Privacy Policy

Last updated: May 1, 2026

Summer is a personal-scale tool that summarises receipts and invoices from your Gmail inbox. This page explains what data passes through it and what does not.

Data we receive from you

• Google account profile. When you sign in we receive your name, email address, and Google account ID via Google OAuth.
• Gmail OAuth tokens. Access and refresh tokens for the scopes you grant: gmail.readonly and gmail.send. These let Summer read receipt-candidate messages and email the summary back to your own inbox.
• Session cookies. Standard authentication cookies issued by better-auth.

What we store

Only the data above — profile, OAuth tokens, sessions — in a Postgres database hosted on Supabase. We do not store the contents of your emails, the extracted receipts, or the generated summaries. Each run is computed from scratch in memory and discarded when the worker finishes.

Security and data protection

• Encryption in transit. All requests between Summer and external services — Google OAuth, the Gmail API, the Gemini API, frankfurter.dev, Supabase, Upstash QStash, and your browser — are made over HTTPS/TLS. The site is served from Vercel with TLS termination at the edge.
• Encryption at rest. OAuth tokens, profile records, and session rows live in Supabase-hosted Postgres, which encrypts stored data with AES-256 by default.
• Scoped, revocable access.Google OAuth tokens are stored per user and can only be used to act on that user's own mailbox. The application never lets one signed-in user trigger a summary against another user's account.
• No long-term retention of email content. Receipt-candidate messages, extracted fields, and the rendered summary exist only in worker memory for the duration of a single job (typically under a minute). Nothing from the email body is written to a database, log, or analytics store.
• Signed background jobs.Summary work runs in an Upstash QStash worker whose every invocation is verified against Upstash's signing keys, so the worker only executes payloads that were actually enqueued by Summer.
• Secrets management. API keys and signing keys (Google, Gemini, QStash, Supabase) are stored as Vercel environment variables, not in the source repository, and are scoped to the production deployment.
• Least-privilege OAuth scopes. Summer requests only gmail.readonly (to read receipt-candidate messages) and gmail.send (to email the summary back to the same signed-in user). It does not request modify, delete, or label-change scopes.
• Limited recipient set. The summary email is always sent from the signed-in user to themselves; Summer never sends Gmail content to a third-party recipient.
• Account and token deletion.You can revoke Summer's access at any time via myaccount.google.com/permissions, which immediately invalidates the stored tokens. Account-record deletion can be requested by emailing yariv@riser.co.il.
• Incident response. If Summer becomes aware of a breach affecting user data, affected users will be notified by email at the address on file.

How your email is processed

When you click Generate summary, a background worker:

• Fetches purchase-related messages from Gmail in your selected window.
• Extracts structured fields (merchant, amount, currency, date) using embedded schema.org markup where available, falling back to Google Gemini (model gemini-2.5-flash-lite) for the rest. Email content is sent to the Gemini API to perform this extraction.
• Converts amounts to ILS using public ECB rates from frankfurter.dev.
• Sends the rendered HTML summary back to you via your own Gmail account.

Note that Google's Gemini API may retain prompt content for abuse monitoring per its own terms. See Gemini API terms.

Third parties involved

• Google (OAuth + Gmail API) — sign-in and email read/send.
• Google Gemini API — receipt extraction.
• Supabase — Postgres hosting for the auth tables.
• Upstash QStash — background job queue.
• Vercel — application hosting.
• frankfurter.dev — currency exchange rates.

Use of Google user data

Summer's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Your Gmail data is used solely to produce the requested summary and is not sold, used for advertising, or shared with third parties beyond the processors listed above.

Your choices

• Revoke access at any time via myaccount.google.com/permissions. Doing so invalidates the stored OAuth tokens.
• Request deletion of your account record by contacting the address below.

Contact

Questions or deletion requests: yariv@riser.co.il.