🧠 MailEinstein Privacy Policy

Last Updated: November 22, 2024

1. Introduction

MailEinstein ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and related services.

2. Information We Collect

2.1 Information You Provide

• Email Address: We collect your email address when you sign in with Google OAuth for authentication purposes.
• Email Content: We process email prompts and context you provide to generate AI-powered email responses. This data is sent to our AI service (OpenAI) for processing but is not stored permanently.
• Payment Information: When you upgrade to Pro, payment details are securely processed by Stripe. We do not store your credit card information.

2.2 Automatically Collected Information

• Usage Data: We track the number of emails generated per month to enforce free tier limits (5 emails/month) and for analytics.
• Authentication Tokens: We store JWT tokens locally in your browser to maintain your login session.
• User Preferences: Your settings (language, tone, length preferences) are stored locally in your browser.
• Subscription Status: We track whether you're on Free, Pro, or other tier for billing and access control.

3. How We Use Your Information

We use the collected information for:

• Service Delivery: To authenticate users, generate AI-powered email content, and provide the core functionality of MailEinstein.
• Usage Tracking: To enforce free tier limits and monitor service usage.
• Billing: To process subscription payments and manage upgrades/downgrades.
• Communication: To send important service updates, subscription confirmations, and support responses.
• Improvement: To analyze usage patterns and improve our service (aggregated, non-personal data only).
• Legal Compliance: To comply with applicable laws and regulations.

4. How We Share Your Information

We do not sell your personal information. We share data only with:

4.1 Service Providers

• OpenAI: Email prompts are sent to OpenAI's API for AI generation. OpenAI's data usage is governed by their privacy policy.
• Stripe: Payment processing for Pro subscriptions. Stripe's data handling is governed by their privacy policy.
• Supabase: Database hosting for user accounts and usage data.
• Railway: Server hosting for our backend API.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority.

5. Data Retention

• Account Data: Retained while your account is active and for 90 days after deletion request.
• Usage Data: Aggregate usage statistics retained indefinitely for analytics.
• Email Content: Not stored. Email prompts are processed in real-time and not saved to our database.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).

6. Data Security

We implement industry-standard security measures:

• All data transmission uses HTTPS encryption
• Passwords are hashed using bcrypt
• API keys and secrets are stored securely in environment variables
• Database access is restricted and monitored
• Regular security updates and vulnerability assessments

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and associated data
• Export: Request a machine-readable copy of your data (data portability)
• Objection: Object to certain processing of your data
• Withdrawal: Withdraw consent for data processing at any time

To exercise these rights, contact us at the email below.

8. Children's Privacy

MailEinstein is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Cookies and Tracking

MailEinstein uses local storage (not cookies) to store authentication tokens and user preferences. This data remains on your device and is not tracked across websites.

11. Third-Party Links

Our service may contain links to third-party websites (e.g., Stripe payment pages). We are not responsible for the privacy practices of these external sites.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or through the extension. Continued use after changes constitutes acceptance of the updated policy.

13. GDPR Compliance (EEA Users)

For users in the European Economic Area:

• Legal Basis: We process data based on consent, contract fulfillment, and legitimate interests
• Data Controller: MailEinstein is the data controller
• Rights: You have additional rights under GDPR including data portability and the right to lodge a complaint with supervisory authorities

14. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information (we do not sell data)
• Right to access personal information
• Right to deletion
• Right to non-discrimination for exercising CCPA rights

© 2024 MailEinstein. All rights reserved.