PreCommitKnow before you commit
DemoWhySalesContactAPI
Privacy Notice

Privacy Notice

Product: PreCommit

Provider/company: Saimaat Ltd
Company number: SC892341
Contact: admin@precommit.ai
Last updated: 10 June 2026

PreCommit checks business communication before action, evidence, or commitment. The Gmail Add-on checks the current open Gmail message only. Nothing is sent automatically. No draft is created automatically. No mailbox-wide scan runs in the background.

Summary

Plain-language overview

PreCommit is the governed consequence-control layer before business communication becomes action, evidence, or commitment.

Gmail is an adapter, not the product boundary. The Gmail Add-on is limited to the current open Gmail message, with no auto-send, no auto-draft, and no mailbox scan.

MDiamond shows company readiness, access, and pilot control status. Blue Whale records bounded customer truth and value evidence such as access changes, first checks, risks detected, and blocked unsafe actions.

Who we are

Operator identity

PreCommit is provided by Saimaat Ltd.

PreCommit remains the product name. Saimaat Ltd is the company that provides it and operates the public service routes described in this notice.

Data categories

What data PreCommit may process

Depending on the route you use, PreCommit may process account and profile data such as your email address, display name, company relationship, and access state.

For company and admin control, PreCommit may process company name, primary domain, company admin identity, pilot user list, access approvals, suspensions, revocations, Gmail readiness, and pilot-readiness state shown in MDiamond.

For Gmail Add-on use, PreCommit may process the current open message content and metadata needed to review that selected message, including sender, subject, recipients, reply-to information, thread/message identifiers, and the plain-text body excerpt sent for the check.

For pairing and security, PreCommit may process pairing IDs, viewer email, approved user identity, revocable Gmail add-on token metadata, connection status, expiry, revocation, and fail-closed account checks.

PreCommit also records bounded usage and value events such as checks completed, first check completed, risks detected, unsafe actions blocked, safe replies used, Gmail connected, and access changes. Technical logs may include request identifiers, error information, health signals, and security/fail-closed events. If external research is enabled, bounded research metadata and citations may also be processed.

Google user data

How the Gmail Add-on uses Google data

Gmail add-on execution

Apps Script needs Gmail add-on execution permission so the PreCommit add-on can run inside Gmail when the user opens it or checks the current message.

Current Gmail message context

The Gmail Add-on reads the current open Gmail message so PreCommit can review that selected message before you act. It does not scan the mailbox.

Google account email

PreCommit uses the signed-in Gmail account email to pair the add-on with the correct PreCommit user and to stop mismatched-account use.

External request permission

Apps Script needs permission to call PreCommit so the Gmail Add-on can request a governed check and receive the result.

Locale and timezone context

Apps Script needs locale permission so the add-on can understand Gmail locale and timezone context when Google renders the add-on experience.

Current-message only. No mailbox scan. No send, no draft, and no Gmail modify permission.

The Gmail Add-on currently requests these scopes:

  • https://www.googleapis.com/auth/gmail.addons.execute
  • https://www.googleapis.com/auth/gmail.addons.current.message.action
  • https://www.googleapis.com/auth/gmail.addons.current.message.readonly
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/script.external_request
  • https://www.googleapis.com/auth/script.locale

We do not request broad Gmail scopes such as gmail.readonly, gmail.compose, gmail.modify, or gmail.send.

Google user data is used only to provide the PreCommit check and related security, pairing, access-control, and account functions for the selected user and company.

PreCommit's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell Google user data, use it for advertising, or use it to train unrelated or general-purpose models.

Purpose

Why data is used

  • to provide governed message review before a business action is taken
  • to identify the correct user, company, and access state
  • to pair the Gmail Add-on with the correct PreCommit account
  • to show MDiamond readiness, access, and pilot state
  • to record bounded Blue Whale truth and value evidence
  • to maintain security, access control, and fail-closed behavior
  • to improve product quality from bounded operational signals rather than hidden raw-content learning
Lawful basis

UK-facing legal basis

Depending on the context, we process data because it is necessary to provide the service you or your company asked us to provide, because of legitimate interests in running and securing the service, and, where relevant, because a user or company admin has taken a voluntary action such as pairing Gmail or requesting access.

We do not rely on hidden background surveillance. The product is designed around explicit user or company actions and fail-closed checks.

Sharing

Processors and third parties

  • Google Workspace and Gmail, to run the Gmail Add-on and connect it to the user's Google account.
  • Hosting, database, and infrastructure providers we use to run PreCommit and keep the service available.
  • OpenAI, when PreCommit is configured to use OpenAI for bounded analysis.
  • Perplexity, only when external research is explicitly enabled for bounded public-claim checking.
  • Transactional email or SMTP providers, when sign-in or service email delivery is enabled.

We do not sell personal data. We do not use Google user data for advertising or third-party resale.

Retention

How long data is kept

We keep data only for as long as needed for access control, audit, security, support, and product operation.

The product is configured with minimal retention defaults. By default, the product is configured not to store raw message bodies and raw document text as retained product records, while bounded review results, access records, value events, and security events may be retained where needed to operate the service and preserve an accountable audit trail.

External research raw output is off by default. Retention may vary by route, pilot agreement, incident response, or legal need.

Security

Security and fail-closed design

We use access controls, company/user approval state, revocable Gmail add-on tokens, pairing checks, and fail-closed behavior when access, provider, or company-readiness conditions are not met.

PreCommit does not request broad Gmail mailbox scopes and does not send, draft, or modify Gmail content on the user's behalf.

Suspended or revoked users are blocked from PreCommit and Gmail review paths until access is restored through the proper company or operator route.

Your rights

User and company rights

  • ask for access to personal data we hold about you
  • ask us to correct inaccurate data
  • ask us to delete data where applicable
  • ask us to restrict or object to some processing where applicable
  • ask for portability where applicable
  • complain to the UK Information Commissioner's Office if you believe your data rights have been handled incorrectly

To exercise these rights, contact admin@precommit.ai. If you are in the UK, you also have the right to complain to the Information Commissioner's Office.

Children and changes

Business use only

PreCommit is intended for business use and is not directed to children.

We may update this notice as the product, routes, or legal requirements change. When we do, we will update the date at the top of this page.

Read Terms of ServiceContact PreCommit