SecurityErdunCo-founderMay 17, 20264 min read
Every consumer-facing agent product runs into the same trust question on day one: are you safe to give my data to? In ClaimIt's case the data is especially sensitive (your inbox), and the most honest answer we can give is that we designed the system to need as little of it as possible.
When you connect ClaimIt, you grant Google OAuth scopes that are read-only and specifically scoped to email content. ClaimIt cannot send email from your account by default. It cannot delete, label, or modify messages. It cannot read your contacts, calendar, drive, or any other Google service.
We do not store your Gmail password. We never see it. Google handles authentication, and we receive a short-lived access token that we use to query your inbox. The token can be revoked at any time from your Google Account settings, independently of anything you do on our end.
We extract structured records from purchase-related emails: retailer, product, price, date, order ID. We keep those records, because they're what the agent needs to do its job. We do not keep the raw emails. We do not index or train on your inbox. We do not look at anything outside the purchase-confirmation pattern.
If you delete your ClaimIt account, your purchase records and any drafted claims are deleted within 24 hours. Re-syncing the same Gmail account re-extracts from scratch.
ClaimIt drafts claims and shows them to you before anything goes out. For email claims, you approve the draft and we send via a Gmail send scope you opt into (also revocable). For chat-script claims and in-store guides, ClaimIt produces text for you to copy or follow; we never act on your behalf without your tap.
There's a setting to enable fully autonomous filing once you trust the agent. It's off by default. We think that's the right default forever. Your data, your call.
A lot of agent products talk about privacy. Fewer architect the system so the privacy story is the only story they could possibly tell. We don't have a database of your passwords because the system was built without one. We don't sell your purchase history because there's no buyer pipeline to sell it through. We don't read your email because the agent doesn't need to. It needs the 0.1% that's purchase confirmations.
Privacy is easiest to maintain when the architecture wouldn't let you violate it even if you wanted to. That's what we built.
Erdun
Co-founder
Most major retailers and airlines refund you when prices drop after purchase, but only if you ask. ClaimIt does the asking, automatically, across 26 platforms.
Most major retailers will refund you when prices drop after you buy. Almost nobody collects. Here's why, and why we think that's about to change.
A monolithic agent looked great in demos and failed in production. Here's how we got to a four-agent pipeline that actually ships claims.