Privacy Policy
Last Updated: June 2026
Mattermail ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Mattermail Google Workspace Add-on.
Mattermail's use and transfer to any other app of information received from Google APIs will adhere to the
Google API Services User Data Policy, including the Limited Use requirements.
1. Infrastructure & Direct Processing
Mattermail is built entirely on the Google Apps Script infrastructure. All data processing occurs strictly within Google's secure server environment. When you save an email, the add-on communicates directly with Clio's API. There are no middleman servers routing, reading, or intercepting your emails or Clio case data.
2. Information We Access and How We Use It
Mattermail is designed with a "least privilege" architecture. We only access the exact data necessary to perform the functions you explicitly request.
- Active Email Data: When you open the add-on, we read the specific, currently active email thread (and its attachments) that you have chosen to view. This data is instantly formatted and transmitted directly to your authorized Clio account.
- Inline Image Processing: When preparing an email for upload to Clio, the add-on scans the email's HTML for embedded images and fetches them from their source URLs (including Google-hosted image URLs, using your secure OAuth token) in order to embed them directly into the Clio document. No image data is stored by Mattermail; it is passed directly to Clio.
- Automatic Contact Creation: Clio's API requires all email parties (senders and recipients) to exist as Contacts before a communication can be filed. If a contact is not found in your Clio account, Mattermail will automatically create one using only the name and email address visible in the email header. This data is written directly to your own Clio account and is not stored by Mattermail.
- Time Entries: If you choose to log a time entry, the duration, description, and hourly rate you enter are transmitted directly to your Clio account. This data is not stored by Mattermail.
- Task Creation: If you choose to create a task, the task name, description, priority, assignee, due date, and time estimate you enter are transmitted directly to your Clio account. This data is not stored by Mattermail.
- Local Caching & Preferences: To improve app performance and loading times, we utilize Google Apps Script's native cache to temporarily store your last selected matter ID, your Clio matters list (including matter numbers and descriptions), task types, and your Clio users list (names and IDs). Additionally, your last selected matter is saved in Google Apps Script's user properties and is retained until you log out. This data never leaves Google's infrastructure and is never transmitted to Mattermail's servers.
3. Clio API Access (OAuth Scopes)
To perform its functions, Mattermail requests the following permission scopes from your Clio account via the standard OAuth2 protocol:
- activities — To log time entries against matters.
- communications — To file emails as communication records in Clio.
- contacts — To look up existing contacts and automatically create new ones for email senders/recipients, which is required by Clio's API to file a communication.
- documents — To upload email attachments and original email files to matter folders in Clio.
- matters — To retrieve your list of open matters so you can select which matter to file the email under.
- tasks — To create tasks in Clio directly from your inbox.
4. Analytics, Subscription Management, & Database Security
To provide customer support, manage subscriptions, resolve user queries, and track basic Daily Active User (DAU) metrics, we maintain a secure administrative database using Google Firebase.
What we store in Firebase:
- Clio ID: Your unique identifier from Clio to link your account.
- Name & Email: Used exclusively to communicate with you for support and to send automated "Safety Net" error alerts if a sync fails.
- Subscription Data: Your current plan (e.g., free/premium), subscription_status (e.g., trial), and an expires_at timestamp.
- Activity Data: A last_active timestamp to measure daily active usage of the add-on.
Database Security & Access: The Firebase database is strictly locked down. There are no public URLs or open endpoints capable of modifying this data. Read and write permissions are exclusively restricted to our internal Google Apps Script server, which authenticates using a highly secure, private Service Account Key.
5. Information We Do Not Collect
- We do not read or access your inbox history, spam, or any emails outside the specific thread you are currently viewing.
- We do not store your email content, attachments, time entries, task data, or Clio matter details in our Firebase database or any external servers.
- We do not store or see your Clio passwords. Authorization is handled securely via standard OAuth2 protocols.
6. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data to third parties. Data is only transmitted to third-party services (like Clio) when you explicitly authorize the connection and click "Save."
7. Geographic Availability
Mattermail currently supports users in the United States and Mexico only. Support for additional regions is actively in development.
8. Data Retention and Deletion
Because we do not store your emails or task data on our servers, there is no personal data for us to retain. You can revoke Mattermail's access to your Google Account or Clio Account at any time through your respective security settings. If you wish to have your administrative Firebase record (Name, Email, Subscription status) deleted, please contact us directly.
9. Contact Us
If you have any questions about this Privacy Policy or how your data is handled, please contact on email - automatic.self.attendance@gmail.com