Back to Home

Privacy Policy

Last Updated: October 22, 2025

1. Introduction

At SynthMail, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered voice assistant service.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password
  • Profile Data: Preferred name, time zone, notification preferences
  • Payment Information: Processed securely through third-party payment processors (we do not store credit card numbers)

2.2 Email Data

When you connect your email account (Gmail or Outlook), we collect:

  • Email headers (sender, subject, date, recipients)
  • Email body content for summarization
  • Attachments metadata (not file contents)
  • Labels, folders, and categorization

Important: We only access emails you explicitly grant permission to read. Email tokens are encrypted using AES-256 encryption.

2.3 Usage Data

  • Voice commands and interactions
  • Tasks created and completed
  • Calendar events scheduled
  • Reminders set and triggered
  • Productivity Insights data (activity tracking, usage patterns)
  • Feature usage patterns and engagement metrics
  • Device information (browser, OS, IP address)

3. How We Use Your Information

We use collected data to:

  • Provide Core Services: Summarize emails, extract tasks, schedule events, set reminders, and generate productivity insights
  • AI Processing: Train and improve our AI models (anonymized data only)
  • Personalization: Tailor voice responses and recommendations based on your usage patterns
  • Productivity Insights: Generate dashboards showing your activity, progress, and assistant usage over time
  • Communication: Send service updates, daily digests, notifications, and reminders
  • Analytics: Understand usage patterns and improve features
  • Security & Fair Use: Detect fraud, abuse, excessive usage, and unauthorized access

4. Data Storage & Security

Where We Store Data:

  • Primary database: Supabase (PostgreSQL) hosted in secure data centers
  • AI processing: OpenAI API (ephemeral processing, not stored)
  • File storage: Encrypted cloud storage (EU region)

Security Measures:

  • AES-256 encryption for email tokens and sensitive data
  • TLS/SSL encryption for data in transit
  • Regular security audits and penetration testing
  • Access controls and authentication (OAuth 2.0)
  • Automated backups with encryption

5. Third-Party Services (Subprocessors)

We share data with the following trusted partners:

  • OpenAI: AI summarization and natural language processing
  • Supabase: Database and authentication services
  • Google/Microsoft: Email API access (Gmail, Outlook)
  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • Vercel: Hosting and deployment

All subprocessors are GDPR-compliant and bound by data processing agreements.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and all associated data
  • Portability: Export your data in a machine-readable format
  • Restrict Processing: Limit how we use your data
  • Object: Opt-out of certain data processing
  • Withdraw Consent: Revoke email access permissions

To exercise these rights, contact privacy@synthmail.ai.

7. Data Retention

We retain your data for as long as your account is active, plus:

  • Email Summaries: 90 days (configurable in settings)
  • Tasks & Calendar: Until manually deleted
  • Reminders: Until manually deleted or completed
  • Productivity Insights: 12 months of historical data
  • Voice Logs: 30 days (for debugging and improvement)
  • Account Data: 30 days after account deletion

8. Cookies & Tracking

We use minimal cookies for:

  • Authentication (session cookies)
  • Preferences (theme, language)
  • Privacy-first analytics (no tracking across sites)

See our Cookies Policy for details.

9. Children's Privacy

SynthMail is not intended for users under 18. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the EU. We ensure adequate safeguards through Standard Contractual Clauses (SCCs) and GDPR-compliant agreements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or to exercise your rights:
Email: privacy@synthmail.ai
Data Protection Officer: dpo@synthmail.ai