What Gmail permissions do you request?

Exactly one scope: gmail.readonly. Read-only access only — we cannot send, modify, delete, or label any email. You can revoke access anytime at myaccount.google.com/permissions.

Who can see my invoice data?

Only you and your authorised team members can see your invoice data.

Do you store my invoices?

Invoice attachments are processed to extract structured data and are not permanently retained on our servers.

Is my data used to train AI?

No. Your invoice data is never used for AI model training.

How do I delete my data?

You can delete individual invoices from within your account. To delete your entire account, contact help@mangosteen.studio and we will process your request within 48 hours.

SECURITY & PRIVACY

Security at InvoiceAgent.ai

Your financial data is sensitive. Here's exactly how we protect it — in plain English, without the corporate security theatre.

Verified & Certified

Google OAuth

Verified by Google

App verification approved December 2025 for gmail.readonly scope. Independently reviewed under Google's restricted scope program.

CASA Tier 2

Assessed by TAC Security

Cloud Application Security Assessment performed by TAC Security, a Google App Defense Alliance authorised assessor. Reassessed annually as required by Google.

Limited Use

Google API Compliant

We adhere to the Google API Services User Data Policy, including the Limited Use requirements. Full statement below.

Google API Services User Data Policy

Limited Use Statement

"InvoiceAgent.ai's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements."

• We request only the gmail.readonly scope — read-only access. We cannot send, modify, or delete email.
• We do not transfer Google user data to third parties except as needed to provide or improve the service, comply with law, or as part of a merger/acquisition with notice.
• We do not use Google user data for advertising or to train generalised AI/ML models.
• Humans do not read your email except (a) with your explicit permission for support, (b) for security/abuse investigation, or (c) where required by law.

How We Protect Your Data

🔒

Data Encryption

All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. Your data is protected whether it's moving or stored.

📨

Email Processing — Not Storage

Invoice attachments are processed to extract structured data and then deleted from our servers. We don't permanently store your original invoice files.

🏢

Isolated Account Access

Your data is completely isolated per account. No cross-account data access is possible — your invoices are only visible to you and your authorised team members.

🚫

No AI Training on Your Data

We do not use your invoice data to train AI models — ever. Your financial information is used solely to provide the service to you.

☁️

Major US Cloud Infrastructure

Hosted on a major US-based cloud provider with a 99.9% uptime SLA. Subprocessor list available on request to [email protected].

🔍

Annual CASA Reassessment

As a Google-restricted-scope app, we undergo annual CASA Tier 2 reassessment by TAC Security. Internal vulnerability scans run continuously between formal assessments.

Security Questions

Questions about security?

We're happy to answer any questions about how we handle your data. Reach out to our team directly.

[email protected]