Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes how Brax Media ("Brax", "we", "our") collects, uses, stores, and protects information when authorized YouTube creators connect their Gmail accounts to the Brax Gmail Bridge application ("the App").The Brax Gmail Bridge is a private internal tool used by Brax Media to manage brand-deal communications on behalf of YouTube creators we represent. Creators grant access voluntarily through Google's OAuth flow as part of their working relationship with Brax. The App is not offered to the general public.1. Who we are
Brax Media is a YouTube creator brand-deal agency owned and operated by Samer Brax. We represent a roster of YouTube creators in their sponsorship and brand-partnership negotiations.
- Operator: Samer Brax
- Contact email: [email protected]
- Website: https://samerbrax.com2. What information we access
When a creator authorizes the Brax Gmail Bridge through Google's OAuth consent flow, the App requests the following Gmail API scopes:
- gmail.readonly: Read messages, threads, labels, and metadata
- gmail.modify: Manage labels, mark messages read/unread, archive
- gmail.compose: Create draft emails (drafts only, the App does NOT have permission to send)
- gmail.settings.basic: Read and create Gmail filters and forwarding rulesThe App does NOT request gmail.send. The App cannot send email on a creator's behalf; only drafts are created, which the creator (or an authorized Brax operator) must review and send manually from Gmail.The App may access:
- Email message content (subject, body, headers, attachments) within the connected inbox
- Thread structure and labels
- Draft emails created by the App
- Gmail filters and forwarding rules within the connected inboxThe App does NOT access:
- Other Google services (Drive, Calendar, Photos, Contacts, etc.)
- Email content in any inbox the creator has not explicitly connected
- Information about other Google accounts owned by the creator3. How we use this information
The App is used solely for legitimate Brax Media business operations on behalf of the creator, including:
- Reading inbound brand inquiries and sponsorship offers
- Drafting reply emails for the creator's review
- Organizing emails with labels for deal tracking
- Surfacing actionable threads in Brax's internal morning briefing process
- Coordinating creator brand partnerships internally with the creator's authorized representativesEmail content is NOT used for any of the following:
- Training machine-learning models
- Sale, rent, or trade to any third party
- Targeted advertising
- Determining creditworthiness or insurance
- Any purpose unrelated to managing the creator's brand-deal pipeline4. How we store and protect information
- OAuth refresh tokens are stored on a private encrypted volume hosted on Railway (railway.com), accessible only to Brax operators authenticated via OAuth 2.1 + PKCE.
- Email message content is NOT permanently stored by the App. The App reads messages on demand via the Gmail API. Transient data may be processed in-memory during a session.
- Drafts the App creates are stored in the creator's own Gmail account, not on Brax infrastructure.
- All access to the App is gated by OAuth tokens; no shared passwords are used.5. Who has access
Access to a connected inbox is limited to authorized Brax Media operators. Each authorized operator authenticates separately and is identified by a unique user label persisted to the access record. Currently authorized operators:
- Samer Brax (founder)
- Vijay Poriya (deal operations)The list of operators is maintained internally and may change over time. Creators may request the current operator list at any time by emailing [email protected].6. Data retention
- OAuth refresh tokens are retained until the creator revokes access or until Brax explicitly removes the token.
- Drafts created by the App persist in the creator's own Gmail until the creator deletes or sends them.
- Logs of API operations may be retained on Railway's standard log infrastructure for up to 30 days for debugging purposes.7. How creators revoke access
Creators may revoke the App's access at any time:
1. Visit https://myaccount.google.com/permissions
2. Locate "Brax Gmail Bridge" in the list of third-party apps
3. Click "Remove access"This immediately invalidates the App's refresh token. Alternatively, email [email protected] and we will revoke our copy of your token within 24 hours during business days.8. Compliance with Google API Services User Data Policy
The Brax Gmail Bridge's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.Reference: https://developers.google.com/terms/api-services-user-data-policySpecifically:
- We use access to Gmail data only to provide and improve user-facing features visible to and serving the user
- We do not transfer Gmail data to others unless necessary to provide and improve user-facing features
- We do not use Gmail data for advertising
- We do not allow humans to read Gmail data, except: (i) with the user's affirmative agreement for specific messages, (ii) for security purposes, (iii) to comply with applicable law, or (iv) when the data has been aggregated and anonymized9. Children
The App is not intended for use by children under 13. We do not knowingly collect information from children.10. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email to [email protected] or by updating this page with a new "Last updated" date.11. Contact
Questions, requests, or concerns:
[email protected]
Samer Brax / Brax Media