Hello everyone,
I’m from France and I’m currently exploring automation scenarios with Gmail and AI (LLMs) inside Make.
I often see examples and tutorials using Gmail or Google Calendar in Make workflows, including automations where emails are analyzed or drafted by AI.
Before proposing this kind of solution to small business clients, I’d like to better understand the GDPR implications, especially regarding personal data contained in emails.
-
Is it allowed to send email text to an AI model (like OpenAI, Mistral, etc.)?
-
What are the best practices to stay GDPR compliant when using Google services (Gmail, Calendar) in Make?
-
Are there official guidelines or safe examples for this kind of automation?
I would really appreciate your advice or feedback based on your experience. 
Thanks a lot,
Angélique
Bonjour @Angelique_Le_Bec,
Welcome to the community! This is a very important question that many of our customers are grappling with as well.
Here’s something interesting: Google services themselves are not GDPR conform. The choice of AI provider also matters significantly. OpenAI and Anthropic are US-based and route data through US servers, which means you’re transferring data outside the EEA. Mistral is French, which seems safer, but they also use third-party services that might move data outside the EEA anyway.
The key question becomes: have your clients agreed that you, as their data processor, can use these third-party AI services? This needs to be clearly stated in your terms of service. You’ll also need proper data processing agreements with your clients and should document which sub-processors you’re using.
I am not aware of guidelines or ‘safe’ examples. The best approach is to be completely transparent with your clients about which services you’ll use, where their data will be processed, and what security measures are in place. Consider anonymizing data where possible, and always get explicit consent for AI processing.
Cordialement,
Henk
Dear Henk,
Thank you so much for your detailed response and these invaluable insights. Your feedback is especially timely, as these questions are at the heart of my current reflections—GDPR compliance is an absolute priority in my business philosophy.
For your information, I currently use Make (European version) as my automation tool and Mistral as my LLM. Since my project is still in the development phase and not yet on the market, your message reinforces my commitment to addressing these aspects from the very beginning.
Your emphasis on transparency and explicit consent particularly resonates with my values. I will ensure that my terms of service and data processing agreements clearly outline the use of these services, as well as the security measures in place. Data anonymization, whenever possible, will be systematically prioritized.
I will delve deeper into these issues to guarantee full compliance and build a lasting relationship of trust with my future clients. Thank you again for your time and for sharing your experience—it is truly helping me move forward with confidence.
Best regards,
Angélique LE BEC
Hi @Angelique_Le_Bec,
Thank you for your reply. You can set this or my previous message as ‘answer’, so that the post will be resolved.
Kind regards,
Henk
1 Like