What data does AgentProof see?

This page answers the question every technically-minded person should ask before installing any Gmail extension: exactly what does this thing do with my email?

What AgentProof reads

To score an email, AgentProof requests the following from the Gmail API:

• Email headers (From, To, Date, Reply-To, X-Mailer, Message-ID, and other routing metadata)
• Email body (plain text and HTML)
• Thread history (metadata only: sender, date, snippet — not full bodies)
• Your Google Contacts list (email addresses only, not names or phone numbers)

This data is fetched locally by the Chrome extension using the OAuth token you granted. It flows directly from Google to your browser — it does not transit our servers.

What stays in your browser (free tier)

All 23 detection signals run as TypeScript code inside the extension's service worker — the same Chrome process that runs locally. The signal computation happens entirely on your machine:

• Header parsing and fingerprinting
• Temporal analysis (response speed, send cadence)
• Linguistic analysis (vocabulary patterns, sentence uniformity)
• Content fingerprinting (template structure, opener formula)
• Ghost sender detection
• Transactional and outreach classification

Scores are stored in chrome.storage.session (cleared when Chrome closes) and chrome.storage.local (your device only). Nothing is synced to Google or to us.

What leaves your browser

1. Sender reputation lookup (all users)

After scoring, AgentProof sends a SHA-256 hash of the sender's email address to our API to check cross-user network data. Example:

attacker@example.com → sha256(attacker@example.com) → 3d8f2a7c...

SHA-256 is a one-way function. The hash cannot be reversed to recover the original email address without a brute-force dictionary attack. We take additional steps: we do not store unhashed email addresses and do not log request sender IPs in association with hashes.

2. Score analytics (all users)

We send anonymised scoring events to PostHog for product analytics. These events contain: score bucket (0–30, 31–60, 61–100), tier classification, number of signals fired, and your subscription tier. No email addresses, no subject lines, no body content.

3. Deep analysis via Claude (Pro, opt-in)

If you enable the "Deep Analysis" toggle in Pro settings, AgentProof sends the first 3,000 characters of the email body to our Cloudflare Worker, which forwards it to Anthropic's Claude API. This is the only scenario in which email content leaves your browser.

This feature is:

• Disabled by default for all users
• Available to Pro subscribers only
• Clearly labelled in the settings panel
• Governed by Anthropic's API data handling policy

OAuth permissions

AgentProof requests two Gmail scopes at install time:

• gmail.readonly — to read email headers and bodies for scoring
• contacts.readonly — to check if a sender is in your Google Contacts (whitelist)

Two additional scopes are requested only when you first use a feature that requires them:

• gmail.modify — requested when you first enable auto-label or auto-archive (Pro). Used to apply Gmail labels and move emails to archive.
• gmail.settings.basic — requested when you first use Block Sender. Used to create a Gmail filter that skips future emails from that sender.

We do not request these write scopes at install. Chrome will show a new consent dialog at the moment you choose to use these features.

What we store on our servers

• Your Google user ID (a numeric string from the OAuth token — not your email address)
• Your subscription tier and Stripe customer ID
• SHA-256 hashes of sender email addresses that received reports (not the addresses themselves)
• Aggregate signal IDs from Pro reports (e.g., ["esp-fingerprint", "tracking-pixel"]) — not the email content that triggered them

Source code

The detection signal modules are the core of this product. We intend to open-source them — the signal logic that runs locally in your browser has no business reason to be proprietary. Watch the changelog for updates.

Try AgentProof free →