Back to policies

How It Works

Policies.life scans your Gmail for policy documents, extracts the details using AI, and shows them in one dashboard. Your data never leaves your control.

The Pipeline

Step 1

Gmail Scan

Searches your inbox for insurance-related emails

→

Step 2

AI Triage

AI filters out newsletters and marketing, keeps real policies

→

Step 3

Extract

Downloads PDFs and extracts policy details with AI

→

Step 4

Deduplicate

Merges renewals, fixes statuses, shows your final dashboard

What We Search For

We run these Gmail searches to find insurance-related emails from the last 2 years:

health insurance car insurance term life mediclaim motor insurance vehicle insurance term insurance term plan subject:"policy copy" from:policybazaar subject:"term life" has:attachment +7 more

Where Your Data Goes

your gmail → read-only scan (nothing modified)
email metadata → AI triage (is this a policy?) → yes/no saved as plaintext
policy PDFs → AI extraction → encrypted with your vault key → database
final policies → encrypted → database

vault key: never stored // exists only in memory during refresh
PDFs: never uploaded // processed locally, text sent to AI
database without key: unreadable encrypted blobs

Privacy & Security

Read-Only Gmail Access

We only request read permission for your Gmail. No emails are modified, deleted, or sent. You can revoke access anytime from your Google account settings.

Vault Key Encryption

All sensitive policy data is encrypted with AES-256-GCM using a key derived from your vault password. Without it, stored data is gibberish.

No PDF Storage

PDF files are downloaded temporarily to extract text, then kept only on your machine. They are never uploaded to any server or database.

Your Key, Your Data

The vault key is never stored anywhere — not in the database, not in cookies. If you forget it, even we can't read your cached policy data.

Common Questions

What can the app see in my Gmail?

Only email metadata (subject, sender, date) and attachments from insurance-related search results. It cannot read your drafts, send emails, or access unrelated messages.

What does the AI see?

The AI (Grok) receives email subject lines for triage, and truncated PDF text for extraction. It does not receive your email address, password, or full inbox.

Why does the first refresh take so long?

The first run processes all your insurance emails from scratch — downloading PDFs and running AI extraction on each. Subsequent refreshes are near-instant because results are cached (encrypted) in the database.

What happens if I use a wrong vault key?

The app will detect the mismatch and show an error. It won't corrupt your data — the encrypted cache remains intact for when you use the correct key.

Can I revoke access?

Yes. Visit your Google Account permissions and remove Policies.life. Your cached data in the database will remain encrypted and unreadable without your vault key.