← Back to Skub

Privacy Policy

Last updated: 17 April 2026

Who we are

Skub is operated by Provenance Tags ApS, Denmark. Skub is an AI assistant that watches your email inbox and sends you tap-to-act notifications when a message needs your decision. Throughout this policy "Skub", "we", or "us" means Provenance Tags ApS.

Plain-English summary: When you connect a mailbox, Skub reads your incoming email so it can decide what's worth alerting you about and summarize it for you. Email content is processed in memory and not retained in a Skub database — your preferences, rules, learned patterns and history stay under your control. We hold OAuth tokens (in a headless vault) and your subscription status for billing; nothing else. Content is used only to serve you — never to train public AI models, never shared with advertisers, never sold.

Skub currently supports Gmail. Outlook and IMAP are on the roadmap. Provider-specific details below call out Gmail where relevant for Google's API User Data Policy.

What data we collect

Account data

Gmail data (accessed via Google's Gmail API)

Skub does not access attachments, draft messages, contacts, calendars, or any Google data outside Gmail.

Derived data

Skub learns from your taps — sender preferences, ignore patterns, learned habits — but that derived data does not live in a Skub database. It is kept under your own control, where you can inspect, edit, or clear it at any time. Categories:

How we use your data

AI processing

To decide what matters and generate summaries, Skub sends email content to a third-party large-language-model provider. Content is sent only to process one request at a time — it is not retained beyond that request, and not used to train any AI model, per the provider's contract with us. No other AI or analytics service receives your email content. The specific provider is disclosed in our subprocessor list, available on request.

How data is stored and secured

Who we share data with

We share the minimum necessary data with a small set of vetted processors, and only to deliver the service to you. Each is bound by a written data-processing agreement. Categories:

We do not sell, rent, or share your data for advertising. We do not aggregate your mail data with other users'. We do not use your email content to train AI models, and our providers are bound by the same commitment.

The full, named subprocessor list is available on request — email us via the form below.

Limited-use disclosure

Skub's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data retention and deletion

Your rights (GDPR / UK GDPR)

You have the right to: access a copy of your data, correct inaccuracies, delete your data, object to processing, and export your data. Submit a request using the form below. We respond within 30 days — usually faster.

Data Processing Agreement (DPA) and security artefacts

Customers who need to comply with GDPR (e.g. if you process employee or customer email through Skub on behalf of an organisation) may request a Data Processing Agreement. Our DPA is pre-signed by Provenance Tags ApS and becomes active when you counter-sign.

We also make our Data Protection Impact Assessment (DPIA), incident-response runbook, and full subprocessor list available on request under NDA. A public summary of our security posture is at skub.me/security.

Request any of these via the form below (pick “Other”, write “DPIA” or “DPA” in the details) or through the Enterprise form on the landing page.

Submit a data request

Cookies and tracking

Skub uses a single first-party session cookie on skub.me and app.skub.me to keep you logged in. No analytics, no tracking pixels, no third-party advertising cookies.

Children

Skub is not directed to children under 16 and we do not knowingly collect data from them. If you believe we have, submit a deletion request and we'll remove it.

Changes to this policy

If we materially change how we handle data, we'll notify active users by email before the change takes effect.

Contact

Questions, deletion requests, or concerns: use the request form above (pick "Other" if it's not a data request).

Provenance Tags ApS · Denmark