This Privacy Policy describes how Yana Ivanov ("we," "our," or "the developer") handles information when you use the tools hosted at yana-ivanov.github.io/cybersecurity-portfolio, including the Email Threat Analyzer.
These tools are open-source cybersecurity portfolio projects created for educational and demonstration purposes. They are not commercial products.
Short version: We do not collect, store, sell, or share your personal data or your Gmail content. Email analysis happens in your browser and through a secure proxy. Nothing is retained after your session ends.
The Email Threat Analyzer optionally connects to your Gmail account using Google OAuth 2.0. When you choose to connect Gmail, the application requests the following scope:
| Scope | What it allows | Why we need it |
|---|---|---|
| gmail.readonly | Read-only access to your Gmail messages and metadata | To fetch email headers, subjects, senders, and body snippets for AI-powered threat analysis |
We access the following data from your Gmail account:
We do not access: attachment contents, contacts, calendar data, Google Drive, or any other Google services. Gmail connection is entirely optional — all features work without it.
Google user data is used solely to provide the Email Threat Analyzer's core functionality:
We do not use Google user data for advertising, building user profiles, training AI models, or any purpose beyond providing the analysis you requested. Our use complies with the Google API Services User Data Policy, including Limited Use requirements.
We do not store your Gmail data or email content on any server.
Retention: No Google user data is retained beyond your active browser session.
These tools are not directed at children under 13. We do not knowingly collect personal information from children under 13. This application requires a Google account, which requires users to be at least 13 under Google's Terms of Service. If you believe a child under 13 has provided personal information through this tool, contact us immediately.
California residents have the right to know what personal information we collect, request deletion, opt out of the sale of personal information, and be free from discrimination for exercising privacy rights.
We do not sell personal information. Because we do not retain personal information beyond your browser session, most CCPA requests can be satisfied by confirming we hold no data about you. Contact us below to exercise your rights.
If you are in the EEA, UK, or Switzerland, we process Google user data on the basis of your explicit consent given when you authorize Gmail access. You may withdraw consent at any time by revoking access in your Google account settings.
Email content is processed by Anthropic (US-based) and Cloudflare (US-based). By using the Gmail integration, you consent to this transfer. You have the right to access, rectify, erase, restrict, port, and object to processing of your data, and to lodge a complaint with your local data protection authority.
We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the most recent revision. Material changes to how we handle Google user data will be posted before they take effect. Continued use of the tool constitutes acceptance of the revised policy.
For questions about this Privacy Policy or to exercise your data rights:
Yana Ivanov
Portfolio: yana-ivanov.github.io/cybersecurity-portfolio
GitHub: github.com/yana-ivanov
We will respond to privacy requests within 30 days.