Scope
This policy applies to Lancer, an internal tool built and operated by GCH Projects. Lancer is available only to one authorised user inside the group. It is not a public product and access is not offered to the public.
Data accessed
When the authorised user connects a Google account, Lancer accesses message content, subjects, senders, recipients, timestamps, attachments, and labels from that account via Google APIs. This access is granted strictly with the user's explicit consent through Google's standard OAuth flow, and only for the accounts the user chooses to connect.
OAuth scopes used
Lancer requests the following Google API scopes:
gmail.readonly— to read messages from accounts the authorised user has connected.gmail.compose— used only to save drafts at the user's direction, for the user's own review.gmail.modify— used only to archive or label messages at the user's direction.
Lancer does not use gmail.send for the user's personal Gmail account. No mail is ever sent from the user's personal account by Lancer.
Where data is stored
Data is stored on infrastructure owned and operated by GCH Projects, with encryption at rest and strict file-level permissions. Access is limited to the authenticated user.
Data sharing
Lancer does not sell, rent, share, or transmit user data to any third party other than the Google services required for the API to function. There is no advertising, no analytics on user data, and no resale. Data is never shared for advertising purposes or for training third-party AI models.
AI model processing
Message content may be processed by large-language-model providers solely to produce summaries, drafts, and classifications for the authorised user's own use. Providers are configured to a zero-retention setting where supported, and are contractually bound not to train on the data. No email content is ever submitted for model training.
Retention
Data is retained as part of the authorised user's operational record. The user can request deletion at any time by contacting ai@gchprojects.com.
User rights
The authorised user has the right to access, correct, delete, and export their data, and to withdraw consent at any time. Withdrawal revokes the OAuth token and halts all further access. Requests are handled within a reasonable period and in no case longer than 30 days.
Security practices
The infrastructure runs under file-level permissions restricted to the authorised user, operates on a hardened endpoint, and all secrets are held in locally-stored encrypted credential stores. No credentials or tokens are transmitted off the device.
Governing jurisdiction
This policy is governed by the laws of the jurisdiction in which GCH Projects is incorporated.
Contact
For privacy questions or to exercise any of the rights described above, contact ai@gchprojects.com.