Legal

Privacy Policy

Last updated: July 1, 2026

1. Who we are

MorningBrief is an AI-powered email digest service operated by Edoardo Geiss ("we", "us", "our"). We can be contacted at edoardo.create@gmail.com.

This Privacy Policy explains what personal data MorningBrief collects, how we use it, who we share it with, and what rights you have.

2. Data we collect

2.1 Account data

When you sign in with Google, we receive and store your Google account ID, email address, and display name. This is used solely to identify your account and address your digest emails to you.

2.2 Gmail access

We request read-only access to your Gmail account via Google OAuth 2.0. This permission allows us to read the content of emails in your inbox to generate your daily digest.

We do not and cannot send, reply to, delete, label, or modify any email in your inbox. This is technically enforced by the scope of the OAuth permission we request (https://www.googleapis.com/auth/gmail.readonly).

Email content is never stored. Emails are fetched from Gmail, sent to Claude (Anthropic's AI) for summarisation, and then immediately discarded. We retain only the generated digest text — not the original emails, not their content, not sender details beyond what appears in the digest.

2.3 OAuth tokens

Google issues us an access token and refresh token when you authorise the app. These tokens are encrypted and stored securely in our database (Firebase, operated by Google). They are never logged, never exposed in API responses, and are used exclusively to fetch your emails for digest generation.

2.4 Digest history

We store the generated digest text for the last 20 digests per user. This lets you view your digest history in the dashboard. You can delete your account at any time to remove all saved digests.

2.5 Account preferences

We store your subscription plan (Basic or Pro), preferred digest delivery time (Pro only), email consent preference, and weekly usage counts. These are used to operate the service.

2.6 Payment data

Payments are processed by Stripe. We do not receive or store your credit card number, billing address, or any other payment details. Stripe handles all payment data under their own privacy policy.

3. How we use your data

We use the data we collect to:

  • Authenticate you and maintain your session
  • Fetch your Gmail emails to generate your daily digest
  • Send your digest to your email address (if you have opted in)
  • Display your digest history and account information in the dashboard
  • Track weekly usage limits for your subscription plan
  • Process your subscription via Stripe

We do not use your data for advertising, analytics resale, or to train AI models.

MorningBrief's use and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. How we share your data

We share your data only with the following third-party services that are necessary to operate MorningBrief:

ProviderPurposeData shared
Anthropic (Claude)AI digest generationEmail content (not stored by Anthropic; see their API privacy policy)
Google FirebaseDatabase hostingAccount ID, OAuth tokens, digest history, preferences
SendGrid (Twilio)Email deliveryYour email address and digest content
StripePayment processingYour email address; payment data is handled directly by Stripe
VercelApplication hostingStandard web server logs (IP, user agent, request path)

We do not sell, rent, or share your data with any other party. We do not use your data for advertising purposes.

5. Gmail data — additional disclosures

Because MorningBrief accesses Gmail data, we are required to make the following explicit disclosures:

  • MorningBrief's use of Gmail data is limited to the purpose of generating your email digest — no other purpose.
  • Gmail data (email content) is processed transiently by Anthropic's Claude API and is not retained by Anthropic under their API usage terms.
  • Gmail data is not used or transferred for serving advertising.
  • Gmail data is not used or transferred for determining creditworthiness or for lending purposes.
  • Humans at MorningBrief do not read your email content. Processing is automated and handled entirely by the Claude API.

6. Data retention

We retain your data for as long as your account is active. Specifically:

  • Email content: Never retained. Processed transiently and discarded immediately after digest generation.
  • OAuth tokens: Retained until you disconnect your account or revoke access via Google.
  • Digest history: Last 20 digests are retained. Older digests are overwritten automatically.
  • Account data: Retained until you request account deletion.

On account deletion, all your data (tokens, preferences, digest history) is permanently deleted within 24 hours.

7. Your rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Request deletion of your account and all associated data.
  • Portability: Request your digest history in a machine-readable format.
  • Objection: Object to processing of your data at any time.
  • Revoke Gmail access: You can revoke MorningBrief's access to your Gmail at any time via Google Account Permissions. This immediately prevents any further email access.

To exercise any of these rights, email us at edoardo.create@gmail.com. We will respond within 30 days.

If you are located in the European Union, you also have the right to lodge a complaint with your national data protection authority.

8. Security

We take reasonable technical and organisational measures to protect your data, including:

  • OAuth tokens are encrypted at rest in Firebase
  • All data is transmitted over HTTPS
  • API endpoints are protected with authentication checks
  • We do not log email content or OAuth tokens

No system is 100% secure. If you become aware of a security vulnerability, please notify us at edoardo.create@gmail.com.

9. Cookies

MorningBrief uses only functional cookies necessary to operate the service:

  • userId (httpOnly, session): Your authenticated user ID for server-side requests.
  • userIdClient (session): A client-readable copy used to identify you in the dashboard.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies.

10. Children

MorningBrief is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email. Continued use of MorningBrief after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests, contact us at:

MorningBrief
Operated by Edoardo Geiss
Email: edoardo.create@gmail.com
Terms of Service →Back to MorningBrief