Security & Data Handling
Last updated: May 7, 2026
Airo is an AI-assisted email client. To file, compose, and surface information from your inbox, the AI needs access to your email content. This page describes what that access looks like, what we store, and how to remove it.
If anything here is unclear or wrong, email security@airo.email and we’ll fix it.
Data flow
You connect Gmail via Google OAuth. Gmail pushes new-message notifications to Airo’s backend, which fetches the relevant messages, stores them in our database, and runs AutoFile classification via Google Vertex AI. Your devices sync the data locally so the apps work offline. When you act on an AutoFile suggestion, Airo applies the change directly to Gmail. Gmail remains the source of truth.
What we store, and for how long
| Data | Retention |
|---|---|
| Message metadata, bodies, and attachment metadata | While the connected account is active |
| Attachment file bytes | Not stored — fetched on demand from Gmail |
| Embeddings for semantic search | While the connected account is active |
| AutoFile suggestion history | While the connected account is active |
| OAuth refresh tokens | Until you disconnect |
| Auth identity | While account active |
| Subscription state | Per subscription provider terms |
| Database backups | 7 most recent backups; 7 days of point-in-time recovery |
A copy of your messages also lives on each of your devices in a local database. That copy is removed when you sign out or uninstall.
Google permissions
Airo requests the minimum Google permissions needed to function as a full email client:
- View and manage your inbox so Airo can show your mail and apply AutoFile decisions (label, archive, trash, star, send replies).
- Read your existing labels and filters so AutoFile can use them as filing destinations. Airo won’t change them without asking.
- Show contact names from your address book and people you’ve emailed, instead of just email addresses. Airo won’t spam, sell, or contact them.
- Send attachments larger than Gmail’s size limit by uploading them to Drive and embedding a link. Limited to files Airo creates, not your whole Drive.
- RSVP to meeting invites that arrive as email.
Airo has completed Google’s CASA third-party security audit and contested-scope verification, both required for restricted Gmail permissions. The verification status is visible on the consent screen.
AI / LLM data handling
AI features run on Google Vertex AI (Gemini). Vertex’s enterprise terms specify no training on customer data and no retention of prompt content beyond the request lifecycle (see Google Cloud’s Service Specific Terms ). Airo does not train models on user data and does not send your mail to any LLM vendor outside Google. We do not sell or share user data with advertisers, data brokers, or any AI training pipeline outside Google Vertex.
Encryption
- In transit: TLS 1.2+ for all client-to-backend, backend-to-Google, and backend-to-database traffic.
- At rest (server): data is encrypted on disk with provider-managed keys.
- At rest (device): the local database lives inside the app’s sandboxed container (mobile) or the browser’s per-origin storage (web) and inherits the device’s full-disk encryption.
Airo is not end-to-end encrypted. Server-side AI requires the backend to read mail in cleartext during processing.
Subprocessors
- Google Cloud Platform — hosting and AI inference (Vertex AI).
- Firebase (Google) — authentication; on mobile, also Crashlytics and Firebase Analytics.
- PostHog — product analytics.
- RevenueCat — subscription management on mobile.
- Apple App Store / Google Play — payments for mobile subscriptions.
- Vercel — hosting for the marketing site (
airo.email) and the authenticated web app (app.airo.email).
We will update this list when subprocessors change.
Access controls
Airo doesn’t have an admin team, support contractors, or third-party operators with production access — it’s the founder’s account, governed by Google’s Limited Use policy . No human reads your mail except with your affirmative consent, for security investigations, to comply with applicable law, or as aggregated internal metrics.
Deletion
You can delete your account at any time from in-app settings. Deletion revokes the OAuth grant with Google and removes server-side data associated with the account.
If you only disconnect a Google account (rather than delete your Airo account), Airo marks the refresh token as revoked and a daily cleanup job removes the account and its data 30 days later. The same 30-day window applies if your subscription lapses. Backups age out as the rotation moves forward.
You can also revoke Airo’s access from your Google Account at myaccount.google.com/permissions . A standalone data-deletion request flow is documented at /policies/data_deletion.
Data rights
You can request access to, correction of, deletion of, or a portable copy of your Airo-specific data by emailing privacy@airo.email from the address on your account. Gmail itself remains the canonical store for your mail — you can export directly via Google Takeout .
Incident response
If we identify a security incident affecting your data, we will notify affected users without undue delay, in line with applicable law (GDPR Art. 33/34 timelines where they apply) and Google’s API Services User Data Policy.
Continuity
Airo is operated by Production Ready LLC. We will not transfer Google API Services data as part of an acquisition without users’ explicit prior consent, per Google’s Limited Use policy.
Reporting a vulnerability
Email security@airo.email with reproduction steps and any proof-of-concept. Researchers who responsibly disclose verified issues will be publicly credited with their permission.
Contact
- General privacy questions: privacy@airo.email
- Security issues: security@airo.email
- Company: Production Ready LLC. Mailing address available on request to privacy@airo.email.