Privacy Policy

1. Scope

This Privacy Policy applies to MailMind ("we", "our", "the Service"), accessible at mailmind-zeta.vercel.app. By using the Service you agree to the practices described here.

2. What we collect

Account & authentication

• Your email address from your connected Gmail or Outlook account.
• OAuth refresh and access tokens, encrypted at rest, used solely to read and send mail on your behalf.
• Basic profile fields you fill in (name, role, company, preferred tone, signature).

Mailbox metadata & summaries

• Per-message metadata: sender, subject, timestamp, labels.
• AI-generated summaries, priority, intent, tone and suggested actions.
• Drafts you create and replies you send through MailMind.

We do not store the full body of your emails permanently. Message bodies are fetched on demand to generate summaries or drafts and discarded after processing, except for short-lived caching.

Usage data

• Subscription plan, daily credit usage, automation runs.
• Operational logs (IP, timestamps, error traces) for security and reliability.

3. How we use your data

• To triage, summarize and prioritize your inbox using AI.
• To draft and (with your approval or auto-send rule) deliver replies.
• To detect events and follow-ups across your messages.
• To enforce plan limits, billing and abuse prevention.
• To improve product reliability through aggregated, non-identifying telemetry.

We do not sell your data, use email content to train third-party models, or share it for advertising.

4. Third-party services

• Google Gmail API / Microsoft Graph — to read and send mail you have explicitly authorized.
• Azure OpenAI — to generate summaries, drafts and answers. Prompts are processed under Microsoft's data protection terms and are not used to train public models.
• Azure Cosmos DB & Azure Functions — secure storage and compute for your account data and summaries.
• Paddle — billing and subscription management. Payment details are handled by Paddle and never reach MailMind servers.
• Vercel — frontend hosting.

MailMind's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data retention

• Summaries and metadata are retained for 30 days by default, then automatically deleted.
• Profile data and subscription records are retained while your account is active.
• When you disconnect a mailbox or delete your account, related tokens and summaries are removed within 7 days.

6. Security

We use industry-standard practices: TLS in transit, AES-256 at rest, isolated tenant databases, signed JWTs, and least-privilege access for our team. No system is 100% secure — please use a strong password on your mailbox provider and revoke MailMind access if you suspect any compromise.

7. Your rights

You can at any time:

• Access and update your profile through Settings.
• Export or delete your mailbox summaries (contact support).
• Revoke MailMind's access from your Google / Microsoft account.
• Request full account deletion via our contact page.

Residents of the EEA, UK, and California have additional rights under GDPR/CCPA — including the right to data portability, restriction of processing and lodging a complaint with a supervisory authority.

8. Children

MailMind is not directed to children under 16. We do not knowingly collect data from minors.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or via email at least 7 days before they take effect.

10. Contact

Questions about privacy? Email privacy@mailmind.app or use our contact form.