Privacy Policy

SmartMail (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered email management service, including our website and applications.

This Privacy Policy applies to all users of SmartMail services, including our web application, APIs, and any related services. It covers information collected when you create an account, connect email accounts, use our AI features, or interact with our service in any way.

By using SmartMail, you agree to the collection and use of information in accordance with this policy.

Information You Provide Directly

• Account information (name, email address)
• Authentication credentials via OAuth (Gmail, Outlook)
• Communication preferences and settings
• Support inquiries and feedback

Information Collected Automatically

• Device information (browser type, operating system)
• IP address and approximate location
• Usage data (features accessed, timestamps)
• Performance and error logs

Information from Third Parties

• Email content and metadata from connected accounts (Gmail, Outlook)
• Calendar data when calendar integration is enabled
• Profile information from OAuth providers

We use the information we collect to:

• Provide AI-powered email analysis, summaries, and suggested replies
• Categorize and organize your inbox
• Authenticate and secure your account
• Improve and optimize our services
• Respond to support requests
• Send service-related communications
• Comply with legal obligations

We do not sell your personal information. We may share data in the following circumstances:

• Service Providers: With third-party services that help us operate our service (AI processing, cloud hosting)
• Legal Requirements: When required by law, legal process, or government request
• Protection: To protect the rights, property, or safety of SmartMail, our users, or others
• Consent: With your explicit consent for specific purposes

We process your personal data as described in this Policy based on your consent, which you provide by accepting this Policy and using our Service. You may withdraw consent at any time by deleting your account.

We may also process your data when necessary to fulfill our contractual obligations to you, comply with legal requirements, or pursue our legitimate business interests while respecting your privacy rights.

We work with trusted third-party services to provide our functionality. These providers only have access to information necessary to perform their services and are obligated to protect your data.

• Google (Gmail API, Gemini AI): Email access and AI-powered analysis
• Microsoft (Graph API): Outlook email access
• Cloud Infrastructure: Secure data storage and processing

Each provider maintains their own privacy policy governing their services.

We implement industry-standard safeguards to protect your information:

• OAuth tokens encrypted using AES-128 with HMAC-SHA256
• All data transmitted over HTTPS/TLS encryption
• Secure cloud infrastructure with access controls
• Safeguards to protect sensitive information during AI processing
• Regular security assessments and monitoring

No method of transmission over the Internet is 100% secure. While we strive to protect your data using commercially reasonable measures, we cannot guarantee absolute security. If we discover a security breach, we will notify affected users promptly.

We retain your information based on the following criteria:

• Account Data: Retained while your account is active
• Email Cache: Temporarily retained for performance optimization
• Usage Logs: Retained for up to 90 days for service improvement
• Deleted Accounts: Data removed within 30 days of account deletion

Some data may be retained longer when required for legal compliance, dispute resolution, or enforcement of our agreements.

Depending on your location, you may have the following rights:

• Access your personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your account and associated data
• Disconnect email accounts at any time
• Export your data in a portable format
• Object to or restrict certain processing activities
• Withdraw consent where processing is based on consent

California Residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt-out of any sale of personal information. We do not sell your data.

European Residents (GDPR): You have rights to access, rectification, erasure, data portability, and to lodge a complaint with your local supervisory authority.

To exercise any of these rights, please contact us at the email provided below.

SmartMail uses artificial intelligence to enhance your email experience. Here's how AI processing works:

• Email content is analyzed by Google Gemini AI to generate summaries and suggestions
• We do not use your personal email content to train AI models
• AI-generated responses are based solely on your email context
• You can disable AI features at any time in your settings

Automated processing helps categorize emails, detect priority, and suggest responses. You always have final control over any actions taken on your emails.

We collect anonymized usage data to understand how our service is used and to improve the user experience. This includes:

• Feature usage patterns
• Performance metrics
• Error tracking for debugging

Analytics data is aggregated and does not identify individual users. We do not use advertising-based analytics services.

We use essential cookies for:

• User authentication and session management
• Security and fraud prevention
• Remembering your preferences

We do not use advertising cookies, tracking pixels, or sell data to advertisers. Essential cookies are necessary for the service to function and cannot be disabled.

When you make a payment, your payment information is processed directly by our payment processor. We do not store or have access to your full credit card number or payment details.

Our payment processors are PCI-DSS compliant and maintain their own security and privacy practices.

Our service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We encourage you to review the privacy policy of every site you visit.

SmartMail is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes:

• The updated policy will be posted on this page
• The “Last updated” date will be revised
• For material changes, we will notify you via email or prominent notice in the service

Your continued use of SmartMail after any changes indicates your acceptance of the updated Privacy Policy.