← Back

Privacy Policy

Last updated: April 2026

Who we are

Sesame is a product of Evolved Group, Inc. (“we”, “us”, “our”). Sesame connects your Gmail account to Claude, an AI assistant made by Anthropic, via the Gmail API. Evolved Group, Inc. is the data controller for personal data processed through this service.

Contact: admin@evolvedtalent.com

Data we collect and why

  • Your Google account ID and email address — to identify your account
  • Your Gmail OAuth tokens (access and refresh), encrypted at rest using AES-256-GCM — to authenticate Gmail API requests on your behalf
  • A hashed Bearer token — to authenticate requests from Claude to our server
  • The permission tier you selected (read-only, draft, or full access) — to enforce your chosen access level

Legal basis (GDPR): Processing is based on your explicit consent, given when you authorize the Gmail connection via OAuth. You may withdraw consent at any time by disconnecting.

Data we do not collect

  • Email content, subjects, recipients, or any message data
  • Search queries or actions performed via Claude
  • Any data beyond what is listed above

All Gmail interactions happen in real time on your behalf. We act as a pass-through between Claude and the Gmail API — no email content is logged, cached, or stored on our servers.

Our use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How we use your data

Your data is used solely to authenticate Gmail API requests made by Claude on your behalf. We do not sell, share, or disclose your personal data to third parties, and we do not use it for advertising or any purpose other than operating this service.

Data retention

Your data is retained until you revoke access. You can disconnect at any time by visiting Google Account Connections or by calling the POST /api/revoke endpoint with your Bearer token. Upon disconnection, all stored credentials are permanently deleted.

Data transfers

Your data is stored on servers located in the United States (Neon Postgres via AWS). If you are located in the European Economic Area (EEA) or United Kingdom, your data is transferred to and processed in the United States. By using this service, you consent to this transfer. We take reasonable steps to ensure your data is handled securely.

Security

Gmail OAuth tokens are encrypted with AES-256-GCM before being written to the database. Bearer tokens are stored as SHA-256 hashes only — the raw token is returned once at issuance and never stored. All connections use HTTPS.

Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Restriction: Request that we limit processing of your data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your data
  • Withdraw consent: Disconnect at any time via Google Account Connections

California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at admin@evolvedtalent.com. We will not discriminate against you for exercising these rights.

EEA/UK residents: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of the above rights, contact us at admin@evolvedtalent.com. We will respond within 30 days.

Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

Evolved Group, Inc.
admin@evolvedtalent.com

Terms of ServiceHome