What data we access

Regent connects to your email account via two independent secure pathways to ensure redundancy and service reliability.

Direct Gmail Integration

When you connect your Gmail account, Regent uses Google's OAuth 2.0 protocol to read your inbox with your explicit permission. You grant access — we never see or store your Google password.

• Email subject lines and body text — read in real time to generate summaries and draft replies
• Sender and recipient information — used to identify contacts and track follow-ups
• Message timestamps and thread structure — used to detect deadlines and unanswered conversations
• Attachment metadata (filenames, sizes) — scanned to extract tasks and deadlines, then immediately discarded

Unipile Unified Email Layer

Regent also connects through Unipile, a third-party email abstraction layer, to normalize email data across multiple providers and improve service resilience. Unipile receives the same scope of email data as our direct Gmail connection.

• Email messages are processed through Unipile's infrastructure
• Unipile normalizes email format and structure for consistent processing
• Unipile does not store your messages beyond real-time processing
• Unipile is subject to its own privacy terms (see Section 5)

What we store — and what we don't

We are explicit about data retention because this is where trust lives.

Email content: Never stored

Your emails are processed in memory in real time. Once analysis is complete, all email body text, attachment content, and full message threads are permanently discarded. We do not store archives of your email.

Task summaries: Briefly retained

The only persistent data we retain is a lightweight task summary — for example: "Follow up with Sarah Kim — no reply in 4 days." These summaries contain no email body text, no sensitive client information, no attachment content, and no message history.

• Contact name (if present)
• Action item (what needs to be done)
• Deadline or context (if applicable)

Retention windows

Encryption & infrastructure security

In transit

• TLS 1.3 — All data between your device and Regent servers
• TLS 1.3 — All data between Regent and Google (Gmail API)
• TLS 1.3 — All data between Regent and Unipile
• TLS 1.3 — All data between Regent and Google Gemini API

At rest

• AES-256-GCM encryption — Your OAuth credentials and API tokens are encrypted at rest
• Credentials never logged — Tokens do not appear in application logs or error reports
• Google Cloud Platform — Infrastructure-level encryption at rest (default GCP KMS)
• SOC 2 Type II certified — GCP meets rigorous compliance and security standards

Database access

• Database not publicly accessible — isolated to private VPC
• Access logs enabled — all database access is audited
• IP whitelisting — only authorized Regent infrastructure can connect

Sending emails — always explicit approval

Regent will never send an email on your behalf without your direct, explicit approval. No exceptions.

The approval workflow

• Regent analyzes your email and drafts a reply based on conversation context and your communication style
• The draft is presented to you for review — you can edit, reject, or approve it
• Only when you tap "Send" does Regent transmit the email via Gmail

No auto-send, no background sends

There are no scheduled sends, delayed sends, or automatic transmissions of any kind. Every email requires your explicit tap or click before leaving your account.

Third-party services & data processors

Regent relies on third-party services to operate. Here is exactly what each one does and what data it accesses:

• Google OAuth 2.0 — Authentication and email access. You grant explicit permission via Google's consent screen. Google handles your credentials; we never see your password.
• Gmail API — Direct access to your inbox for real-time email reading. Read-only by default; write access only on explicit approval.
• Unipile — Email abstraction layer that normalizes email data across providers. Processes email content in real time; does not store messages beyond processing window. Regent has a Data Processing Agreement with Unipile.
• Google Gemini API (paid tier) — Powers real-time email summarization and draft generation. Your data is not used to train Google's AI models.
• ElevenLabs — Voice agent for in-app dictation and voice replies. Voice input is processed in real time. Regent has a Data Processing Agreement with ElevenLabs.
• Google Cloud Platform — Infrastructure hosting. Task summaries, user accounts, and system logs stored on GCP. SOC 2 Type II certified. All data encrypted at rest via GCP KMS.

Your rights & how to exercise them

• Access — Request a summary of all data Regent holds about you, including task summaries, account metadata, and activity logs.
• Deletion — Delete your account and all associated data at any time. Deletion is permanent and processed within 30 days.
• Revocation — Revoke Regent's Gmail access at any time through your Google Account settings. All processing stops immediately; cached data purged within 24 hours.
• Correction — Request correction or removal of any stored task summary, contact information, or user profile data.
• Portability — Request your data in a portable, machine-readable format (CSV or JSON) within 30 days of request.

How to submit a request

Include your request type (access, deletion, revocation, correction, or portability) and your email address or account ID. We respond within 5 business days.

Legal jurisdiction

If you are located in Canada, your rights are protected under PIPEDA (Personal Information Protection and Electronic Documents Act) and applicable provincial privacy laws. If you are located in the European Union or EEA, your rights are protected under the GDPR. We comply with all applicable requirements including consent, accuracy, security, and individual access rights.

Beta disclaimer & liability

Beta status

Regent is currently in beta. The product is provided as-is without warranties. While we work hard to protect your data and provide reliable service, we make no guarantees about uninterrupted or error-free service, complete protection against data breaches, or recovery of data in case of catastrophic failure. By using Regent during beta, you acknowledge the product is under active development and accept the inherent risks of beta software.

Limitations of liability

To the fullest extent permitted by law, Regent is not liable for indirect, incidental, or consequential damages arising from use of the service, data loss or corruption due to user error or third-party service outages, or lost revenue, lost data, or business interruption. Our maximum aggregate liability for any claim shall not exceed the subscription fees paid by you in the 12 months prior to the claim.

No warranty against breaches

While we implement industry-standard security measures, no service is immune to breaches. If a breach occurs, we will notify affected users within 72 hours and cooperate with regulatory authorities as required by law.

Changes to this policy

We may update this privacy policy as our product evolves. Material changes will be communicated to you by email at least 14 days before taking effect. Material changes include: new third-party services that process your data, changes to data retention policies, new uses of your data, or changes to encryption or security practices. You can delete your account at any time if you do not agree.

Policy history

• May 2026 — Added Unipile integration details, expanded third-party processor language, added data retention table, enhanced encryption details, added jurisdiction/compliance notes.
• January 2026 — Initial privacy policy (Gmail direct integration).

Contact

privacy@regentapp.ca · regentapp.ca · We respond to privacy requests within 5 business days.

© 2026 Regent. A Canadian software company based in Toronto, Ontario. This policy is governed by the laws of Ontario, Canada, and PIPEDA.