Privacy Policy

ShimmerPost is a personal email client that renders your Gmail inbox in a quiet, focused reading environment. This policy describes what data we access, how we use it, and what we do not do with it.

ShimmerPost is built and operated by Daniel Belz, an individual developer. It is not a commercial product. Your privacy is taken seriously.

ShimmerPost requests access to your Google account using the following OAuth scopes:

• gmail.readonly — to read your email messages and display them in the ShimmerPost interface
• gmail.send — to send emails you compose within ShimmerPost on your behalf
• gmail.modify — to perform actions you initiate, including archiving, deleting, starring, and marking messages as read or unread

Your email data is used exclusively to power the ShimmerPost reading experience. Specifically:

• Email content is sent to a server-side function (hosted on Netlify) that calls the Anthropic API to apply the ShimmerPost color annotation. This content is processed transiently and is not stored.
• No email data is written to a database, logged, or retained beyond the duration of a single request.
• No email data is shared with third parties for advertising, analytics, or any other purpose.

• We do not store your email content.
• We do not share your data with advertisers or data brokers.
• We do not train AI models on your email content.
• We do not sell or transfer your data to any third party.
• We do not access your email except in direct response to actions you take within the app.

ShimmerPost stores only your Google OAuth access token locally in your browser (localStorage), solely to maintain your session and avoid requiring repeated sign-ins. This token is stored on your device only and is never transmitted to our servers.

Shimmer annotations (the highlighted version of a message you have already opened) are cached in browser memory during your session to avoid redundant API calls. This cache is cleared when you sign out.

ShimmerPost uses the following third-party services:

• Google Gmail API — to read, send, and modify email on your behalf
• Anthropic API — to process email text and apply color annotations. Email content sent to this API is subject to Anthropic's privacy policy. Anthropic does not use API inputs to train models.
• Netlify — to host the application and its server-side functions

You may revoke ShimmerPost's access to your Google account at any time by visiting myaccount.google.com/permissions and removing ShimmerPost from the list of connected apps. Signing out within ShimmerPost also revokes the active token immediately.