Fast Filters logo

Fast Filters LLC Privacy Policy

Last updated: February 23, 2026

1. Introduction

Fast Filters LLC ("we", "our", or "us") offers a Gmail™ inbox management tool available as a Chrome extension and mobile application (iOS/Android), designed to help users automatically organize, clean, and filter their email using smart rules ("Service"). This Privacy Policy outlines our practices regarding the collection, use, and sharing of your information when you use our Service. We are committed to protecting your privacy and handling your data transparently.

Fast Filters LLC is registered outside the European Union. Under GDPR Article 3(2), the regulation applies because our Service is directed at EU data subjects. For questions or to exercise your rights, contact us at privacy@fastfilters.io.

2. Data Controller & Data Processor

Data Controller: Fast Filters LLC is the data controller for your account data (name, email, profile photo, subscription information, app settings, and rule configurations).

Data Processor: Fast Filters acts as a data processor for Gmail email data — processing email metadata on your behalf to apply your configured filters and rules. Email content is not stored permanently; only metadata is processed as instructed by your configured rules.

3. Data We Collect

When you use our Service, we collect the following information:

  • Account Information: Your email address, name, and profile photo as provided through Google OAuth sign-in.
  • Session Data: IP address and user agent string, stored for security purposes and automatically expired after 7 days.
  • Filter Configuration: Details of any filters you create, including sender and recipient email addresses, email subjects, and mailing list IDs/names.
  • Email Metadata (Deep Scan): During Deep Scan analysis, we temporarily store Gmail message metadata (sender, recipient, subject, date, mailing list ID) in AWS S3. This data is automatically deleted after 60 days via S3 lifecycle rules, or immediately upon account deletion.
  • Subscription & Billing: Stripe customer ID and subscription status. Full payment details are handled exclusively by Stripe and never stored on our servers.

We use OAuth permissions to access necessary Gmail™ data for our Service's functionality. While we have access to email contents for real-time rule processing, we do not store email bodies. We retain only the metadata necessary for the Service.

4. Lawful Basis for Processing

Under GDPR Article 6, we process personal data under the following lawful bases:

  • Contract (Art. 6(1)(b)): Account creation & authentication, email rule processing, Deep Scan analysis, subscription management via Stripe, and team invitations.
  • Legitimate Interest (Art. 6(1)(f)): Error monitoring (Sentry), in-app analytics for authenticated users (PostHog), and request logging (Axiom).
  • Consent (Art. 6(1)(a)): Public website analytics, affiliate tracking (Rewardful), live chat (Tidio), and mobile session replay. You can withdraw consent at any time via the cookie consent banner or app settings.

5. Use of Your Information

The information we collect is used to:

  • Provide, maintain, and improve the Service.
  • Process your email filter rules and provide Deep Scan suggestions.
  • Manage subscriptions and process payments securely through Stripe.
  • Monitor errors and performance to ensure service reliability.
  • Address customer support inquiries effectively.

6. Third-Party Service Providers (Data Processors)

We share your information with the following third-party services to operate our Service:

  • Google Cloud / Gmail API: Email access and OAuth authentication. Google processes data under their own terms.
  • Stripe: Payment processing and subscription management. Stripe acts as an independent controller for payment data.
  • AWS (Amazon Web Services): Cloud storage (S3) for temporary email metadata during Deep Scan. Data retained for 60 days maximum.
  • PostHog: Product analytics and (with consent) session replay on mobile. Used to understand feature usage and improve the product.
  • Sentry: Error monitoring and performance tracking. Captures error traces and user identifiers for debugging.
  • Axiom: Request logging for operational monitoring. Logs may contain IP addresses and email addresses.
  • Inngest: Background job orchestration for Gmail operations and Deep Scan processing.
  • Upstash (Redis): Processing locks and temporary state management for background jobs.
  • Loops: Transactional email delivery for team invitations.
  • Rewardful: Affiliate tracking (loaded only with your consent on the public website).
  • Tidio: Live chat support (loaded only with your consent on the public website).
  • RevenueCat: Mobile subscription management for iOS and Android.
  • Vercel: Web application hosting and edge network delivery.

All processors based in the United States operate under Standard Contractual Clauses (SCCs) or equivalent mechanisms for international data transfers as required by GDPR Chapter V.

7. Data Security

To protect your information, we implement the following security measures:

  • OAuth tokens (access, refresh, and ID tokens) are encrypted at rest using AES-256-GCM encryption.
  • All data transmission occurs over HTTPS/TLS.
  • Mobile authentication tokens are stored in platform-specific secure storage (Keychain/Keystore).
  • PII is hashed in production logs.
  • Data access is limited to what is strictly necessary for the Service.

8. Data Retention

  • S3 email metadata: Automatically deleted after 60 days or upon account deletion.
  • Session data: Expires after 7 days.
  • Account data: Retained until you delete your account.
  • Analytics data (PostHog): Retained for 12 months per PostHog retention settings.
  • Error data (Sentry): Retained for 90 days per Sentry retention settings.

9. Your Rights (GDPR Articles 15–22)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate personal data.
  • Right to Erasure (Art. 17): Delete your account and all associated data through the app's Delete Account feature, or by emailing us.
  • Right to Restrict Processing (Art. 18): Request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format (JSON).
  • Right to Object (Art. 21): Object to processing based on legitimate interest, including opting out of analytics tracking via account settings.
  • Right to Withdraw Consent (Art. 7): Withdraw consent for analytics, marketing, or session replay at any time via the cookie consent banner or app settings.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, email us at privacy@fastfilters.io. We will respond within 30 days as required by GDPR Article 12.

10. International Data Transfers

Our Service operates with data processing primarily in the United States. For data transferred from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) with our processors to ensure adequate data protection as required by GDPR Chapter V.

11. Google API Services User Data Policy

Fast Filters' use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

12. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Significant changes will be communicated to you via email, with a link to the updated policy. We encourage you to review our Privacy Policy periodically for any updates.

13. Age Restrictions

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@fastfilters.io so we can take appropriate action.

14. Contact Us

For any privacy-related inquiries or to exercise your data subject rights, please contact us at privacy@fastfilters.io.