Personal Assistant Agent is a private, single-owner tool operated by Jeff Jafari for his own personal use. It is not a commercial product, has no other users, and is not offered to the public. Access is limited to the following Google accounts:
asjn3e@gmail.comjeff@origyn.chjeff.jafari@bity.comSign-in attempts from any other Google account are rejected and no data is read, stored, or processed for them.
When the owner connects one of the accounts above via Google OAuth, the application requests these scopes:
https://www.googleapis.com/auth/gmail.readonly — read-only access to Gmail messages and metadata for the connected account.https://www.googleapis.com/auth/userinfo.email — the email address of the signed-in account, used to confirm identity and route data to the correct mailbox record.openid, profile, email — used only by the web dashboard's sign-in flow to identify the owner.The application does not request write, send, or delete permissions on Gmail and cannot modify any message in the user's mailbox.
The data is used only to support the owner's personal workflows:
Data is not sold, shared, advertised against, or disclosed to any third party. It is not used to train any machine-learning model. It is not made available to any person other than the owner.
Email content fetched from Gmail is stored locally in a private SQLite database on a single virtual private server controlled by the owner. The database file is not publicly reachable. OAuth refresh tokens are stored in the same database, encrypted at rest. Backups, when taken, remain on storage controlled by the owner.
Some email content is sent to Anthropic's Claude API for short, on-the-fly classification and parsing tasks (for example, deciding whether a message is a bank-transaction alert). Anthropic's data-handling terms apply to those requests; no email content is retained by Anthropic for training. No content is sent to any other external service.
Email records are retained as long as they are useful to the owner's personal workflows. The owner can delete the underlying database at any time, which removes all stored email content and all OAuth tokens. The owner can also revoke this application's access at https://myaccount.google.com/permissions, which immediately invalidates the stored refresh tokens.
The web dashboard is served over HTTPS via Let's Encrypt. The only sign-in method is Google OAuth restricted to the three accounts listed above. There is no public sign-up. There are no other end users to whose data this notice could apply.
This application is not directed to children and is not used by any person other than the owner.
Because the application has no users other than the owner, changes to this policy are made by editing this page. The "Last updated" date at the top of the page reflects the most recent change.
Questions about this policy can be sent to asjn3e@gmail.com.