Privacy Notice

1.1 Personal Information

We collect the following personal information:

• •Account Information: Email address, name, profile picture (from Google OAuth)
• •Gmail Account Data: Connected Gmail account email address, account name, connection status
• •User Preferences: Timezone, notification settings, categorization preferences

1.2 Email Content and Metadata

When you connect your Gmail account, we process:

• •Email Headers: Sender, recipient, subject, date, message ID
• •Email Content: Full email body content for AI categorization
• •Email Metadata: Labels, categories, read/unread status, attachments metadata
• •Processing History: Email categorization results, matching patterns

1.3 Usage and Analytics Data

• •Service Usage: Login timestamps, feature usage patterns, API calls
• •Performance Data: Email processing statistics, categorization accuracy metrics
• •Technical Data: IP address, browser type, device information, error logs

1.4 Notification Channel Data

When you configure notification channels:

• •Channel Settings: Webhook URLs, bot tokens, channel identifiers
• •Notification History: Sent notification timestamps and status
• •Connection Status: Verification status and connection health

2.1 Service Provision

We process your data to:

• •Provide AI Email Categorization: Analyze email content using AI to categorize and route emails according to your rules
• •Manage Gmail Integration: Connect to and sync with your Gmail account via OAuth
• •Deliver Notifications: Send email alerts through your configured notification channels
• •Generate Analytics: Provide insights into your email patterns and categorization effectiveness

2.2 Legitimate Interests

We process data based on our legitimate interests for:

• •Service Improvement: Analyzing usage patterns to improve AI accuracy and user experience
• •Security: Monitoring for suspicious activities and preventing abuse
• •Performance Optimization: Ensuring system reliability and optimal performance

2.3 Legal Compliance

We process data to:

• •Comply with legal obligations and regulatory requirements
• •Respond to lawful requests from authorities
• •Protect our rights and interests in legal proceedings

3.1 GDPR Compliance

Our processing activities are based on the following lawful bases under GDPR:

• •Performance of Contract (Art. 6(1)(b)): Processing necessary to provide our email management services
• •Legitimate Interests (Art. 6(1)(f)): Processing for service improvement, security, and fraud prevention
• •Consent (Art. 6(1)(a)): Where you explicitly consent to additional processing activities
• •Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws

3.2 Special Category Data

Email content may include sensitive personal data (health information, political opinions, etc.). We process such data only when:

• •Necessary for the performance of our services
• •You have provided explicit consent
• •Required for compliance with employment or social security obligations

4.1 Google Services

We integrate with Google services for:

• •OAuth Authentication: Google OAuth 2.0 for secure Gmail account connection
• •Gmail API: Read-only access to your Gmail data via Google's official APIs
• •Data Residency: Your email data remains within Google's infrastructure

4.2 Notification Service Providers

We may share limited data with:

• •Telegram, Discord, Slack: For delivering notifications to your configured channels
• •Webhook Services: For sending data to your specified webhook endpoints
• •Cloud Infrastructure: AWS/Google Cloud for hosting and data processing

4.3 Data Processors

We use the following categories of data processors:

• •Cloud Hosting: For secure data storage and processing
• •Analytics Services: For usage analytics and performance monitoring
• •AI/ML Services: For email content analysis and categorization
• •Monitoring Services: For system reliability and error tracking

All data processors are bound by Data Processing Agreements ensuring GDPR compliance.

5.1 Data Transfer Mechanisms

• •EU-U.S. Data Transfers: We use Standard Contractual Clauses (SCCs) approved by the European Commission
• •Adequacy Decisions: Where applicable, we rely on adequacy decisions for transfers to approved countries
• •Data Residency: Primary data processing occurs in the European Union where possible

5.2 Google Services

Email data accessed through Gmail API remains subject to Google's data transfer mechanisms and compliance with EU data protection requirements.

6.1 Security Measures

We implement comprehensive security measures:

• •Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• •Access Controls: Role-based access control and multi-factor authentication
• •Regular Audits: Security assessments and penetration testing
• •ISO 27001 Compliance: Certified information security management system

6.2 Data Breach Response

In case of a data breach:

• •We will notify affected users within 72 hours as required by GDPR
• •We will inform relevant supervisory authorities
• •We will take immediate remedial actions to mitigate risks

7.1 Access and Control

You have the right to:

• •Access: Request copies of your personal data
• •Rectification: Correct inaccurate or incomplete data
• •Erasure: Request deletion of your data (subject to legal requirements)
• •Portability: Receive your data in a structured, machine-readable format
• •Restriction: Limit processing under certain circumstances
• •Objection: Object to processing based on legitimate interests

7.2 Automated Decisions

• •You have the right not to be subject to decisions based solely on automated processing
• •Our AI categorization may involve automated decision-making, but you retain full control over categorization rules
• •You can modify or disable AI processing at any time

8.1 Retention Periods

We retain data for the following periods:

• •Account Data: Duration of your account plus 3 years for legal compliance
• •Email Processing Data: 30 days for service provision, 1 year for analytics
• •Usage Logs: 90 days for debugging and security purposes
• •Legal Hold: Data may be retained longer if required for legal proceedings

8.2 Deletion Process

Upon account deletion:

• •All personal data is permanently deleted within 30 days
• •Data in backups is deleted within 6 months
• •Some anonymized analytics data may be retained for service improvement

9.1 Cookie Consent Management

We implement a comprehensive GDPR-compliant cookie consent system that:

• •Requires explicit consent for all non-essential cookies
• •Provides granular control over different cookie categories
• •Allows easy withdrawal of consent at any time
• •Stores consent preferences securely in your browser
• •Prevents loading of non-essential cookies until consent is given

9.2 Cookie Categories

9.3 Third-Party Services

• •MailerLite - Email marketing platform (always loaded for contact forms and waitlist functionality)
• •No Google Analytics - We do not use Google Analytics or similar tracking services
• •No social media tracking - No Facebook Pixel, LinkedIn tracking, or similar services

9.4 Cookie Management

• •Bottom banner appears on first visit with clear information about optional analytics
• •Settings button (🍪) always visible for easy consent management
• •Reset option available to withdraw consent at any time
• •Contact forms always accessible - Waitlist signup forms work regardless of cookie consent
• •Non-blocking design - Banner doesn't interfere with main content or contact forms
• •Essential functionality prioritized - Business-critical features remain available