Privacy Policy

blade.net helps you find people in your Gmail who you've actually corresponded with and send them a personalized message. We read email headers (not bodies), store a ranked contact list, and only send mail when you compose a campaign and click Send. We do not sell, share, or use your data for advertising. You can revoke access and delete your data at any time.

• Google account profile.Your name, email address, profile picture, and unique Google user ID. Provided by Google's standard OpenID Connect on sign-in.
• Gmail message headers. The From, To, Cc, Bcc, List-Unsubscribe, Precedence, and internal date for messages in your mailbox going back as far as the lookback window you select. We do notread, store, or transmit message bodies, attachments, or subject lines of messages you've received.
• OAuth tokens. The access token and refresh token issued by Google so we can read your mailbox and (with your explicit grant) send mail on your behalf. Tokens are encrypted at rest using AES-256-GCM with a key derived from a secret only the server knows.
• Derived contact list.One row per email address you've corresponded with, including: their email, their display name (parsed from the Fromheader), counts of how many emails you've sent and received, first and last contact dates, and whether the address looks like an automated sender.
• Send history.When you run a campaign, we record the recipient, subject, your campaign template, the per-recipient unsubscribe token, send timestamp, success/failure status, and Gmail's returned message ID.
• Job state. Status, progress, and error messages for the background tasks that mine your mailbox and send your campaigns.

• To authenticate you via Google.
• To build and display your ranked contact list.
• To send mail merge campaigns to recipients you explicitly select, using your Gmail account, throttled to stay under Google's per-day sending limits.
• To honour unsubscribe requests from your recipients.
• To debug failures (server-side logs include hashed recipient identifiers and error messages — full email addresses are not logged outside our database).

We do not use your data for advertising, profile building, training machine-learning models, or any purpose unrelated to delivering the blade.net service.

• Database. A managed Postgres database hosted by Neon in the AWS us-east-1 region.
• Background jobs.Mining and sending tasks run on Trigger.dev's managed worker infrastructure.
• App hosting. The web app runs on Vercel.
• Token encryption. Your Google access, refresh, and ID tokens are encrypted with AES-256-GCM before being written to the database and decrypted only on use.
• All connections to Google, Trigger.dev, Neon, and your browser are over TLS.

blade.net's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• We only use Gmail data to provide and improve the contact-mining and outreach features you explicitly opted into.
• We do not transfer Gmail data to third parties except as needed to provide or improve those features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
• We do not use Gmail data for advertising purposes.
• We do not allow humans to read Gmail data unless we have your affirmative consent for specific messages, are required to do so for security purposes, to comply with applicable law, or as part of internal operations (e.g., debugging or abuse detection) with data aggregated and anonymized where feasible.

• Google.Used for sign-in and as the source + destination of your mail. Subject to Google's own privacy policy.
• Neon. Hosts our Postgres database (AWS us-east-1).
• Trigger.dev. Runs background jobs. Receives minimal metadata (user IDs, job IDs, hashed recipient identifiers, error messages) — not raw mailbox content.
• Vercel. Hosts the web application. May log standard request metadata (IP address, user agent, timing).

We share data with these providers only as required to operate the service. We do not sell your personal information.

• Revoke access. Open myaccount.google.com/connections, find blade.net, and click Remove access. This immediately prevents blade.net from reading or sending mail.
• Delete your data. Email us at yasser.bashir@arbisoft.com with your Google account email. We will delete your user record, contacts, mined message headers, send history, and encrypted tokens within 7 days.
• Export your data. The contacts page has an Export CSV button. For everything else, email the address above.

We keep your data as long as your account is active. If you stop using blade.net but don't request deletion, your data remains in the database so you can return without re-mining. If you delete your account or revoke access, we remove your user record and all associated rows.

blade.net is not directed to anyone under 13. If you become aware a child has provided data to us, contact us and we will remove it.

We may update this policy. Material changes will be announced via email to your registered Gmail address before they take effect.

Questions or requests: yasser.bashir@arbisoft.com