Privacy Policy

Last updated: February 2025

SCRUB ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

• Email address
• Name (optional)
• Phone number (for WhatsApp notifications)
• Password (stored securely using bcrypt hashing)

1.2 Email Data

With your explicit consent, we access your Gmail account using read-only OAuth 2.0 permissions to:

• Retrieve email metadata (sender, subject, date)
• Read email content for categorization
• Extract transaction and receipt information

Important: We use read-only access and cannot modify, delete, or send emails on your behalf.

1.3 Usage Data

We automatically collect:

• Device information (type, operating system)
• App usage patterns and feature interactions
• Error logs and crash reports

2. How We Use Your Information

We use your information to:

• Provide email categorization and management services
• Send WhatsApp notifications for important emails
• Generate spending insights and summaries
• Improve our AI categorization algorithms
• Send service-related communications
• Ensure security and prevent fraud

3. Data Storage and Security

Your data security is our priority:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• OAuth tokens are stored securely and never shared
• We use industry-standard security practices
• Regular security audits are conducted
• Data is stored in secure cloud infrastructure

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Third parties that help us operate our services (e.g., cloud hosting, analytics)
• WhatsApp/Twilio: To deliver notifications to your phone
• Legal Requirements: When required by law or to protect our rights

5. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account and data
• Revoke Access: Disconnect your Gmail account at any time
• Opt-out: Disable WhatsApp notifications

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• Personal data is deleted within 30 days
• Email data is immediately removed
• OAuth tokens are revoked
• Anonymized analytics may be retained

7. Third-Party Services

Our app integrates with:

• Google Gmail API: For email access (governed by Google's privacy policy)
• WhatsApp Business API: For notifications
• OpenAI: For AI-powered email categorization

8. Children's Privacy

SCRUB is not intended for users under 13 years of age. We do not knowingly collect information from children.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification.

11. Contact Us

If you have questions about this Privacy Policy or our practices:

• Email: privacy@scrubaiapp.com
• Support: support@scrubaiapp.com

12. Google API Services User Data Policy

SCRUB's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.