MailSynth ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-driven email organization and daily-digest service (the "Service"). Please read this Privacy Policy carefully. By using the Service, you consent to the practices described herein.

This Privacy Policy should be read in conjunction with our Terms of Service. If you do not agree with any part of this Privacy Policy, please do not use the Service.

1. Information We Collect

We collect information in several ways depending on how you interact with our Service.

1.1 Account Information

When you sign up for MailSynth using Google OAuth, we collect:

  • Your Google account email address

  • Your name (as provided by your Google account)

  • Your Google profile picture (if available)

  • Authentication tokens necessary to access the Gmail API on your behalf

1.2 Email Data

To provide the Service, we access your Gmail account through the Gmail API. This includes:

  • Email metadata: sender, recipient, subject line, date/time, labels, and thread information

  • Email content: the body text of your emails, which we process to generate summaries and categorizations

  • Attachments: we do not access, download, or store email attachments

1.3 Usage Data

We automatically collect certain information when you use the Service:

  • IP address and approximate geographic location

  • Browser type and version

  • Device type and operating system

  • Pages visited and features used within the Service

  • Time and date of access

  • Referring URLs

1.4 Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication state

  • Remember your preferences and settings

  • Analyze usage patterns to improve the Service

  • You may disable cookies through your browser settings, but this may affect the functionality of the Service

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing the Service

  • Reading and analyzing your emails to generate daily digest summaries

  • Categorizing and organizing your inbox using AI-driven analysis

  • Delivering personalized email summaries and notifications to you

  • Maintaining and improving the accuracy of our AI models

2.2 Service Operations

  • Authenticating your identity and maintaining account security

  • Responding to your inquiries and support requests

  • Sending service-related communications (e.g., account notifications, security alerts)

  • Monitoring and analyzing usage patterns to improve and optimize the Service

2.3 Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes

  • Enforcing our Terms of Service and other agreements

  • Protecting our rights, privacy, safety, or property, and that of our users or others

3. How We Process Email Data

Given the sensitive nature of email data, we want to be transparent about exactly how we handle it.

3.1 AI Processing

Your email content is processed using Google's Gemini AI and our proprietary algorithms to generate summaries and categorizations. This processing occurs in real-time or near-real-time, and we do not retain the full text of your emails beyond what is strictly necessary to deliver the Service.

3.2 Data Minimization

We follow the principle of data minimization: we only access and process the email data necessary to provide the features you use. We do not access emails in folders you have not enabled for processing, and we do not access email attachments.

3.3 Temporary Caching

Generated summaries and categorizations may be temporarily cached for up to seven (7) days to improve performance and enable you to review recent digests. After this period, cached data is automatically deleted.

4. Sharing Your Information

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service:

  • Google Cloud Platform: for cloud infrastructure, data storage, and AI processing (Gemini)

  • Firebase: for authentication, database services, and application hosting

  • These providers are contractually obligated to protect your information and may only use it to provide services to us.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (e.g., subpoenas, court orders, government requests)

  • Requests from law enforcement or other government authorities

  • Situations where disclosure is necessary to protect our rights, your safety, or the safety of others

4.3 What We Never Do

We commit to the following absolute restrictions on data sharing:

  • We will never sell your personal information or email data to any third party for any purpose.

  • We will never rent, lease, or trade your data to data brokers, advertisers, or marketing companies.

  • We will never use your email content for advertising purposes or to build advertising profiles.

  • We will never share your email content with third parties except as strictly necessary to provide the Service (i.e., AI processing).

  • We will never allow humans to read your emails except where you have explicitly consented (e.g., for support purposes) or where required by law.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit using TLS/SSL

  • Encryption of data at rest using AES-256

  • Secure OAuth 2.0 authentication (we never see or store your Google password)

  • Regular security audits and vulnerability assessments

  • Access controls limiting employee access to user data

  • Infrastructure hosted on Google Cloud Platform with enterprise-grade security

5.2 Limitations

While we take reasonable precautions to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

6. Data Retention

6.1 Retention Periods

We retain different types of data for different periods:

  • Account information: retained for as long as your account is active

  • Authentication tokens: retained until you revoke access or your account is deleted

  • Cached summaries: up to seven (7) days

  • Usage logs: up to ninety (90) days

Aggregated analytics: indefinitely (this data is anonymized and cannot identify you)

6.2 Account Cancellation

When you cancel your account or revoke MailSynth's access to your Google account, we will delete all of your personal data and any cached email content within thirty (365) days—unless you request sooner. This includes your account information, authentication tokens, and any cached summaries. Anonymized, aggregated data that cannot be used to identify you may be retained.

6.3 Inactive Accounts

Accounts that remain inactive for twelve (12) consecutive months will be automatically deleted, along with all associated data. We will make reasonable efforts to notify you via email before deletion occurs.

7. Your Rights and Choices

7.1 General Rights

Regardless of your location, you have the following rights:

  • Access: request a copy of the personal information we hold about you

  • Correction: request that we correct inaccurate or incomplete information

  • Deletion: request that we delete your personal information

  • Revoke access: revoke MailSynth's access to your Google account at any time through your Google Account settings

  • Opt-out: opt out of non-essential communications

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: request disclosure of the categories and specific pieces of personal information we have collected

  • Right to Delete: request deletion of your personal information, subject to certain exceptions

  • Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights

  • No Sale of Personal Information: we do not sell your personal information as defined by the CCPA. We do not need to offer a "Do Not Sell My Personal Information" link because we never sell personal information.

7.3 European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: we process your data based on your consent (which you provide when you authorize MailSynth via Google OAuth) and our legitimate interest in providing and improving the Service

  • Right to Portability: request a copy of your data in a structured, machine-readable format

  • Right to Restrict Processing: request that we limit how we use your data

  • Right to Object: object to our processing of your data in certain circumstances

  • Right to Withdraw Consent: withdraw your consent at any time by revoking MailSynth's access

  • Right to Lodge a Complaint: lodge a complaint with your local data protection authority

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at support@mailsynth.com. We will respond to your request within thirty (30) days. We may need to verify your identity before processing your request.

8. Google API Services Compliance

MailSynth's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request access to the Gmail scopes necessary to provide our Service

  • We limit our use of data to providing and improving the Service

  • We do not use Gmail data for advertising purposes

  • We do not allow humans to read your emails except with your explicit consent or as required by law

  • We do not transfer data to third parties except as necessary to provide the Service, with your consent, or as required by law

9. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the content or privacy practices of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

The Service is not intended for individuals under the age of sixteen (16), or the age of majority in your jurisdiction if higher. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at support@mailsynth.com, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence. By using the Service, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will post the revised Privacy Policy on our website and update the "Effective Date" at the top. For significant changes, we will provide additional notice (such as via email or in-app notification). Your continued use of the Service after such changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at:

MailSynth Support

support@mailsynth.com

Buy template