Terms of Service

These Terms of Service govern your use of Heshbomail, an email receipt scanning service hosted at https://battleshipsonline.net/heshbo/ and operated from Israel. By using Heshbomail, you agree to these terms. If you do not agree, do not use the service.

1. What Heshbomail Does

Heshbomail connects to an email mailbox that you authorize, including Gmail through Google OAuth using the read-only Gmail REST API, manual Gmail app-password IMAP, Microsoft, Yahoo, or custom IMAP where available. The service scans selected date ranges for receipts, invoices, bills, statements, refunds, failed-payment notices, and related payment records. It extracts structured fields such as vendor, amount, currency, date, payment method, tax/VAT, category, status, and confidence score, then presents results for review, filtering, editing, recurring-payment detection, and export.

2. Eligibility and Authorization

• You must be at least 18 years old to use Heshbomail.
• You may connect only email accounts that you own or are authorized to access.
• You are responsible for keeping your email account, OAuth account, devices, and browser sessions secure.
• You may revoke Heshbomail's access at any time by disconnecting in the app or revoking access in your email provider account settings.

3. Read-Only App Behavior

For Google OAuth Gmail connections, Heshbomail requests https://www.googleapis.com/auth/gmail.readonly and uses Gmail REST API read operations for the user-facing receipt features. Heshbomail does not request Gmail's broader full-mail scope for Google OAuth Gmail access. The service reads, lists, and fetches mailbox data needed for receipt scanning, preview, download, and export, but does not send, delete, move, archive, label, mark, modify, or otherwise change emails on your behalf.

4. External Documents and Attachments

Heshbomail may fetch PDF or HTML attachments and may fetch limited HTTPS document links found directly inside receipt-like emails. For Gmail REST scans, receipt attachment content may be stored encrypted up to the configured per-attachment size limit so preview, download, and export can work without refetching Gmail. These actions are used to extract receipt or payment details and to support preview, download, and export features. External document hosts receive a server request for the URL contained in the email, but Heshbomail does not send mailbox credentials or OAuth tokens to those hosts.

5. Optional AI Verification

AI verification is optional and disabled unless both the server feature flag and your account setting enable it. When enabled, selected low- or medium-confidence receipt candidates may be sent to OpenAI/Codex for classification. Sent data may include subject, sender, extracted receipt fields, short body excerpts, and short linked-document excerpts. AI verification is used only to classify receipt validity inside Heshbomail, not for advertising or marketing. AI results may mark records as verified, needing review, or rejected/hidden.

6. Privacy and Google Limited Use

Your data is handled as described in our Privacy Policy. Heshbomail's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. Data Accuracy and Professional Use

Receipt detection uses software rules, document parsing, heuristics, and optional AI review. Results may contain incorrect amounts, dates, vendors, tax values, categories, payment methods, false positives, or missed receipts. You are responsible for reviewing and verifying all extracted data before using it for accounting, taxes, reimbursement, legal, or financial decisions. Heshbomail is an organizational tool and is not accounting, tax, legal, investment, or financial advice.

8. Exports and Email Delivery

You may export receipt data in supported formats such as CSV, XLSX, PDF, JSON, and ZIP/PDF attachment bundles. If you ask Heshbomail to email an export, the export is sent to the connected account email address through the server's email delivery infrastructure. You are responsible for protecting exported files after download or delivery.

9. Retention, Deletion, and Disconnect

• Sessions expire according to the configured session lifetime shown in the app.
• Disconnecting removes the current session and removes OAuth/IMAP secrets when no active sibling session still needs them.
• For Google OAuth sessions, Heshbomail attempts best-effort OAuth revocation on disconnect.
• Receipt and scan history may remain after disconnect so it is available on your next login, unless you delete scans or request full deletion.
• You can request full server-side data deletion by emailing stone.gaming@gamil.com. Deletion requests are handled within 30 days unless limited retention is required for legal, security, or abuse-prevention reasons.

10. Prohibited Use

• Do not connect mailboxes you do not own or lack authorization to access.
• Do not use Heshbomail to violate privacy, intellectual property, financial, consumer-protection, export-control, or other laws.
• Do not attempt to bypass rate limits, access controls, authentication, or security measures.
• Do not upload, submit, or route malicious files, scripts, or links through the service.
• Do not interfere with the service or attempt to extract secrets, tokens, source code, or other users' data.

11. Availability and Changes

Heshbomail is provided as an evolving service. Features may change, be limited, or be discontinued. The service may be unavailable during maintenance, outages, provider failures, rate limits, or security events. We may update these terms from time to time. Material changes will be reflected by the "Last updated" date and, where appropriate, notice in the app.

12. Warranties and Limitation of Liability

Heshbomail is provided "as is" and "as available" without warranties of any kind, to the maximum extent permitted by law. We do not guarantee that extracted data will be complete, accurate, accepted by tax authorities, suitable for bookkeeping, or available without interruption. To the maximum extent permitted by law, we are not liable for indirect, incidental, special, consequential, exemplary, or punitive damages, loss of profits, loss of data, business interruption, inaccurate extraction, missed receipts, provider outages, or unauthorized access caused by your failure to secure your accounts or devices.

13. Governing Law

These terms are governed by the laws of the State of Israel, without regard to conflict-of-law rules. Subject to applicable law, disputes will be resolved in the competent courts of Tel Aviv-Jaffa, Israel.

14. Contact

Questions about these terms, privacy, security, or deletion requests: stone.gaming@gamil.com