Flick
Privacy

Privacy policy

PrivacyEffective June 12, 2026

Flick (flicked.email and the Flick apps) turns your inbox into a swipe deck. To do that we need limited access to your email — this page explains exactly what we access, what we store, and what we never do. Plain English, no surprises.

What we access

When you connect a mailbox, you grant Flick read access via OAuth (Google) or your provider's connection flow (iCloud, Yahoo, IMAP via app passwords). We read sender, subject, snippets, and thread metadata to build your triage deck. For Gmail we request the narrowest scope that supports triage (gmail.modify): it lets Flick read, archive/label, and create drafts — it cannot permanently delete mail bypassing your Trash, and Flick never sends email on your behalf. Replies you approve are saved as drafts in your own mailbox; you send them yourself.

What we store

  • Account & connection data — your account identifier, connected-mailbox metadata, and encrypted access credentials.
  • Triage actions — the archive/keep/reply decisions you make, so your deck stays in sync.
  • Approved draft text — stored encrypted and scoped to your account, purged on deletion.
  • Product analytics — first-party usage events (e.g. "deck loaded", "draft accepted") plus Google Analytics across flicked.email, our landing pages, the Flick web app, and the Flick iOS app, for aggregate traffic measurement. No ad networks, and no ad/IDFA tracking on iOS.

We do not store copies of your mailbox. When AI drafting needs more context, the thread content is sent request-scoped to generate that one draft and is not persisted.

AI drafting

Reply drafts are generated server-side using Anthropic's Claude models. Your email content is sent only to generate the draft you asked for, is not retained as training data, and no model is trained on your mail — by us or on our instruction.

Google API Services — Limited Use disclosure

Flick's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The Flick Chrome extension

The Flick side-panel extension is a thin companion client of the same Flick account — it adds no new data collection and no new mailbox access. What it is and isn't:

  • It never touches your mail provider's website. Its only permission is to talk to Flick's own service (app.flicked.email). No content scripts, no access to Gmail or any other site you browse.
  • On your device it stores exactly four things in the extension's local storage: a revocable Flick session token, the email address of the connected account (so the panel can name it), and your badge and ritual-hour preferences. Nothing syncs to other devices.
  • It stores no email on your device. Cards are fetched from Flick's API for display, live in the panel for the session, and die with it.
  • Sign-in is a handoff, not a new login. Connecting the panel exchanges a one-time 60-second code on our domain for the extension's own session token — no passwords, no Google scopes requested by the extension.
  • Revocation is yours, two ways: "disconnect this panel" in the panel menu ends just the extension's session (the web app stays signed in); "sign out everywhere" ends every Flick session including the web. Panel sessions also expire on their own after about a month.
  • The once-a-day badge calls a counts-only endpoint (how many cards are waiting — never message content).

The extension introduces no new subprocessors; everything below applies unchanged.

Service providers (subprocessors)

  • Nylas — email connectivity for connected mailboxes.
  • Google — OAuth and Gmail APIs for Google accounts.
  • Google Analytics — aggregate traffic analytics across flicked.email, our landing pages, the Flick web app, and the Flick iOS app (IDFA-free on iOS).
  • Anthropic — AI reply drafting.
  • Vercel — application hosting.
  • Railway — database hosting.
  • Stripe — payment processing for web purchases (we never see your card number).

What we never do

  • We never sell your data.
  • We never show ads or share your data with ad networks.
  • We never send email from your account.
  • We never train AI models on your mail.

Deleting your data

Delete your account any time from Settings → Delete account in the app — this permanently purges your Flick data: connected mailboxes, sync state, drafts, and billing records. Your actual emails stay untouched in your mail provider. You can also email us (below) and we'll do it for you.

Changes & contact

If this policy changes materially we'll update this page and the effective date. Questions or requests: hey@flicked.email.