is structured and summarised rather than forwarded in bulk.
  • Legal requirements: we may disclose data if required by law or to protect the rights and safety of StraEO or our users.

Data retention

We retain your account data for as long as your account is active. Past digests are retained so you can view them in the app; you can delete individual digests or your entire account at any time.

If you delete your account, we delete your personal data and digest history within 30 days.

Google OAuth tokens (access and refresh tokens) are deleted immediately when you disconnect Gmail or Google Chat via Settings → Digest Settings, or when you delete your account.

Data security

All data is encrypted in transit using TLS. Google OAuth tokens are stored encrypted at rest using AES-256 and are never exposed in logs, API responses, or error messages. We follow industry-standard security practices and review our security measures regularly.

Your rights and controls

You can, at any time:

  • Disconnect Gmail or Google Chat from StraEO via Settings → Digest Settings. This immediately revokes our access and stops further data collection from that source.
  • Revoke access directly with Google by visiting Google Account Permissions and removing StraEO. This works independently of StraEO.
  • Request a copy of your data — email hello@straeo.com and we will provide an export within 30 days.
  • Delete your account and data — email hello@straeo.com and we will delete everything within 30 days.

If you are in the European Economic Area, you have additional rights under GDPR: access, rectification, erasure, portability, restriction of processing, and the right to object. Contact us at hello@straeo.com to exercise any of these rights.

Cookies

We use cookies to maintain your login session and to store temporary OAuth state during the Google connection flow (a short-lived CSRF token). We do not use advertising cookies or cross-site tracking cookies.

Children

StraEO is a business tool not directed at children under 16. We do not knowingly collect personal data from children. Contact us at hello@straeo.com if you believe a child has provided us with personal data.

Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or in-app notification at least 14 days before they take effect. The “last updated” date at the top reflects the most recent revision.

Contact

Questions about this policy or how we handle your data? Email us at hello@straeo.com.

StraEO is operated by Bunnett Tech Ltd, New Zealand.