Privacy Policy
Last updated: 20 May 2026.
1. Service operator
Bostaji is operated by Black Pearl Retail & Consulting SARL, a company registered in France with the Mulhouse Trade and Companies Register under number 930 789 862, with its registered office at 8 impasse des Capucins, 68730 Blotzheim, France.
Under the General Data Protection Regulation (GDPR), Black Pearl Retail & Consulting SARL is the data controller for the personal data described in this document.
Contact: bostaji@bostaji.app.
2. Data processed and purposes
When you connect your Gmail account to Bostaji through OAuth, the application accesses the messages in your inbox in order to classify them and perform the sorting actions you validate.
The data processed is:
- the headers and textual content of messages in your Gmail inbox (subject, sender, body);
- the labels and folders of your Gmail account;
- the OAuth access token.
Purpose: classify and organize messages received in your Gmail inbox, according to the actions you validate (move to a folder, archive, mark as read or unread, send to trash).
Legal basis: performance of the contract between you and Black Pearl Retail & Consulting SARL (article 6(1)(b) GDPR) and your explicit consent given through the OAuth flow (article 6(1)(a) GDPR). You can withdraw your consent at any time by revoking access from your Google Account settings.
3. Data storage
Bostaji is a desktop application running on your computer. Messages in your Gmail account stay in your Gmail account at Google. The OAuth access token is stored in encrypted form on your computer, in the operating system's secure credential storage.
No email message is copied to any server owned by Black Pearl Retail & Consulting SARL.
4. Sub-processors
To classify a message, the application transmits the message subject and body to a European artificial intelligence provider, acting as a sub-processor within the meaning of Article 28 GDPR. This sub-processor does not retain the data after processing and does not use it to train its models.
No other third party receives your data. No data is transferred to any country outside the European Union.
5. Required Google disclosures
Bostaji uses Google API Services to access your Gmail account with your permission.
Bostaji's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Concretely:
- data received through Google APIs is used only to provide user-facing email sorting features;
- this data is never transferred to any third party, except as necessary to provide the feature, for security reasons, or to comply with a legal obligation;
- this data is never used for advertising, including targeted or personalized advertising;
- this data is never used to train generalized artificial intelligence models;
- no human employee or contractor of Black Pearl Retail & Consulting SARL reads the content of your messages, except (a) with your explicit permission, (b) for security reasons, (c) to comply with a legal obligation, or (d) where data is aggregated and anonymized.
6. Your rights
Under the GDPR and the French « Informatique et Libertés » Act, you have the following rights:
- right of access to your personal data;
- right to rectification of inaccurate data;
- right to erasure (« right to be forgotten »);
- right to data portability;
- right to object to a processing;
- right to withdraw your consent at any time.
You can revoke Bostaji's access to your Gmail account at any time from your Google Account settings.
To exercise any of these rights, write to bostaji@bostaji.app. We will reply within one month at most.
You may also contact the CNIL (the French data protection authority) directly, without notifying us.
7. Changes to this policy
This policy may be updated. The « last updated » date at the top of the page is adjusted on every revision. For material changes, users are notified by email or by in-app notification at least 30 days before the new version takes effect.