Last Updated: December 6, 2024

Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, and protect your data.

1. Introduction

This privacy policy explains how Mailsmart collects and processes your personal data through your use of our website, our email automation services, or when you communicate with us. This policy applies whether you connect a Google email account (Gmail or Google Workspace) or Microsoft email account (Microsoft 365, Outlook.com, or Exchange).

2. Who We Are

Data Controller vs. Data Processor

When we act as Data Controller: For personal data about you as a registered user (your account information, authentication data, usage patterns), Mailsmart acts as the "data controller" under GDPR and similar data protection laws.

When we act as Data Processor: For personal data contained in your emails that you submit to Mailsmart (such as email content, sender/recipient information), we act as the "data processor" on your behalf. You (or your organization) are the data controller for this data.

Contact Details

Email: privacy@mailsmart.io

You have the right to make a complaint at any time to your local data protection authority. We would appreciate the chance to address your concerns before you approach a supervisory authority, so please contact us first.

3. Data We Collect

We collect and process the following types of personal data:

Identity Data

Name, username, or similar identifier

Contact Data

Email address from your connected Google or Microsoft email account

Authentication Data

Login credentials, OAuth tokens, and API access tokens for your connected email accounts

Email Account Data

Email content, metadata (sender, recipient, subject lines, timestamps, folders/labels), processed on your behalf to provide our services

Technical Data

IP address, browser type and version, time zone, operating system and platform

Usage Data

Information about how you use our website and services

4. What We Store and What We Don't

We Do NOT Store:

  • Full email content (body text)
  • Email subject lines (except for active features)
  • Email attachments

We DO Store:

  • Sender information for analytics
  • Email metadata for automation rules
  • Your custom rules and preferences

Email content is analyzed to provide our AI features but is not retained in our systems beyond what is necessary to deliver the requested service.

5. How We Use Your Data

We use your personal data only when the law allows us to. Most commonly, we will use your data:

  • To provide and maintain our Service
  • To process your email according to your automation rules
  • To generate AI-powered summaries and insights
  • To improve and personalize your experience
  • To communicate with you about your account
  • To comply with legal obligations

6. AI and Third-Party Services

To provide AI-powered features like email categorization, summarization, and draft generation, we use third-party AI services. Important points:

  • AI providers process data only to deliver the requested service
  • We require our AI providers to not train their models on your data
  • Data is not stored by AI providers beyond what's needed for abuse monitoring
  • We use industry-leading AI providers with strong security practices

7. Email Provider API Compliance

Google API Services

Mailsmart's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Microsoft Graph API

Mailsmart's use of information received from Microsoft Graph API adheres to Microsoft's data handling requirements and the Microsoft API Terms of Use.

We only use access to your email accounts to:

  • Read emails for AI processing and automation
  • Send emails on your behalf when you approve
  • Manage email organization (labels, folders, archive)
  • Access metadata for your automation rules

We do NOT:

  • Use your email data for advertising
  • Sell your email data to third parties
  • Store your email content permanently

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • AES-256 encryption for data at rest
  • TLS encryption for data in transit
  • Regular security audits and monitoring
  • Access controls and authentication
  • Incident response procedures

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we need to retain certain information for legal or legitimate business purposes.

10. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Request transfer of your data
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing

To exercise any of these rights, please contact us at privacy@mailsmart.io.

11. International Transfers

If you are located outside the United States, your personal data may be transferred to and processed in the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by relevant authorities.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@mailsmart.io

Thank you for trusting Mailsmart with your email management needs. We are committed to protecting your privacy and handling your data responsibly.