Privacy Policy

Last updated: December 7, 2025

🔒 Google User Data Protection

MailMind's use of information received from Gmail APIs will adhere toGoogle API Services User Data Policy, including the Limited Use requirements. Your Gmail data is never sold, used for advertising, or shared without your consent.

1. Introduction

MailMind ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered email management service.

2. Information We Collect

2.1 Information You Provide

  • Google Account Information: When you sign in, we receive basic profile information (name, email address, profile picture) from Google OAuth
  • Gmail Data: We access your Gmail emails, including content, metadata, labels, and attachments to provide our services

2.2 Information Automatically Collected

  • Usage Data: Information about how you interact with our service
  • Log Data: IP address, browser type, operating system, and timestamps
  • Session Data: Temporary authentication tokens for service functionality

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To display, organize, and manage your emails
  • AI Summarization: To generate intelligent summaries of your email content
  • Search Functionality: To enable smart search across your email data
  • Analytics: To provide email statistics and insights about your usage patterns
  • Service Improvement: To enhance and optimize our service performance
  • Authentication: To verify your identity and maintain secure sessions

4. Google User Data Usage

4.1 Gmail API Scope and Purpose

MailMind requests access to your Gmail data through the following Google API scopes:

  • gmail.readonly: To read your email messages and metadata for display and search
  • gmail.modify: To mark emails as read/unread, archive, delete, and organize
  • gmail.send: To send emails and replies on your behalf
  • userinfo.email & userinfo.profile: For authentication and account identification

4.2 Limited Use Compliance

MailMind's use of information received from Gmail APIs adheres toGoogle API Services User Data Policy, including the Limited Use requirements:

  • Gmail data is only used to provide or improve MailMind's email management features
  • Data is not transferred to others unless doing so is necessary for security purposes, legal compliance, or with your explicit consent
  • Data is not used or transferred for serving ads, including retargeting or personalized advertising
  • Data is not used or transferred to determine creditworthiness or for lending purposes

4.3 Data Processing Activities

We process your Gmail data exclusively for the following legitimate purposes:

  • Email Display: Rendering your emails in our interface
  • AI Summarization: Generating intelligent summaries using Groq's LLM API
  • Search Functionality: Enabling fast search across your email content
  • Email Management: Organizing, archiving, and managing your emails
  • Sending Emails: Composing and sending emails through your Gmail account
  • Analytics: Providing usage statistics (aggregated, non-identifiable)

5. Data Sharing and Third Parties

5.1 AI Processing

We use Groq's AI services to provide email summarization. When you request an email summary:

  • Email content is sent securely to Groq's API for processing
  • Groq processes the data temporarily to generate summaries
  • No email content is stored permanently by Groq
  • All communication is encrypted in transit
  • Groq's use of data complies with our Limited Use requirements

5.2 Google Services

We integrate with Google services for authentication and Gmail access. Your data is subject to Google's privacy policies when processed through their services. We do not share your Gmail data with Google beyond what is necessary for the API functionality.

5.3 No Sale or Unauthorized Transfer of Data

We do not sell, rent, trade, or transfer your personal information or Gmail data to third parties for marketing, advertising, or commercial purposes. Any data sharing is strictly limited to:

  • Service providers necessary for MailMind functionality (e.g., Groq for AI processing)
  • Legal compliance or law enforcement when required
  • Security purposes to protect user safety
  • With your explicit consent

6. Data Storage and Security

6.1 Data Storage

  • Gmail Content: Not stored permanently on our servers - accessed in real-time through Gmail API
  • Temporary Cache: Brief client-side caching for performance (2-minute TTL, then automatically deleted)
  • Session Data: Stored temporarily for authentication purposes only
  • Analytics Data: Aggregated, non-identifiable usage statistics only
  • No Persistent Storage: We do not maintain permanent copies of your email content

6.2 Security Measures

  • Encryption: All data transmission is encrypted using HTTPS/TLS 1.3
  • OAuth 2.0: Secure authentication through Google's OAuth system with refresh tokens
  • Access Controls: Limited access to user data on a need-to-know basis
  • Regular Updates: Security patches and dependency updates applied promptly
  • No Storage: Email content is never stored on our servers, reducing security risks

7. Your Rights and Choices

6.1 Access Control: You can revoke MailMind's access to your Gmail account at any time through your Google Account settings.

6.2 Data Deletion: When you revoke access, all cached data is automatically purged from our systems.

6.3 Communication Preferences: You can opt out of non-essential communications at any time.

6.4 Account Deletion: You can request complete account deletion by contacting us.

7. Data Retention

7.1 Email Content: We do not retain your email content beyond the active session.

7.2 Cache Data: Temporary cache data is automatically deleted after 2 minutes.

7.3 Session Data: Authentication sessions expire and are cleared regularly.

7.4 Log Data: Server logs are retained for security and debugging purposes for up to 30 days.

8. Children's Privacy

MailMind is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

9. International Data Transfers

Our service may involve data processing in different countries. We ensure that all international data transfers comply with applicable data protection laws and are secured through appropriate safeguards.

10. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

11. Compliance

MailMind is committed to compliance with applicable privacy laws, including:

  • GDPR: General Data Protection Regulation (EU)
  • CCPA: California Consumer Privacy Act (US)
  • Google API Policies: Google API Services User Data Policy

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

We will respond to your privacy-related inquiries within 30 days of receipt.