Torga

Privacy Policy

Last updated: 17 July 2026

What Torga is

Torga is an AI workstation for email, tasks, and calendar, run either locally on your own machine or hosted online at torga.co.uk. This policy covers what happens to your data when you connect a Google account (Gmail and Calendar) to Torga, whichever way you're running it.

What Torga accesses

When you connect a Google account, Torga requests three Google API scopes, and nothing more:

  • gmail.readonly: read your Gmail messages, so they can be classified and summarized.
  • gmail.send: send a reply on your behalf, but only when you explicitly click Send on a drafted response. Torga never sends email without you reviewing and confirming it first.
  • calendar.readonly: read your Calendar events, so meetings show up in Torga's calendar view. Torga never creates or modifies Calendar events.

Why Torga accesses it

Every email you receive is classified by an AI model into a category (Action Required, Meeting/Scheduling, Discussion, Information/Bulletin, Notification, or Junk/Spam) with a separate urgency score. Action-required emails get a task and a drafted reply; related emails across different threads get grouped into an Initiative; meeting invites appear on your calendar. This classification and drafting is the core of what Torga does, so it isn't optional to the product, only to whether you choose to connect a Google account at all.

Where your data goes

Email and calendar data is stored in Torga's application database, on the server you're running (your own machine, if you're using the local/downloadable edition, or Torga's hosted server at torga.co.uk if you're using the hosted edition).

To classify and draft replies, message content is sent to whichever AI provider you've configured in Settings: either Anthropic's API, or an OpenAI-compatible endpoint you've pointed at (including a fully local/private model, in which case content never leaves your own machine or network at all). Torga doesn't use your email content to train any model, and doesn't share it with anyone beyond the AI provider you've explicitly configured.

Credentials (API keys, OAuth tokens, mailbox passwords) are encrypted at rest in the application database. This protects the data if the database file itself were ever exposed separately from the running server, for example a stray backup or a misconfigured permission, but it isn't a claim that it protects against someone who already has access to the live server itself, since the decryption key has to live somewhere the running app can read it. We'd rather state that plainly than overclaim it.

How long data is kept

Synced emails, tasks, and calendar data are kept for as long as your workspace exists. Disconnecting a Google account (see below) stops any further sync, but doesn't retroactively delete previously synced messages, tasks are still yours to delete individually. If you'd like your workspace and its data fully deleted, contact us using the email below.

How to revoke access

You can disconnect Torga from your Google account at any time, two ways:

Contact

Questions about this policy or your data: millerfreddie4@gmail.com.