Privacy Policy
Last Updated: December 4, 2025
1. Introduction
MailWise ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email management service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, name, profile information
- Gmail Authorization: OAuth tokens to access your Gmail account
2.2 Information Automatically Collected
- Email Metadata: Subject, sender, recipient, date, labels
- Email Content: Body text (first 5000 characters) for AI summarization
- Usage Data: Feature usage, login times, device information
3. How We Use Your Information
- Generate AI-powered email summaries
- Create and manage reminders and action items
- Categorize and prioritize emails
- Provide email search and filtering
- Improve our service and user experience
4. Data Security
🔒 Security Measures:
- Encryption: OAuth tokens encrypted using pgcrypto
- Row-Level Security: Database access restricted to your own data
- HTTPS/TLS: All data transmitted over encrypted connections
- Access Controls: Limited employee access to production data
- Regular Audits: Security reviews and penetration testing
5. Third-Party Services
5.1 Google Gmail API
We use Google's Gmail API to access your email. Google's privacy policy applies to their services:https://policies.google.com/privacy
5.2 OpenAI API
Email summaries are generated using OpenAI's GPT-3.5 API. OpenAI does not store or train on your data when using their API. Learn more:https://openai.com/enterprise-privacy
5.3 Supabase (Database)
Your data is stored on Supabase, a SOC 2 Type II certified platform. Supabase privacy policy:https://supabase.com/privacy
5.4 Stripe (Payment Processing)
All payment transactions are processed securely through Stripe. We do not store your complete credit card information. Stripe is PCI-DSS Level 1 certified. Learn more:https://stripe.com/privacy
6. Your Privacy Rights
You have the right to:
- Access: Request a copy of all your data
- Export: Download your data in JSON format
- Rectification: Correct inaccurate data
- Erasure: Delete your account and all associated data
- Revoke Access: Disconnect Gmail at any time
- Data Portability: Transfer your data to another service
To exercise these rights, go to Settings → Privacy & Data or contact us at shailaja.natarajan@sjrtchsrv.tech
7. Data Retention
We retain your data for as long as your account is active. When you delete your account:
- All emails, summaries, and reminders are permanently deleted within 30 days
- OAuth tokens are immediately revoked and deleted
- Backup copies are purged within 90 days
8. Children's Privacy
MailWise is not intended for users under 13 years of age. We do not knowingly collect data from children under 13.
9. International Data Transfers
MailWise is operated by SJR Tech Services Ltd, registered in the United Kingdom. Your data may be transferred to and processed in countries other than your own. Here's exactly where your data goes:
Our Infrastructure Partners:
- Supabase (Database) - Your encrypted email metadata is stored in Supabase's secure cloud infrastructure (AWS servers in US/EU regions). All data is encrypted at rest using AES-256.
- Google Cloud (Gmail API) - We use Google's OAuth 2.0 to securely connect to your Gmail. Google processes authentication in their global data centers.
- Firebase (Frontend Hosting) - Our web application is hosted on Google Firebase (US-based servers).
- Render (Backend API) - Our API servers run on Render's infrastructure (US-based).
- OpenAI (AI Processing) - Email categorization and summaries are processed using OpenAI's GPT models (US-based). Only anonymized snippets are sent for processing - never your full email content. OpenAI does not use API data to train their models.
Safeguards We Have in Place:
- End-to-End Encryption - Your email content is encrypted with AES-256 before leaving your browser. We cannot read your emails.
- GDPR Compliance - All our infrastructure partners comply with GDPR and maintain Standard Contractual Clauses (SCCs) for EU data transfers.
- SOC 2 Certified Partners - Supabase, Google Cloud, and Firebase maintain SOC 2 Type II certifications.
- Data Minimization - We only transfer the minimum data necessary to provide our service.
- Your Rights - You can request data deletion at any time, and we will remove your data from all systems within 30 days.
For EU/UK Users: Data transfers to the US are conducted under the EU-US Data Privacy Framework and UK Extension. You have the right to lodge a complaint with your local data protection authority if you believe your data is being mishandled.
10. Changes to Privacy Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the application.
11. Contact Us
For privacy-related questions or concerns:
Email: shailaja.natarajan@sjrtchsrv.tech
GDPR Compliance Statement
For users in the European Economic Area (EEA): MailWise complies with the General Data Protection Regulation (GDPR). Our lawful basis for processing your data is your consent, which you can withdraw at any time by deleting your account.
CCPA Compliance Statement
For California residents: You have the right to know what personal information we collect, the right to delete your information, and the right to opt-out of the sale of your information. We do not sell your personal information.