Privacy Policy

Last updated: May 25, 2026

Skyfin ("we", "us", or "our") values your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when providing the Gmail Services Middleware ("the Service"). Please read this policy carefully before using the Service.

1. Information We Collect

1.1 Account Authorization Information

When you authorize Gmail access through the Service, we collect:

• Google OAuth credentials (access_token, refresh_token)
• Gmail account address (emailAddress)
• Gmail history identifier (historyId)

Important: The Service adopts a stateless architecture. The above authorization information is not permanently stored on our servers; instead, it is returned to the caller (your business system) via API responses for your secure storage.

1.2 Email Data

When you use email sending or inbox checking features, we may temporarily process:

• Email recipient, CC, and BCC addresses
• Email subject and body content
• Email metadata (message_id, thread_id, label_id)

This data is processed solely based on your active requests. We do not actively scan, analyze, or retain your email content.

1.3 Usage Logs

To ensure service stability and security, we may record the following operation logs:

• API request timestamps, endpoints, and methods
• Error codes and exception messages (without email content)
• Proxy network identifier (proxy_id)

2. How We Use Information

The information we collect is used solely for the following purposes:

1. Providing the Service: Executing requested operations such as email sending and inbox checking
2. Authentication: Verifying your API access rights and Gmail authorization status
3. Rate Limiting: Enforcing daily and hourly sending quotas to prevent abuse
4. Troubleshooting: Diagnosing and fixing service anomalies
5. Security: Detecting and preventing unauthorized access

3. Information Sharing and Disclosure

We do not sell, rent, or otherwise provide your personal information to third parties for marketing purposes.

We may disclose your information only in the following circumstances:

• With your explicit consent
• As required by applicable laws or in response to lawful requests from law enforcement
• When necessary to protect our or others' legitimate rights and interests

4. Data Security

We take the following measures to protect your data:

• All API communications are encrypted via HTTPS/TLS
• API access is authenticated using secret keys (X-API-Key)
• OAuth state parameters are HMAC-signed with timestamps to prevent tampering
• The Service does not store persistent data, reducing data breach risks

5. Third-Party Services

The Service relies on the following third-party services:

• Google Gmail API: Used for email sending and inbox management, subject to Google's Privacy Policy
• Proxy network providers: If a proxy pool is configured, network traffic may pass through third-party proxy nodes

6. Your Rights

You have the following rights:

• Revoke your Google account's authorization access to the Service at any time
• Request deletion of any log data we hold
• Learn about the types of data we process about you

7. Policy Updates

We may update this Privacy Policy from time to time. Any material changes will be notified through service responses or relevant channels. Continued use of the Service constitutes acceptance of the revised policy.

8. Contact Us

If you have any questions or suggestions regarding this Privacy Policy, please contact us:

Email: privacy@szskyfin.com

← Back to Home