This policy describes how get_sifted ("the Service"), operated by Advisory Channels Company For Management Consulting LLC, a limited liability company registered in the Kingdom of Saudi Arabia (CR 7043214753), on behalf of Lincolne Ventures ("we", "us"), collects, processes, and protects personal data. It applies to all users of the Service, regardless of location, and is designed to meet the requirements of the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and applicable data protection legislation in the Kingdom of Saudi Arabia.
We process only the data necessary to deliver the Service. The categories are as follows:
| Category | Account information — email address, name, and authentication tokens provided during sign-up or OAuth connection. |
|---|---|
| Category | Message data — sender, recipient, subject line, timestamp, message body, and thread identifiers retrieved from connected accounts (Gmail, Outlook, WhatsApp). |
| Category | Classification data — AI-generated labels (urgency, sender tier, message type) and draft replies produced at your request. |
| Category | Technical data — IP address, browser type, and request logs retained for security and diagnostics. |
We do not collect sensitive personal data as defined under Article 9 GDPR. We do not process data relating to minors.
We rely on the following legal bases under Article 6(1) GDPR:
| Contract | Processing your messages to provide the triage, classification, and notification services you have requested (Art. 6(1)(b)). |
|---|---|
| Legitimate interest | Maintaining security, preventing abuse, improving the Service, and generating aggregate analytics that cannot identify individual users (Art. 6(1)(f)). |
| Consent | Where required — for example, connecting a WhatsApp account or enabling notification delivery to your phone (Art. 6(1)(a)). You may withdraw consent at any time. |
Your data is processed for the sole purpose of delivering the Service: classifying messages by urgency and relevance, generating draft replies when explicitly requested, sending replies you have reviewed and explicitly approved, and delivering notifications you have opted into. We do not use your data for advertising, profiling, or behavioural targeting. We do not sell, rent, or otherwise commercialise your personal data. We do not use your data to train, fine-tune, or improve any machine learning model.
We engage the following sub-processors to operate the Service:
| Anthropic | AI classification and draft generation. Data processed: message snippets (truncated to 500 characters) and full message body for draft replies. Anthropic processes this data solely to return the requested result; under its commercial terms it does not retain the data beyond the period required to provide the service and does not use it to train its models. Jurisdiction: United States. |
|---|---|
| Supabase | Database hosting and authentication. Data processed: all account and message data. Region: ap-south-1 (Mumbai). |
| Gmail OAuth and message retrieval. Data processed: OAuth tokens, Gmail messages. Jurisdiction: United States. | |
| Microsoft | Outlook OAuth and message retrieval. Data processed: OAuth tokens, Outlook messages. Jurisdiction: United States. |
| Meta | WhatsApp Business Platform. Data processed: WhatsApp messages delivered via webhook. Jurisdiction: United States. |
| Twilio | WhatsApp message delivery. Data processed: notification and digest text, which may include message summaries and, when you explicitly request the full text of an item, message content. Jurisdiction: United States. |
| Sentry | Error monitoring. Data processed: error diagnostics with authentication tokens and request bodies removed. Jurisdiction: United States. |
Where data is transferred outside the European Economic Area, we rely on the European Commission's adequacy decisions or standard contractual clauses, as applicable.
When you connect the WhatsApp Business integration, incoming messages are delivered to our server via Meta's Cloud API webhook. We store these messages to provide triage and notification services. Message content is shared with Anthropic solely for the purpose of AI classification within the Service. We do not share WhatsApp message content with any other third party. You may disconnect WhatsApp at any time, which immediately stops further data collection from that channel.
get_sifted's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This section describes how we handle data accessed via Google APIs and applies in addition to the rest of this policy.
The scopes we request and the user-facing features they enable:
| gmail.readonly | Read-only access to the user's Gmail messages, threads, labels, and profile. Used to fetch recent inbox messages, classify each one by urgency and relevance, deduplicate threads, and present only actionable items on the user's dashboard. Message bodies are read so the AI can classify accurately and so the user can review context inside the application. |
|---|---|
| gmail.send | Send email on the user's behalf, only when the user explicitly clicks "Send" inside the application after reviewing the exact text to be transmitted. Used to send replies in-thread (preserving In-Reply-To and References headers) from the user's own Gmail address. No autonomous or background sending occurs. |
Our Limited Use commitments for data accessed via Google APIs:
| No transfer | We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features (for example, sending message snippets to Anthropic for AI classification, as disclosed in Section 5), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users. |
|---|---|
| No advertising | We do not use Google user data for advertising or to serve advertisements, including personalised, retargeted, or interest-based advertising. |
| No model training | We do not use Google user data to develop, improve, or train generalised or non-personalised AI or machine learning models. Where data is sent to a sub-processor (such as Anthropic) to deliver a feature you have requested, it is used only to return that result and is not retained or used for model training by that sub-processor. Google user data we store within the Service (as described in Section 9) is used solely to provide the user-facing features described in this policy. |
| No human reading | Humans do not read Google user data unless we have obtained the user's affirmative agreement for specific messages, it is necessary for security purposes such as investigating abuse, it is required to comply with applicable law, or the data has been aggregated and anonymised so that it cannot be linked to an individual user. |
You can revoke get_sifted's access to your Google account at any time via your Google Account permissions page, or by disconnecting Gmail inside the application. Revocation immediately stops further data collection from Google APIs.
get_sifted relies on artificial intelligence to deliver its core features: classifying your messages by urgency and relevance, and generating draft replies when you explicitly request them. This section describes how your data — including data accessed via Google APIs — is handled when it is processed by AI.
| Provider | AI processing is carried out by Anthropic via the Claude API. We send message snippets (truncated to 500 characters) for classification, and the full message body only when you explicitly request a draft reply. Data is sent solely to return the requested result. |
|---|---|
| No model training | Your data is never used to train, fine-tune, or improve any AI or machine learning model — by us or by our AI provider. Under Anthropic's commercial terms, data submitted through the Claude API is not used for model training, and inputs and outputs are automatically deleted within 30 days. This applies to all of your data, including data accessed via Google APIs. |
| Purpose limitation | Data is provided to the AI only to perform the specific, user-facing task at hand — classifying a message or producing a draft you asked for. It is not used for profiling, advertising, or any secondary purpose. |
| No human review | AI processing is fully automated. Humans do not read your message content except in the limited circumstances set out in Section 7 — your explicit consent for specific messages, security investigations, legal compliance, or data that has been aggregated and anonymised. |
Our full list of sub-processors appears in Section 5, and our specific Limited Use commitments for data accessed via Google APIs appear in Section 7.
Message data is retained for the duration of your active account. OAuth tokens are stored only while the corresponding account remains connected. Technical logs are retained for a maximum of 90 days. Upon account deletion, all personal data is permanently erased within 30 days, except where retention is required by law.
We implement the following technical and organisational measures: all data in transit is encrypted via TLS 1.2 or higher; the database enforces row-level security for multi-tenant isolation; OAuth tokens are encrypted at rest; access to production systems is restricted to authorised personnel; and we maintain error monitoring to detect and respond to anomalies.
You also have the right to lodge a complaint with a supervisory authority. For EU residents, you may contact your local data protection authority. For UK residents, the Information Commissioner's Office (ICO) at ico.org.uk.
You may request complete deletion of your personal data at any time. For full details of the deletion process and scope, see our Data Deletion Policy.
The Service uses a single session cookie required for authentication. We do not use analytics cookies, advertising trackers, or third-party tracking pixels.
We may update this policy to reflect changes in law or to the Service. Material changes will be communicated via the application or by email to your registered address at least 14 days before they take effect. The effective date at the top of this page always reflects the current version.
For any questions, concerns, or data subject requests, contact the data controller:
Advisory Channels Company For Management Consulting LLC
On behalf of Lincolne Ventures
Email: rob@lincolne-ventures.com