Privacy and Security

Your privacy and security are our top priorities. Here's how we protect your data:

What We Store

✅ We DO Store:

Account information: Email, display name, password (encrypted)
Usage metadata: Generation count, timestamps, subscription status
Anonymized analytics: Usage patterns (no personal data)
Payment information: Stored securely by Stripe (we never see your card details)

❌ We DO NOT Store:

Full email content: Your generated emails are not permanently stored
Email recipients: We don't know who you're emailing
Previous email threads: Pasted context is used only for generation, then discarded
Credit card details: Handled entirely by Stripe

How Your Data is Used

During Generation

1. You submit a prompt 2. It's sent securely to OpenAI's API 3. AI generates the email 4. Email is displayed to you 5. Content is discarded (not permanently stored)

What We Keep

That you generated an email (timestamp)
How many generations you've used
Your subscription status

Why? For billing accuracy and usage limits only.

Data Security

Encryption

In transit: All data encrypted with TLS/SSL (HTTPS)
At rest: Database encrypted at rest
Passwords: Hashed and salted (we can't see your password)

Infrastructure

Hosting: Firebase (Google Cloud Platform)
Payments: Stripe (PCI-compliant)
API calls: OpenAI (SOC 2 compliant)

All vendors are industry leaders in security.

Third-Party Services

We share minimal data with:

OpenAI (AI Generation)

What we send: Your prompt and context
What they do: Generate the email
What they keep: Subject to OpenAI's privacy policy
Your control: See OpenAI's data usage policies

Stripe (Payments)

What we send: Email, subscription plan
What they do: Process payments securely
What they keep: Payment details (we never see card numbers)

Mixpanel (Analytics)

What we send: Anonymized usage events
What they do: Aggregate usage analytics
What they don't get: Email content, personal identifiable info

Your Privacy Rights

Access Your Data

Request a copy of all data we have about you:

Contact support
We'll send your data within 7 days

Delete Your Data

Delete your account and all associated data: 1. Go to Settings → Account → Delete Account 2. Confirm deletion 3. All data is permanently deleted within 30 days

Export Your Data

Currently, we don't store your full email content, so there's minimal data to export. You can request:

Account information
Usage statistics
Subscription history

GDPR Compliance

We comply with GDPR for all users (not just EU):

Right to access your data
Right to delete your data
Right to data portability
Right to be forgotten

Session Security

Login Sessions

Sessions expire after 30 days of inactivity
You can manually log out anytime
Password resets invalidate all active sessions

Password Requirements

Minimum 8 characters
No specific complexity requirements (but strong passwords recommended)
Reset available anytime via email

Email Security

Account Emails

We send transactional emails only:

Email verification
Password resets
Subscription confirmations
Monthly invoices

We never:

Sell your email to third parties
Send marketing emails without permission
Share your email with partners

Unsubscribe

You can't unsubscribe from:

Email verification (required for account security)
Password resets (user-initiated)
Billing notifications (required for subscription management)

You can unsubscribe from:

Product updates
Feature announcements
Marketing emails

Reporting Security Issues

Found a security vulnerability?

Please report responsibly: 1. Contact us immediately 2. Use subject line: "Security Issue" 3. Include details of the vulnerability 4. We'll respond within 24 hours

Do not:

Publicly disclose before we've fixed it
Test the vulnerability on production systems
Access other users' data

Questions About Privacy?

Read our full Privacy Policy
Review our Terms of Service
Contact support with specific questions