Privacy Policy

Last updated: June 16, 2026

Kelp AI Labs, LLC ("Kelp," "we," "our," or "us"), a Delaware limited liability company, operates an AI-powered email assistant that helps professionals manage and filter their Gmail inboxes. We take your privacy seriously. This page explains what data we access, how we use it, and what controls you have. Your use of Kelp is also governed by our Terms of Service.

1. Overview

Kelp connects to your Gmail account through Google's official OAuth system. We access only the data required to filter your mail and improve that filtering, and we don't keep copies of your personal emails — we read message content only when needed to apply your filters or suggest improvements to them (see Sections 2 and 4).

You stay in control at all times — you can review, adjust, or revoke access whenever you choose.

2. Data We Access

When you grant permission, Kelp may access the following through Google's secure APIs:

a. Gmail Messages

  • We read message metadata (sender, subject, snippet) and, when needed, message content — to determine whether it matches your filters and to suggest improvements to your filtering (see Section 4).
  • We may take Gmail actions (archive, label, delete) based on your filter settings.
  • We do not store full message bodies or attachments on our servers. Limited content (such as the optional envelope preview described in Section 3) may be stored on a short, configurable retention.

b. Contacts

  • We access your Google Contacts to understand your trusted network — people you already know.
  • We do not copy, store, or export your contacts.
  • We generate hashed identifiers from sender domains and email addresses so Kelp can recognize trusted senders without storing your raw contact list. These hashes are not anonymous — given a candidate email address, a match can be confirmed — but they let Kelp operate without copying your address book onto our servers.

c. Account Information

  • We store your Google account ID, email address, and OAuth tokens securely server-side to maintain your connection to Kelp.
  • Tokens are encrypted and never exposed to the frontend or logs.

3. Data We Store

To provide transparency and analytics, Kelp may temporarily store limited operational data:

TypeExampleRetentionPurpose
Filter logsSender, subject, timestamp30 days (configurable)To show what was filtered and why
User settingsFilter prompts, LLM preferencesUntil deleted by youTo apply your chosen filters
Authentication dataEncrypted OAuth tokens (access and refresh)Until you revoke access or delete your accountTo process Gmail events on your behalf
Contact fingerprintsHashed identifiers of email addresses and domainsUntil deleted by youTo recognize trusted senders
Envelope preview (on by default)Sender, subject line, short snippet of body (not full email)30 days (configurable)To help you debug and track filtered messages
Feedback signalsSender, subject, and a short snippet of messages you mark as spam; which label you removed or added by hand30 daysTo suggest improvements to your filtering
Assistant conversations & suggestionsYour messages to Kelp's assistant and its replies (and which tools it ran); the filtering suggestions it generates — never the email content it reads to answer youSuggestions: 30 days; conversations: until you delete your accountTo debug and improve the assistant and surface suggestions for your review
Memory (learned patterns)Durable facts about you and your filtering preferences, inferred from your email content and your interactions with KelpUntil you edit or delete itTo recommend, craft, and personalize your filters

What are contact fingerprints? When you sync your contacts, Kelp creates a hashed identifier from each email address and domain. This lets Kelp recognize when an email comes from someone you know without storing your actual contact list (names, phone numbers, addresses, or raw email addresses). These hashes are not anonymous in a strict sense — given a guess at an email address, a match can be confirmed — but Kelp never has the underlying address book and never reconstructs it.

We do not store:

  • Full email message bodies
  • Attachments
  • Your actual contact list (names, phone numbers, addresses)
  • Any message content beyond the optional envelope preview described above

4. How We Use Your Data

We use your data solely to deliver Kelp's core functionality:

  1. Filtering emails according to your configured rules
  2. Providing transparency via logs and performance metrics
  3. Maintaining security and detecting misuse

Kelp does not currently train, fine-tune, or otherwise adapt machine-learning models on your data, and will not begin doing so without first updating this policy and obtaining any consent required by law.

Kelp's assistant and proactive suggestions. Kelp includes an AI assistant that helps you set up, craft, and maintain your filters, and that periodically reviews how you handle your mail — including signals from your own Gmail actions, such as marking a message as spam, removing a label Kelp applied, or adding a filter's label by hand — to recommend ways to improve your filtering. When it finds one, it surfaces a specific suggestion for you to approve, adjust, or decline; nothing changes until you say so, unless you choose to let Kelp apply its suggestions automatically. When you turn that on, Kelp can apply filter and trust/block changes without asking first and reports what it changed in a weekly summary email. This is used only to improve your own filtering, is visible and reversible from within Kelp, and is not used to train or improve any generalized AI or machine-learning model.

Conversation records. So we can debug and improve the assistant, we keep a record of your conversations with it — the messages you send and Kelp's replies, including which tools it ran — together with the filtering suggestions Kelp generates for you. The email content the assistant reads from your mailbox to answer you (message bodies, subjects, senders, and snippets) is never written into that record. Suggestions are short-lived working state, cleared after about 30 days. These records are used to operate and improve the Service and are not used to train or improve any generalized AI or machine-learning model.

What Kelp learns (its memory). To recommend, craft, and personalize your filters, Kelp keeps a memory of patterns it infers from your email content — which Kelp's periodic review reads automatically as part of the Service, under the Gmail access you grant — and from how you interact with Kelp. This memory has two parts: learned preferences — how you like to use Gmail and how you want Kelp to filter (for example, that you keep some newsletters but reject others) — and an inferred biography — durable facts about you and the senders you deal with that help Kelp judge whether mail is relevant to you (described under "profile personalization" below). Kelp draws on this memory, together with your contacts and trusted senders, to suggest and tune filters that fit you and to deliver the Service. You can view, edit, or delete anything Kelp has learned at any time from your settings, and deletion removes it from active systems within 7 days. This memory is used only to operate and improve your own filtering and is not used to train or improve any generalized AI or machine-learning model.

Profile personalization. Kelp builds a short profile of concrete facts about you — where you're based, your work, recurring senders — to help its filters judge whether incoming mail is relevant to you. This is on by default; you can turn it off at any time, which stops the profile from reaching your filters. Kelp gathers these facts both as you chat with its assistant and automatically when its periodic review reads your mail; in chat, the assistant asks first before scanning messages you haven't already shown it. The profile is stored with your account, viewable and editable from your settings, and is included as context when emails are sent to AI providers for classification (subject to the sub-processor restrictions in Section 9). The profile and the underlying email content are not used to train or improve any generalized AI or machine-learning model. You can disable it or delete your profile at any time, and deletion removes it from active systems within 7 days.

We do not sell, rent, or share your data with third parties for marketing, advertising, or any purpose unrelated to providing the Kelp service.

5. Google API Services User Data Policy

Kelp's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Compliance

Kelp only uses Google user data to provide and improve user-facing features that are prominent in our application. Specifically:

  • We use Gmail data solely to filter and organize your emails according to your configured rules, and to recommend and improve those filters.
  • We use Contacts data solely to identify trusted senders for your filters.
  • We do not use Google data for any other purpose.

Prohibited Uses

We will never:

  • Transfer or sell your Google data to third parties, including advertising platforms, data brokers, or information resellers.
  • Use your Google data for serving ads, including retargeting, personalized advertising, or interest-based advertising.
  • Use your Google data to determine creditworthiness or for lending purposes.
  • Use your Google data for any purpose other than providing the Kelp email filtering service.
  • Use Google API data to develop, improve, or train generalized AI or machine learning models.

Data Transfers

We only transfer Google user data to third parties when:

  • Necessary to provide the service: We send email metadata, and (where required) limited message content, to our AI provider (Anthropic) to classify your mail and to power the assistant and proactive suggestions described in Section 4. Anthropic is contractually restricted to use your data only to deliver the requested output and not to train their general AI models. Anthropic may retain inputs briefly (typically up to 30 days) for abuse monitoring before deletion.
  • Required for security: If needed to investigate abuse or protect against fraud.
  • Required by law: To comply with applicable legal requirements.
  • With your explicit consent: For any transfer not covered above, we will ask for your permission first.

Human Access to Data

Kelp employees and contractors will not read your Google user data unless:

  • You have given us explicit permission to view specific data (e.g., for debugging a support issue).
  • It is necessary for security purposes, such as investigating a bug or abuse.
  • It is required to comply with applicable law.
  • The data is aggregated and anonymized for internal operations.

6. How We Protect Your Data

  • All communication with Google uses HTTPS and OAuth 2.0.
  • Tokens are stored encrypted at rest and in transit.
  • Access to production data is limited to authorized personnel (see Section 5 for human access to Google user data specifically).
  • We log access events for security auditing.

If Kelp experiences a data breach affecting your information, we will notify you without undue delay and in any event within 72 hours where required by applicable law.

7. Your Choices and Controls

You can manage your data and permissions at any time:

  • Revoke Access: Go to myaccount.google.com/permissions and remove Kelp's access.
  • View Activity: The Kelp dashboard shows what messages were filtered and why.
  • Delete Your Account: You can delete your Kelp account from the settings page. This removes all stored preferences, filters, and logs. We will confirm once deletion is complete.
  • Request Your Data: You may request access to or deletion of your personal data by contacting us at privacy@trykelp.ai. We may ask you to verify your identity before processing your request.
  • Adjust Filters: You can enable, disable, or modify filters at any time.

8. Data Retention

We keep operational metadata (such as filter logs and envelope previews) only as long as necessary to provide transparency and analytics — typically 30 days, unless you opt to extend it. When you delete your account, all stored metadata and preferences are permanently removed from our active systems within 7 days.

Backup Retention: Deleted data may persist in encrypted backups for up to 30 additional days before being automatically purged. Backup data is not accessible for normal operations.

Legal Retention: We may retain certain data for longer periods if required by law, to resolve disputes, enforce our agreements, or as needed for legitimate business purposes (such as fraud prevention or security investigations).

9. Service Providers

We use trusted third-party service providers to operate Kelp. These providers are contractually obligated to protect your data and use it only as directed by us.

Infrastructure

  • Render — Web application hosting and managed PostgreSQL database (US region)
  • Google Cloud Platform — Email processing workers (Cloud Run)
  • Postmark — Transactional email delivery (account, billing, and product notification emails)
  • Stripe — Payment processing and subscription management

AI Providers

Kelp uses a third-party large language model (LLM) to classify your email, power its AI assistant, and generate proactive suggestions for improving your filtering:

  • Anthropic — Email classification, the AI assistant, and proactive filter suggestions (via the Claude API)

Anthropic is contractually restricted to use your data only to deliver the requested output and not to train their general AI models. Anthropic may retain inputs briefly (typically up to 30 days) for abuse monitoring before deletion. All requests are made through secure, encrypted API calls.

Analytics

  • PostHog — Product analytics and client-side error reporting (US infrastructure). Form input and known personal-information fields (sender names, subjects, snippets, contact emails, domains) are masked before they leave your browser. We do not use PostHog data for advertising and do not share it with advertisers.

10. Cookies and Analytics

Kelp's web app uses essential cookies for authentication and session management. We do not use advertising cookies or cross-site tracking.

Product Analytics: We use PostHog to understand how users interact with Kelp, identify bugs, and improve the service. Form input and known personal-information fields (sender names, subjects, snippets, contact emails, domains) are masked before they leave your browser — we see which features you use, navigation, and client-side errors, not typed content. We do not use this data for advertising and do not share it with advertisers.

Do Not Track / Global Privacy Control: We honor your browser's "Do Not Track" and California's "Global Privacy Control" signals. If either is set, analytics are automatically disabled for your session.

11. Children's Privacy

Kelp is intended for professional use and is not designed for children under 16. We do not knowingly collect personal information from minors.

12. International Users

Kelp operates from servers located in the United States, and our analytics provider also stores data in the US. If you access Kelp from another country, you consent to the transfer of your information to the US under applicable data-protection laws. Your rights under those laws to access, correct, or delete your personal information remain available; contact us at privacy@trykelp.ai to exercise them.

13. California Privacy Rights

We do not sell or "share" (as those terms are defined by the California Consumer Privacy Act / California Privacy Rights Act) your personal information. California residents have the right to request access to or deletion of their personal data by contacting us at privacy@trykelp.ai. We honor Global Privacy Control (GPC) signals as an automatic opt-out from analytics.

14. Business Transfers

If Kelp is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you by email before your data becomes subject to a different privacy policy.

15. Changes to This Policy

We review this Privacy Policy at least annually to ensure it remains accurate and compliant with applicable laws. We may update it from time to time. We will notify you by email at least 30 days before any material change takes effect.

The most current version will always be available at trykelp.ai/privacy.

16. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your data, contact us at:

privacy@trykelp.ai
or
Kelp Privacy Team
Boulder, Colorado

Summary (Plain English)

  • Kelp only accesses Gmail and Contacts through official Google APIs.
  • We never store full emails, attachments, or your contact list.
  • We don't store your address book — only one-way hashes that let Kelp recognize when an email comes from someone you know.
  • You can delete your data or revoke access anytime.
  • Privacy isn't a feature — it's the foundation of how Kelp works.