BillRadar

Gmail Data Use

Last updated: June 22, 2026

This page explains in detail how Bill Radar accesses, uses, and protects your Gmail data, and how it complies with Google's Limited Use requirements.

Scopes we request

Bill Radar requests only the following scopes:

  • https://www.googleapis.com/auth/gmail.readonly read-only access to Gmail messages.
  • openid, email, profile to identify you and create your account.

We never request send, modify, or delete scopes. Bill Radar is technically unable to send emails from your inbox, or modify or delete any message.

What we access and why

We access only billing-related Gmail messages in order to detect your subscriptions and payments. On first connection we scan billing-related emails from the last 90 days (invoices, subscriptions, renewals, payments, refunds, trials, cancellations). After that we run a weekly scan of only the last 7 days.

How we process the data

We use a server-side AI provider to extract structured data from candidate emails, such as merchant, amount, currency, dates, renewal status, and cancellation links. Message contents are processed transiently solely for extraction, then discarded.

What we store

We keep only the following minimum:

  • Message id and thread id.
  • Sender, subject, the short Gmail snippet, and date.
  • The extracted, billing-related structured data.

We do not permanently store your full email body.

Google Limited Use compliance

Bill Radar's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Gmail data only to provide user-facing features (detecting and displaying subscriptions and payments).
  • We do not transfer Gmail data to third parties except to provide these features, for security, or to comply with applicable laws.
  • We do not use Gmail data for any advertising, and we do not sell it.
  • We do not allow humans to read Gmail data except as necessary for security or abuse prevention, with your explicit consent, or to comply with the law.

What we do not do

  • We do not sell your data or share it with advertisers.
  • We do not send emails from your inbox.
  • We do not modify or delete any message.
  • We do not cancel any subscription on your behalf; we only show you how to cancel.

Security and retention

Refresh tokens are encrypted at rest using AES-GCM (256-bit), and data is stored on Cloudflare infrastructure. When you disconnect a Gmail account we revoke the Google token and delete the stored tokens and that account's metadata. When you delete your account we delete all your data and revoke all Google tokens.

Revoking access

You can revoke Bill Radar's access at any time from Dashboard → Gmail accounts, or from your Google Account permissions page at myaccount.google.com/permissions.

Contact

For any question about Gmail data use, contact us at hamidalqwaysim@gmail.com.