How Discere handles account and email data
This Privacy Policy explains how Discere accesses, uses, stores, shares, and deletes information when you use the service.
Effective date: May 6, 2026
Last updated: May 6, 2026
If you have questions about this policy, privacy requests, or security concerns, contact disceresupport@gmail.com.
TLDR (Too long, didn't read): Discere reads the email data needed to summarize messages from contacts you choose, stores the account and summary data needed to operate Discere, sends relevant summary inputs to AI, and lets you delete your account data.
1. Scope
This policy applies to Discere’s website, dashboard, connected email flows, summary generation, scheduled reports, and related support or analytics functions.
Discere is the service name. The service is operated by Discere Research.
It does not apply to third-party services that you use separately outside Discere, even if those services integrate with Discere.
2. Information Discere collects
Discere collects the account information needed to create and manage your account, such as your email address, sign-in method, and profile name. When you connect a mailbox, Discere stores the connection information needed to authenticate Gmail, Outlook, or Microsoft 365.
Discere also processes email thread data needed to detect messages from tracked contacts and generate summaries. Attachment names may be processed, and attachment content previews or extracted attachment text are processed only when AI attachment access is enabled. Discere also stores settings such as tracked contacts, summary preferences, scheduling choices, timezone, and delivery settings, along with operational data such as analytics events, bug reports, and service logs.
3. How Discere uses information
Discere uses information to authenticate users, maintain account access, and read supported mailbox data needed to identify relevant emails from tracked contacts. Discere uses that information to generate, refine, and deliver structured summaries and combined reports.
Adding a tracked contact does not notify that person. Discere does not email, message, or otherwise alert tracked contacts when their emails are summarized.
Discere also uses information to support user settings such as tracked contacts, AI attachment access, summary preferences, scheduled report settings, and your report email mode. Requested and scheduled email reports are sent from Discere to your connected account email. You can choose Full Report, which includes summary content in the email, or Email Notification, which sends a simple ready message and keeps the summary content inside Discere. Operational information is used to operate, secure, debug, monitor, and improve Discere.
4. Google and Microsoft user data
When you connect a Google or Microsoft account, Discere uses OAuth-based permissions to access the scopes you grant. Discere uses that access only to operate the features you request, such as reading mailbox content for summaries. Email reports are sent from Discere, not from your connected Gmail or Microsoft mailbox. If you choose Email Notification mode, those report emails do not include summary content.
Gmail OAuth uses Gmail API read-only access. Discere identifies your Gmail address from that Gmail connection and does not request separate Google profile access. Gmail OAuth does not use IMAP for mailbox reading. Microsoft OAuth uses Microsoft profile/email access, offline access, and Microsoft Graph mailbox access.
| Provider | Permission type | How Discere uses it |
|---|---|---|
| Gmail API read-only | Identify your Gmail address and read relevant Gmail content for summaries. | |
| Microsoft | Profile/email, offline access, Microsoft Graph mailbox access | Sign you in, identify your Microsoft email address, read relevant mailbox content for summaries, and refresh access for scheduled reports. |
Discere does not sell Google or Microsoft user data. Discere does not use Gmail or Microsoft mailbox data for advertising, and Discere does not notify tracked contacts. Discere transfers Google or Microsoft mailbox data to service providers only as needed to operate the requested Discere functions, such as sending relevant summary inputs to OpenAI for summarization, hosting Discere, complying with law, enforcing terms, or protecting the service.
You can revoke Google access from your Google Account permissions. You can revoke Microsoft access from Microsoft’s connected-app pages, including Microsoft account consent management or Microsoft My Apps, depending on the account type.
5. AI processing
Discere uses the OpenAI API to generate summaries, refinements, AI Assistant answers, and related AI output. Email thread content is sent to OpenAI through the OpenAI API for that purpose.
According to OpenAI’s published API data controls, data sent to the OpenAI API is not used to train or improve OpenAI models unless the API organization explicitly opts in to share data with OpenAI. Discere has not opted in to share API inputs or outputs for OpenAI model training or improvement, so Discere’s OpenAI API inputs and outputs are not used to train or improve OpenAI models. OpenAI also states that API data is encrypted in transit and at rest.
The AI input may include sender, recipient, subject, message dates, email body text, relevant thread context, and summary preferences. It may also include attachment filenames. Attachment contents are included only when AI attachment access is enabled.
If AI attachment access is turned on, attachment content may also be included in AI processing. If AI attachment access is turned off, Discere limits AI input to email-thread text and attachment metadata such as file names.
OpenAI may still process and retain limited API data for purposes such as abuse monitoring, safety, legal compliance, and operating the API. OpenAI’s published API data controls state that abuse-monitoring logs may include customer content such as prompts and responses and are retained for up to 30 days by default, unless a longer period is required by law or needed to protect OpenAI’s services or others from harm. Certain qualifying organizations may be eligible for additional retention controls such as Modified Abuse Monitoring or Zero Data Retention.
AI output can be incomplete or inaccurate. Users should review generated summaries before relying on them for legal, financial, operational, or other sensitive decisions.
6. Sharing and service providers
Discere may share information with service providers strictly as needed to operate Discere. This includes OpenAI through the OpenAI API for AI summarization and related model output, Render or comparable infrastructure providers for hosting and storage, email delivery providers for requested and scheduled report emails sent from Discere, and Google or Microsoft for OAuth and mailbox-related access where you choose to connect those providers.
Discere may also disclose information where required by law, to respond to valid legal process, to enforce its terms, or to protect users, Discere, or the public.
7. Storage and retention
Discere stores account settings, summaries, and limited operational data needed for Discere to work. OAuth tokens and mailbox credentials, where used, are stored encrypted. Summary cards and generated report text are stored so you can reopen them in the dashboard.
Read or done summaries have source email bodies and saved attachments purged after 20 days, while summarized email IDs remain to prevent accidental duplicate summaries. If you manually delete a summary, Discere removes the related saved summary data, which means that email can be rediscovered if you run the summarizer again. Bug reports, analytics events, service logs, backup records, and limited legal or security records may be retained where reasonably necessary for operations, support, security, legal compliance, dispute resolution, or backup integrity.
8. Security
Discere uses account-scoped access controls so users can access only their own summaries, contacts, settings, attachments, and related account data. Sensitive credentials and OAuth tokens are stored in encrypted form.
No internet-based service is completely secure. Discere cannot guarantee absolute security. Users handling highly confidential, regulated, or mission-critical data should evaluate whether Discere’s current architecture is appropriate for their use case before connecting that information.
9. Your choices and rights
You can update tracked contacts, summary preferences, schedule settings, and AI attachment access in Discere.
You can delete summaries from the dashboard, and you can delete your account from Settings. Account deletion removes your account, contacts, schedules, summaries, source email data, attachments, and related user records. You can also revoke Google access from your Google Account permissions page. Microsoft access can be revoked from Microsoft account consent management or Microsoft My Apps, depending on whether you use a personal or work/school Microsoft account. Limited records may remain where reasonably necessary for security, legal compliance, dispute resolution, fraud prevention, or backup integrity.
For deletion help or privacy requests, contact disceresupport@gmail.com.
10. Children’s privacy
Discere is not intended for children under 13, and it is not designed for use by children. Do not use Discere if you are not old enough to do so under applicable law.
11. International use
Discere may process and store information in jurisdictions other than your own. By using Discere, you understand that your information may be transferred to and processed in those jurisdictions, subject to applicable law.
12. Changes to this policy
Discere may update this policy as Discere evolves. Material changes should be reflected on this page, including a revised effective or last-updated date.