Privacy Policy

AI in Mail ("we," "us," or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at https://workspace-amber-seven.vercel.app . Please read this policy carefully. If you disagree with its terms, please discontinue use of our service.

We collect information you provide directly to us: Account Information: When you create an account, we collect your name, email address, and phone number. Email Account Credentials: We collect OAuth access tokens (not passwords) for the Gmail and/or Outlook accounts you connect via Microsoft Graph API or Gmail API. These tokens are encrypted at rest using AES-256-GCM and can be revoked by you at any time through your Google or Microsoft account settings. Email Content: We access and process email content (including message text, sender information, recipients, subject lines, and attachments) to provide our core service — AI-generated summaries, reply drafts, and briefings. Email content is processed in real time and is not permanently stored beyond a 48-hour session window. Usage Data: We collect information about how you use our service, including commands sent, features used, and interaction patterns, to improve our AI models and service quality. Communication Data: If you contact us for support, we collect the content of your communications.

We use the information we collect to: - Provide, maintain, and improve our AI email management service - Generate email summaries, briefings, and reply drafts on your behalf - Send notifications and briefings to your configured messaging channels (WhatsApp, Telegram) - Process your commands and queries - Detect and prevent fraud, abuse, and security incidents - Comply with legal obligations - Communicate with you about product updates, support, and account matters We do not use your email content to train AI models beyond improving your personal experience. We do not sell your personal information to third parties.

We may share your information in the following limited circumstances: Service Providers: We use third-party AI processing APIs (including but not limited to OpenAI and Anthropic) and Supabase for data storage. These providers process data under data processing agreements that prohibit them from using your data for training purposes. Messaging Platforms: Email summaries and briefings are delivered to your connected messaging apps (WhatsApp Business API, Telegram Bot API) per your configuration. Legal Requirements: We may disclose your information if required by law, court order, or governmental authority. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy. We do not share, sell, or rent your personal information to third parties for their marketing purposes.

We use Supabase as our primary data storage provider. Your account data, subscription information, and connected account metadata are stored in Supabase-managed databases hosted on secure cloud infrastructure. OAuth tokens obtained via Microsoft Graph API (for Outlook) and Gmail API (for Google) are encrypted using AES-256-GCM before being stored. Encryption keys are managed separately from the data. Email content processed for summaries and drafts is not persisted to the database beyond a 48-hour session window.

Email Content: Processed email content (summaries and drafts) is retained for up to 48 hours to support conversation context in your messaging apps. Full email content is not stored beyond this window. Account Data: Account information is retained for as long as your account is active. You may delete your account at any time, which will trigger deletion of all associated personal data within 30 days. Usage Logs: Anonymized usage logs may be retained for up to 12 months for service improvement and security purposes.

We implement industry-standard security measures including: - TLS/HTTPS encryption for all data in transit - AES-256-GCM encryption for OAuth tokens and sensitive data at rest - Supabase row-level security policies for data access control - OAuth 2.0 authentication via Microsoft Graph API and Gmail API — we never store your email passwords - Regular security reviews and access controls with the principle of least privilege Despite these measures, no security system is impenetrable. We encourage you to use strong passwords and to notify us immediately if you suspect any unauthorized access to your account.

Depending on your location, you may have the following rights regarding your personal data: - Access: Request a copy of the personal data we hold about you - Correction: Request correction of inaccurate data - Deletion: Request deletion of your personal data - Portability: Request a machine-readable export of your data - Restriction: Request restriction of processing in certain circumstances - Objection: Object to certain types of processing To exercise any of these rights, or to request complete deletion of your data, contact us via WhatsApp at +91 9373111709 or by email at privacy@aiinmail.com. We will respond and complete deletion requests within 30 days. EU/UK Residents: We comply with GDPR and UK GDPR. Our lawful basis for processing is primarily contract performance (providing the service you requested) and legitimate interests. California Residents: We comply with CCPA. You have the right to know what personal information we collect, to delete it, and to opt out of its sale (we do not sell personal information).

We use essential cookies to maintain your session and authentication. We use analytics cookies to understand how our service is used; you may opt out of analytics cookies via our cookie preference center. We do not use advertising cookies or share cookie data with advertising networks.

Our service integrates with third-party platforms including: - Google (Gmail API): Subject to Google's Privacy Policy - Microsoft (Microsoft Graph API): Subject to Microsoft's Privacy Policy - Supabase: Subject to Supabase's Privacy Policy - WhatsApp Business API: Subject to Meta's Privacy Policy - Telegram Bot API: Subject to Telegram's Privacy Policy We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

Our service is not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by sending a message to your configured WhatsApp or Telegram channel and by posting a notice on our service. Your continued use of the service after changes take effect constitutes your acceptance of the revised policy.

For privacy-related questions, requests, or concerns: WhatsApp: +91 9373111709 Email: privacy@aiinmail.com Website: https://workspace-amber-seven.vercel.app We aim to respond within 48 hours on business days.