Last updated: April 9, 2026
Mr. Sawyer collects information you provide when creating an account (name, email, password), business information you enter (business name, address, services), and messaging data from connected channels (Instagram, Facebook, Gmail) to provide automated reply services. When you connect a Gmail account, we also receive your Google account email address and OAuth tokens so we can read and send mail on your behalf.
We use your information to operate and improve Mr. Sawyer, including generating responses to customer messages on your behalf, sending you email notifications when Mr. Sawyer needs your input, and processing payments for your subscription.
When you connect Instagram or Facebook, we receive and store messages sent to your business page. This data is used solely to generate responses and is not shared with third parties. You can disconnect your channels at any time, and we will stop receiving new messages.
When you connect a Gmail account, Mr. Sawyer requests the following Google OAuth scopes:
https://www.googleapis.com/auth/gmail.modify — read new inbound messages and mark them as read after Mr. Sawyer has processed them.https://www.googleapis.com/auth/gmail.send — send reply messages on your behalf, threaded into the original customer conversation.https://www.googleapis.com/auth/userinfo.email and openid — identify which Gmail account was connected.We store OAuth access and refresh tokens encrypted at rest (AES-256-GCM) in our database and use them only to access the specific Gmail account you connected. We read only new messages delivered to your Inbox after connection; we do not scan your archive, drafts, sent items, or any other labels. We never delete, move, forward, archive, or modify any mailbox content other than marking a message as read after Mr. Sawyer has replied to it.
The content of customer emails is passed to our AI model (Anthropic) to generate a reply. Reply drafts are sent from your Gmail account via the Gmail API and appear in your Sent folder like any other outgoing message.
Google API Services User Data Policy Limited Use disclosure: Mr. Sawyer's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to develop, improve, or train generalized AI or machine learning models, nor do we sell, share, or transfer Google user data to third parties except as required to provide the service (e.g. passing message content to Anthropic's API for reply generation) or as required by law.
You can revoke Mr. Sawyer's Gmail access at any time by clicking "Disconnect" on the Channels page, or by visiting myaccount.google.com/permissions. Upon disconnection, we stop receiving new messages and delete stored OAuth tokens immediately.
We retain your data for as long as your account is active. You can request deletion of your data at any time by contacting us. When you disconnect a social media channel, we delete associated conversation data upon request.
We use Anthropic to generate message responses, Stripe for payment processing, Resend for email delivery, Meta APIs for Instagram and Facebook integration, and Google APIs for Gmail integration. Each service has its own privacy policy governing how they handle data.
We implement industry-standard security measures to protect your data, including encrypted connections (TLS in transit), encrypted OAuth token storage (AES-256-GCM at rest), HMAC signature verification on all incoming webhooks, and per-user access controls on all stored data.
For questions about this privacy policy or to request data deletion, contact us at info@mrsawyer.com.