Privacy Policy

Last updated: July 2, 2026

Overview

Reinterface ("we", "us") provides a hosted developer platform for Google Workspace integrations. This policy describes what information we collect, how we use it, and the choices available to you.

Authentication

Account sign-in is handled by Supabase Authentication. When you create an account, we store your email address, profile information, and authentication credentials through Supabase. You may sign in with email and password or Google Sign In via Supabase.

Google OAuth and connected accounts

When you connect a Google account through Reinterface, you authorize access to the following Google OAuth scopes. We request only the scopes the product actually uses, and each one exists for a specific feature:

  • openid, email, profile — identifies which Google account you connected (address, name, picture) so it can be shown in your dashboard.
  • gmail.send — sends email from your connected address only when you (or your application) explicitly trigger a send.
  • gmail.readonly — locates specific messages (by Message-ID or subject) and reads their headers, labels, and authentication results to report inbox/spam placement and SPF/DKIM/DMARC outcomes. We do not read your mailbox beyond these lookups.
  • calendar.events — lists, creates, and deletes calendar events when you use the Calendar features.
  • calendar.readonly — lists your calendars so you can choose which one to work with.

Reinterface stores OAuth tokens encrypted on our backend using AES-256-GCM encryption. Google access and refresh tokens are never exposed to the frontend or returned in API responses.

You can disconnect a Google account at any time from the dashboard. Disconnecting revokes Reinterface's access with Google and removes the encrypted tokens from our database. You can also revoke Reinterface's access directly from your Google account permissions page.

Limited Use of Google user data

Reinterface's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

  • We only use Google user data to provide and improve the features described on this page. We do not use it for advertising of any kind.
  • We do not sell Google user data, and we do not transfer it to third parties except as needed to provide the service (for example our database hosting), to comply with the law, or as part of a merger or acquisition with prior notice to you.
  • No humans read your Gmail data unless you give us explicit permission (for example a support request), it is required for security or abuse investigation, or we are required to by law.

Data we store

  • Account profile information (email, name, avatar)
  • Organization and application metadata
  • Connected Google account metadata (email, name, picture, granted scopes, connection status)
  • Encrypted Google OAuth tokens (backend only, not exposed via API)
  • Message metadata from deliverability checks (subject, sender, recipient, date, folder placement, authentication results, and raw headers)

We do not store the bodies or attachments of your emails. Gmail reads are limited to headers, labels, and authentication results of the specific messages you look up, and calendar data is fetched on demand rather than stored.

How we use your data

We use your information to provide the Reinterface platform, authenticate your sessions, manage Google account connections on your behalf, and improve the service. We do not sell your personal data.

Third-party services

Reinterface relies on Supabase for authentication and database hosting, Google for OAuth and Workspace API access, and separate infrastructure for our backend API. Each provider processes data according to their own privacy policies.

Data retention and security

We retain account and connection data while your account is active. OAuth tokens are deleted when you disconnect a Google account. We use industry-standard measures including encrypted token storage and authenticated API access to protect your data.

Your rights

You can disconnect Google accounts and sign out of the dashboard at any time; disconnecting revokes our access with Google and deletes the stored tokens for that account. You may also request access to or deletion of your account data (including any stored Google user data) by contacting us — we honor deletion requests within 30 days.

Contact

For privacy questions or requests, contact us at privacy@reinterface.com.