offduty

Privacy Policy

Last updated: May 19, 2026

1. Introduction

DiscoveryCo (“we”, “our”, or “us”) operates offduty (“offduty”, “the Service”), accessible at offduty.me. This Privacy Policy describes how we collect, use, and protect your personal information when you use our Service.

By using offduty, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information we collect

Account information. When you sign in with Google, we receive your name, email address, and profile picture as provided by Google OAuth. We store this to identify your account.

Gmail API access. Offduty uses the Gmail API (via OAuth 2.0) to manage labels on your Gmail messages. Specifically, we access your Gmail account to: (a) create and manage a private label used to hold emails, (b) apply and remove that label from incoming messages to control inbox delivery, and (c) read message metadata (sender, subject, and a short preview snippet) to check whether an incoming message matches your VIP rules. We do not store the content of your emails. When checking VIP keyword rules, we briefly read a short preview (snippet) of incoming messages in memory only; this is never written to our database or servers. We do not read or access the full body or attachments of your emails under any circumstances.

Usage data. We collect activity logs associated with your account, such as the time and count of each email batch delivery, to power your dashboard. We may also collect anonymised product analytics (page views, feature usage) to improve the Service.

Payment information. Payments are processed by Stripe. We do not store your payment card details. We receive a tokenised reference from Stripe for billing purposes.

3. How we use your information

  • To provide the email batching and delivery service
  • To manage your account and subscription
  • To send transactional emails (account, billing, security notices)
  • To improve the Service through aggregate, anonymised analytics
  • To comply with legal obligations

We do not sell your personal information. We do not use your Gmail data for advertising purposes.

4. Google API and Gmail data

Offduty's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Our access to your Google account and Gmail data is used exclusively to operate the email batching features described in this policy.

Specifically, data obtained through Gmail API access is:

  • Used only to provide and improve offduty features requested by the user
  • Not transferred to third parties except as necessary to operate the Service
  • Not used for advertising or to train AI or machine learning models
  • Not stored beyond what is necessary for label management. Email content and snippets are processed in memory only and never written to our database

You may revoke offduty's access to your Google account at any time in two ways: (a) by removing an inbox or deleting your account from within the offduty app, which immediately revokes our OAuth token and removes offduty from your connected Google apps, or (b) directly via Google Account Permissions. Either method will immediately stop all email batching activity for that account.

5. Data sharing and third parties

We share your data with the following third-party services necessary to operate offduty:

  • Google (Gmail API), for authenticating your account and managing Gmail labels
  • Stripe, for processing subscription payments securely
  • Railway, for hosting and infrastructure

We do not sell, rent, or trade your personal data to any other third parties.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial record-keeping purposes.

Activity logs (delivery counts and times) are retained for up to 90 days and then deleted automatically.

7. Security

We take reasonable measures to protect your personal information, including encryption in transit (HTTPS/TLS) and at rest, and restricted access to production systems.

OAuth tokens issued by Google are stored encrypted in our database and are never exposed in plaintext to any frontend or third-party service. If you believe your account has been compromised, contact us immediately at [email protected].

8. Your rights

Depending on your location, you may have rights regarding your personal data, including the right to access, correct, or delete it. To exercise these rights, contact us at [email protected].

You can also delete your account at any time from the Account settings page in the offduty app, which will remove your personal data from our systems.

9. Children's privacy

Offduty is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us at [email protected].

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app. The “Last updated” date at the top of this page reflects the most recent revision.

Continued use of offduty after changes take effect constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions or requests, contact us at:
[email protected]
DiscoveryCo