Privacy Policy

Last Updated: December 31, 2025

1. Introduction

Welcome to MailWise ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email analytics and AI-powered email assistant service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and profile details
• Payment Information: Processed securely through Stripe (we do not store credit card details)
• Communication Data: Messages you send through our support channels

2.2 Information from Gmail API

• Email Content: Subject lines, sender/recipient information, email body text, and timestamps
• Email Metadata: Labels, categories, read/unread status
• Drafts: Email drafts you create or we generate using AI

2.3 Automatically Collected Information

• Usage Data: Features used, time spent, interaction patterns
• Device Information: Browser type, operating system, IP address
• Cookies: Session management and analytics cookies

3. How We Use Your Information

We use the collected information to:

• Provide email analytics and AI-powered summarization
• Generate contextual email responses and drafts
• Identify action items and calendar events from emails
• Process payments and manage subscriptions
• Improve our services and develop new features
• Send service updates and notifications
• Monitor and prevent security threats
• Comply with legal obligations

4. Gmail API Data Usage

MailWise's use of information received from Gmail APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Disclosure

• We only access Gmail data that you explicitly authorize
• Your email data is used solely for providing our email analytics and AI assistant features
• We do not use Gmail data for advertising purposes
• We do not sell or share your Gmail data with third parties (except as required for service operation)
• We only retain email data necessary for service functionality

5. Data Processing and AI

We use third-party AI services (OpenAI/Anthropic) to:

• Summarize email content
• Extract action items and calendar events
• Generate contextual email responses

Email content sent to AI providers is processed according to their privacy policies. We use enterprise API agreements that prohibit training AI models on your data.

6. Data Sharing and Disclosure

We share your information only in these circumstances:

• Service Providers: Supabase (database), Stripe (payments), OpenAI/Anthropic (AI processing), SendGrid (email delivery), Sentry (error monitoring)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with mergers or acquisitions
• With Your Consent: When you explicitly authorize sharing

7. Data Security

We implement industry-standard security measures:

• TLS/SSL encryption for data in transit
• Encryption at rest for stored data
• Secure authentication via Supabase Auth
• OAuth 2.0 for Gmail API access
• Regular security audits and monitoring
• Rate limiting and DDoS protection

8. Data Retention

• Email Data: Retained while your account is active and for 30 days after deletion
• Account Data: Retained until you request deletion
• Usage Logs: Retained for 90 days
• Backup Data: Permanently deleted within 90 days of account closure

9. Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Update inaccurate information
• Deletion: Request account and data deletion
• Revoke Access: Disconnect Gmail integration at any time
• Export: Download your data in a portable format
• Opt-out: Unsubscribe from marketing communications

10. Children's Privacy

MailWise is not intended for users under 18 years of age. We do not knowingly collect data from children.

11. International Data Transfers

MailWise is operated by SJR Tech Services Ltd, registered in the United Kingdom. Your data may be transferred to and processed in countries other than your own. Here's exactly where your data goes:

Our Infrastructure Partners:

• Supabase (Database): Your encrypted email metadata is stored in Supabase's secure cloud infrastructure (AWS servers in US/EU regions). All data is encrypted at rest using AES-256.
• Google Cloud (Gmail API): We use Google's OAuth 2.0 to securely connect to your Gmail. Google processes authentication in their global data centers.
• Firebase (Frontend Hosting): Our web application is hosted on Google Firebase (US-based servers).
• Render (Backend API): Our API servers run on Render's infrastructure (US-based).
• OpenAI (AI Processing): Email categorization and summaries are processed using OpenAI's GPT models (US-based). Only anonymized snippets are sent for processing - never your full email content. OpenAI does not use API data to train their models.

Safeguards We Have in Place:

• End-to-End Encryption: Your email content is encrypted with AES-256 before leaving your browser. We cannot read your emails.
• GDPR Compliance: All our infrastructure partners comply with GDPR and maintain Standard Contractual Clauses (SCCs) for EU data transfers.
• SOC 2 Certified Partners: Supabase, Google Cloud, and Firebase maintain SOC 2 Type II certifications.
• Data Minimization: We only transfer the minimum data necessary to provide our service.
• Your Rights: You can request data deletion at any time, and we will remove your data from all systems within 30 days.

For EU/UK Users: Data transfers to the US are conducted under the EU-US Data Privacy Framework and UK Extension. You have the right to lodge a complaint with your local data protection authority if you believe your data is being mishandled.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

• Email: shailaja.natarajan@sjrtchsrv.tech

14. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Data portability
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

15. California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Opt-out of the sale of personal information
• Access and delete personal information
• Non-discrimination for exercising privacy rights