Privacy Policy

This Privacy Policy describes how Ashari Cloud ("we," "us," or "our"), a service operated by Ashari Tech, collects, uses, stores, and protects your information when you use the Ashari Cloud platform at ashari.cloud (the "Service").

Ashari Cloud is an AI-powered email management platform that connects to your Gmail account to analyze, categorize, and prioritize your emails using artificial intelligence.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

2.1 Account Information

When you sign up, you authenticate through our centralized identity provider at ashari.tech. We collect and store:

• Your name and email address (from your identity provider profile)
• A unique user identifier
• Account creation and last login timestamps

2.2 Google Account Data

When you connect your Google account, we request the following OAuth 2.0 scopes:

• gmail.readonly — Read-only access to your Gmail messages and metadata. We do not modify, send, or delete any emails.
• userinfo.email — Your Google account email address, used to identify your connected account.
• userinfo.profile — Your Google profile name and avatar, used for display purposes within the dashboard.

2.3 Email Content

Email content (subject lines, body text, sender information, metadata) is fetched on-demand from Google's servers when you access the Service. Email content is processed in real-time for AI analysis and is not stored on our servers. Processed analysis results (summaries, categories, priority scores) are stored in association with email message identifiers only.

2.4 Usage Data

We may collect basic usage information such as feature usage patterns, timestamps of interactions, and error logs to maintain and improve the Service.

3.1 How We Use Google API Data

Data obtained through Google APIs is used exclusively to provide the core features of Ashari Cloud:

• Email analysis: Your Gmail messages are read (via gmail.readonly) and processed by Gemini 2.5 Flash AI to generate summaries, priority scores, categories, action items, and risk assessments.
• Profile display: Your Google profile information (name, email, avatar) is displayed within the application dashboard for account identification.
• Email fetching: Email content is fetched on-demand from Gmail and processed in real-time. Raw email content is not persisted on our servers.

3.2 How We Protect Google API Data

• OAuth tokens (access and refresh tokens) are encrypted using AES-256-GCM before storage. Tokens are never stored in plaintext.
• Email content is transmitted over encrypted connections (TLS) and processed in memory. Raw email data is not written to persistent storage.
• Email processing tasks are queued through AWS SQS with encrypted transport. Message payloads contain email identifiers only, not email content.

3.3 Google API Services Limited Use Disclosure

Specifically, Ashari Cloud:

• Only uses Google API data to provide and improve user-facing features that are prominent in the application's user interface.
• Does not transfer Google API data to third parties unless necessary to provide or improve user-facing features, as required by law, or as part of a merger, acquisition, or asset sale with prior notice to users.
• Does not use Google API data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
• Does not allow humans to read Google API data unless: (a) we have obtained the user's affirmative agreement, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) the data (including derivations) is aggregated and anonymized and used for internal operations.

3.4 Google Token Retention and Revocation

Google OAuth tokens are retained only while your Google account remains connected to Ashari Cloud. When you disconnect your Google account:

• All stored OAuth tokens (access and refresh tokens) are permanently deleted from our database.
• Associated AI analysis results linked to your email data are deleted.
• This action is immediate and irreversible.

You may also revoke Ashari Cloud's access to your Google account at any time by visiting your Google Account Permissions page.

We use your information to:

• Authenticate you and maintain your account session
• Fetch and display your Gmail messages within the Ashari Cloud dashboard
• Analyze email content using AI to provide summaries, priority scores, categorization, and action items
• Queue email processing tasks for background AI analysis
• Maintain and improve the reliability and performance of the Service
• Respond to your support requests

5.1 Where Data Is Stored

User account data and encrypted OAuth tokens are stored in MongoDB databases. Email processing queues use AWS SQS. All infrastructure is managed by Ashari Tech.

5.2 Security Measures

• OAuth tokens encrypted with AES-256-GCM before database storage
• Authentication managed through centralized OAuth 2.0 identity provider with JWT tokens
• Session tokens stored in HTTP-only cookies, inaccessible to client-side JavaScript
• All data transmitted over TLS-encrypted connections
• Email content processed in memory and not persisted to disk

5.3 Data Retention

• Account data: Retained while your account is active. Deleted upon account deletion request.
• Google OAuth tokens: Deleted immediately when you disconnect your Google account or delete your Ashari Cloud account.
• AI analysis results: Retained while your Google account is connected. Deleted when you disconnect or delete your account.
• Email content: Not stored. Fetched on-demand and processed in real-time only.

Ashari Cloud integrates with the following third-party services to provide its functionality:

• Google APIs: For Gmail access and user profile information, governed by Google's Privacy Policy.
• Google Gemini (AI): For email content analysis. Email content is sent to Google's Gemini API for processing. Refer to Google Gemini API Terms for details.
• Ashari Tech Identity Provider: For authentication. Governed by Ashari Tech's Privacy Policy.

We do not sell, rent, or trade your personal data to any third party. Data is shared with third-party services only as described above to provide the Service's core functionality.

7.1 General Rights

You have the right to:

• Access your personal data stored by Ashari Cloud
• Correct inaccurate personal data
• Delete your account and all associated data
• Disconnect your Google account at any time, which immediately deletes all Google-related data
• Revoke Google API access via Google Account Permissions
• Export your data in a portable format upon request

7.2 Indonesian Data Protection Rights (UU PDP)

In accordance with Indonesian Law No. 27 of 2022 on Personal Data Protection (Undang-Undang Pelindungan Data Pribadi), you are entitled to:

• Obtain information about the clarity of identity, legal basis, purpose, and use of your personal data
• Withdraw consent for processing of your personal data
• Request deletion of your personal data
• Request restriction of processing of your personal data
• Object to automated decision-making that produces legal effects
• Lodge a complaint with the relevant supervisory authority

To exercise any of these rights, contact our Data Protection Officer at [email protected].

The Service is not directed at individuals under the age of 17. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will promptly delete the data.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes that affect how we handle your Google API data, we will provide notice through the Service before the changes take effect.

Continued use of the Service after changes constitutes acceptance of the updated policy.

For questions, concerns, or requests regarding this Privacy Policy or your personal data: