← Back to Skub
Privacy Policy
Last updated: 17 April 2026
Who we are
Skub is operated by Provenance Tags ApS, Denmark. Skub is an AI assistant that watches your email inbox and sends you tap-to-act notifications when a message needs your decision. Throughout this policy "Skub", "we", or "us" means Provenance Tags ApS.
Plain-English summary: When you connect a mailbox, Skub reads your incoming email so it can decide what's worth alerting you about and summarize it for you. Email content is used only to serve you — never to train public AI models, never shared with advertisers, never sold.
Skub currently supports Gmail. Outlook and IMAP are on the roadmap. Provider-specific details below call out Gmail where relevant for Google's API User Data Policy.
What data we collect
Account data
- Email address and display name — used to identify your Skub account. You sign in with a passkey; mail-provider identity (e.g. Google profile) is used when you connect a mailbox.
- OAuth tokens for each connected mailbox — encrypted at rest, used only to access that mailbox on your behalf.
- Telegram chat ID — if you link Telegram, so we know where to send notifications.
- Stripe customer ID — if you subscribe to a paid plan.
Gmail data (accessed via Google's Gmail API)
- Email metadata (sender, subject, date, labels) — read to decide which emails matter and to dedupe notifications.
- Email snippets and bodies — read so Skub can summarize, classify, and generate suggested replies.
- Labels — read to respect existing organization; added/removed when you tap "Move" or "Ignore".
- Sent messages — created on your behalf when you tap "Reply" or "Forward" and choose content.
Skub does not access attachments, draft messages, contacts, calendars, or any Google data outside Gmail.
Derived data
- Sender state (VIP / Known / Ignored / Blocked) — inferred from your taps, used to decide future notifications.
- Preference notes — natural-language summaries of your habits (e.g. "user replies quickly to Lars"), stored as text and vector embeddings in our database to help Skub learn.
- Activity history — which emails Skub notified you about, and which buttons you tapped.
How we use your data
- Deliver the service — read your connected mailboxes, send notifications, execute your taps (reply / archive / move / ignore / forward).
- Personalize — learn from your taps so future notifications get more useful. Your learning data is used only for your own Skub agent; it never influences another user's experience.
- Send transactional messages — e.g. a message to the Telegram admin chat when you join the waitlist, or an email if something about your account requires attention.
- Billing — process subscriptions through Stripe if you upgrade.
AI processing
To decide what matters and generate summaries, Skub sends email content to Anthropic's Claude model via OpenRouter. Content is sent only to process one request at a time — it is not used to train Claude or any other model, per Anthropic's API terms. No other AI or analytics service receives your email content.
How data is stored and secured
- All data is stored on servers in Amsterdam (EU), hosted by Fly.io.
- OAuth tokens for connected mailboxes are encrypted at rest with a server-side key; only Skub's backend can decrypt them to call the mail provider's API on your behalf.
- Connections between you, Skub, Google, Telegram, Anthropic, and Stripe use TLS/HTTPS.
- Access to production systems is restricted to Provenance Tags staff.
Who we share data with
We share the minimum necessary data with these processors, and only to deliver the service to you:
- Google — Gmail API calls on your behalf (read/modify/send).
- Telegram — to deliver notifications and receive your button taps.
- Anthropic (via OpenRouter) — to classify and summarize email content.
- Stripe — billing if you subscribe; Stripe handles payment details; we never see your card number.
- Fly.io — our hosting provider; processes data only at our direction.
We do not sell, rent, or share your data for advertising. We do not use your email content to train AI models. We do not aggregate your mail data with other users'.
Limited-use disclosure
Skub's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Data retention and deletion
- Active accounts — we retain account data, mail metadata, and activity history while your account is active.
- Email bodies — not persisted after a notification is processed; only short summaries are stored.
- Account deletion — submit a deletion request using the form below, or disconnect individual mailboxes from Skub's Settings → Mailboxes. We delete all your data (account, tokens, preferences, skubs, action history) within 48 hours. Deletion is permanent.
- For Gmail accounts, you can also revoke Skub's access at any time at myaccount.google.com/connections.
Your rights (GDPR / UK GDPR)
You have the right to: access a copy of your data, correct inaccuracies, delete your data, object to processing, and export your data. Submit a request using the form below. We respond within 30 days — usually faster.
Cookies and tracking
Skub uses a single first-party session cookie on skub.me and app.skub.me to keep you logged in. No analytics, no tracking pixels, no third-party advertising cookies.
Children
Skub is not directed to children under 16 and we do not knowingly collect data from them. If you believe we have, submit a deletion request and we'll remove it.
Changes to this policy
If we materially change how we handle data, we'll notify active users by email before the change takes effect.
Contact
Questions, deletion requests, or concerns: use the request form above (pick "Other" if it's not a data request).
Provenance Tags ApS · Denmark