MailMind AI
Legal

Privacy Policy

Last updated: June 30, 2026

MailMind AI (“we”, “our”, or “us”) is committed to protecting your privacy. This policy explains what information we collect, how we use it, and the choices you have. By using MailMind AI, you agree to the practices described here.

1. Information We Collect

  • Account data: When you register, we collect your name, email address, and password (stored as a secure hash via Supabase Auth).
  • Gmail access: When you connect your Gmail account, we request permission only to send emails on your behalf (scope: gmail.send). We do not read, store, or index your inbox or any existing emails.
  • Client data: Names, email addresses, company names, and phone numbers you add to your client list are stored in our database and used solely to fulfil your email-sending requests.
  • Usage data: We collect basic request logs (timestamps, endpoints, error codes) for debugging and security purposes. No message content is logged.

2. How We Use Your Information

  • To authenticate you and maintain your session.
  • To send emails from your Gmail account on your behalf when you instruct us to.
  • To deliver scheduled emails at the times you choose.
  • To generate PDF activity reports you request.
  • To send you transactional emails (OTP codes, password resets) via our support mailer.
  • We do not sell, rent, or share your personal data with third parties for advertising or marketing.

3. Gmail Data & Google API Services

  • MailMind AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
  • We request only the https://www.googleapis.com/auth/gmail.send scope — the minimum permission needed to send emails on your behalf.
  • We do not use your Gmail data to serve advertisements.
  • We do not allow humans to read your Gmail data unless you explicitly share it with us for support purposes.
  • Your Gmail OAuth tokens are encrypted at rest using AES-256-GCM and stored only in our secure database. They are never written to logs or shared with any third party.
  • You can revoke Gmail access at any time from your account settings or from your Google Account at myaccount.google.com/permissions.

4. Data Storage & Security

  • All data is stored on Supabase (PostgreSQL), hosted on AWS infrastructure with encryption at rest and in transit (TLS 1.2+).
  • Gmail OAuth tokens are additionally encrypted at the application layer with AES-256-GCM before being written to the database.
  • Passwords are never stored in plaintext — Supabase Auth handles hashing using bcrypt.
  • Access to production data is restricted to authorised personnel only.

5. Data Retention

  • Your account and client data are retained for as long as your account is active.
  • Sent email records are retained for 30 days and then automatically deleted.
  • If you delete your account, all associated data (clients, emails, Gmail tokens) is permanently deleted within 7 days.

6. Third-Party Services

  • Supabase — database, authentication, and storage (supabase.com/privacy).
  • Google Gmail API — used only to send emails on your behalf.
  • OpenRouter / Google Gemini — AI model API used to generate email drafts. Only the email type, tone, and your instructions are sent — no client PII is included in AI prompts.
  • Vercel — application hosting (vercel.com/legal/privacy-policy).

7. Cookies & Local Storage

  • We use browser localStorage to store your theme preference, sidebar state, and agent chat sessions. No tracking cookies are used.
  • Supabase Auth uses a secure HTTP-only cookie for your session token.

8. Your Rights

  • You may request a copy of all personal data we hold about you.
  • You may request correction or deletion of your data at any time.
  • You may revoke Gmail access without deleting your account.
  • To exercise these rights, email us at mailmindspt@gmail.com.

9. Children's Privacy

  • MailMind AI is not directed at children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

  • We may update this policy from time to time. When we do, we will update the 'Last updated' date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

  • If you have questions about this Privacy Policy or how we handle your data, please contact us at mailmindspt@gmail.com.

Questions about your data or this policy?

Contact Us

Home · About · Contact