Privacy Policy

1.1 Information You Directly Provide

• Account Information: Email address, name, billing information, and subscription details
• Communication Content: Email messages, queries, instructions, and attachments you send to our Service
• Support Communications: Information provided when contacting customer support

1.2 Third-Party Service Data

When you authorize integrations with third-party services, we may collect:

Other Integrations: Similar data from other calendar, productivity, or communication services you connect

1.3 Automatically Collected Information

• Usage Data: Feature usage, query patterns, response interactions, session duration
• Technical Data: IP addresses, browser type, device identifiers, operating system
• Performance Data: Response times, error rates, system performance metrics
• Communication Metadata: Message timestamps, sizes, delivery status (not content)

1.4 Information from Third Parties

• AI Model Responses: Content generated by third-party AI services in response to your queries
• Payment Information: Billing data from payment processors (we do not store full payment credentials)

2.1 Service Provision

• AI Response Generation: Processing queries through integrated AI models to provide intelligent responses
• Calendar Management: Creating, modifying, and managing calendar events based on your instructions
• Service Optimization: Improving AI accuracy, response quality, and system performance
• Feature Development: Developing new features and capabilities based on usage patterns

2.2 Specific Google Calendar Usage

We use Google Calendar data solely to:

• Create calendar events when you request appointment scheduling via our AI agent
• Check availability to prevent scheduling conflicts
• Modify existing events when you request changes
• Send calendar invitations to specified attendees
• Synchronize appointments with your Google Calendar
• Provide scheduling suggestions based on availability

2.3 Business Operations

• Account Management: Managing subscriptions, billing, and customer support
• Security: Detecting fraud, preventing abuse, and maintaining system security
• Legal Compliance: Meeting regulatory requirements and legal obligations
• Communication: Sending service updates, security alerts, and account notifications

2.4 Analytics and Improvement

• Aggregated Analytics: Creating anonymized usage statistics for service improvement
• Performance Monitoring: Tracking system performance and reliability metrics
• Research: Conducting research to enhance AI capabilities (using anonymized data only)

3.1 Data Storage

• Infrastructure: Industry-standard cloud infrastructure with enterprise-grade security
• Geographic Location: Primary storage in United States with encrypted backups
• Access Controls: Role-based access with multi-factor authentication for authorized personnel
• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit

3.2 Data Retention Periods

• Email Communications: Automatically deleted after 30 days (configurable by user up to 90 days)
• Calendar Data: Accessed in real-time only; not permanently stored beyond active session cache
• Account Information: Retained during active subscription plus 12 months post-termination
• Usage Analytics: Anonymized data retained for up to 24 months for service improvement
• Legal Hold: Data retained longer only when required by law or legal proceedings

3.3 Security Measures

• Data Sanitization: Automated removal of sensitive information before AI processing
• Regular Audits: Quarterly security assessments and penetration testing
• Incident Response: Documented procedures for security incident management
• Employee Training: Regular security and privacy training for all personnel

4.1 Third-Party AI Providers

We share sanitized and anonymized query data with AI model providers (OpenAI, Anthropic, Google, X Corp) to generate responses. Personal identifiers, sensitive information, and calendar details are removed or anonymized before sharing.

4.2 Service Providers

We may share limited information with vetted service providers for:

• Cloud hosting and infrastructure services
• Payment processing (payment processors receive only necessary transaction data)
• Customer support platforms
• Security monitoring services
• Analytics services (anonymized data only)

All service providers are bound by strict confidentiality agreements and data processing terms.

4.3 Legal Disclosures

We may disclose information when we have a good faith belief that disclosure is necessary to:

• Comply with valid legal process (subpoenas, court orders)
• Enforce our Terms of Service
• Protect the rights, property, or safety of EmailMates LLC, our users, or the public
• Respond to emergency situations involving potential threats to physical safety

4.4 Business Transactions

In the event of a merger, acquisition, bankruptcy, or sale of assets, user information may be transferred. Users will be notified via email and provided options regarding their data.

4.5 Explicit Consent

We may share information in other circumstances with your explicit consent.

5.1 Access and Portability Rights

• Data Access: Request a copy of your personal information in machine-readable format
• Data Portability: Export your data for use with other services
• Account Dashboard: Access real-time information about your data and privacy settings

5.2 Correction and Deletion Rights

• Data Correction: Update or correct inaccurate personal information
• Data Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Service Disconnection: Revoke third-party service permissions (e.g., Google Calendar access)

5.3 Control and Preference Settings

• Communication Preferences: Opt-out of non-essential communications
• Data Retention Controls: Customize message retention periods within available options
• AI Agent Permissions: Configure specific permissions and response parameters
• Integration Management: Enable/disable third-party service connections

5.4 Rights Requests Process

Submit privacy rights requests to privacy@emailmates.com. We will respond within 30 days and verify your identity before processing requests.

6.1 Industry-Specific Compliance Framework

We are committed to meeting industry-specific regulatory requirements and are actively working toward achieving relevant certifications:

• Healthcare (HIPAA): We are implementing HIPAA-compliant data handling practices and will offer Business Associate Agreements for covered entities upon completion of our compliance program
• Financial Services (GLBA): Enhanced privacy protections for financial institution users are being developed in accordance with Gramm-Leach-Bliley Act requirements
• Government: We are working toward FedRAMP and other government compliance standards to support public sector users

6.2 International Privacy Laws

We are committed to compliance with applicable international privacy regulations:

• GDPR (EU): We are implementing systems and processes to ensure full compliance with European data protection requirements, including comprehensive data subject rights
• CCPA (California): California Consumer Privacy Act protections are being integrated into our platform for eligible users
• Other Jurisdictions: We continuously monitor and adapt our practices to comply with applicable privacy laws in regions where we operate

6.3 Security Certifications and Standards

We are actively pursuing industry-standard certifications and implementing robust security frameworks:

• SOC 2 Type II: We are working toward annual certification for security, availability, and confidentiality controls
• ISO 27001: Information security management system certification is planned as part of our comprehensive security program
• Data Transfer Safeguards: We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses and adequacy decisions where applicable

6.4 Ongoing Compliance Efforts

Our commitment to compliance includes:

• Regular assessment of regulatory requirements and industry best practices
• Continuous improvement of our security and privacy programs
• Proactive engagement with regulatory developments
• Transparent communication regarding our compliance status and timelines

7.1 Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect personal information from minors. If we discover we have collected information from a minor, we will delete it promptly.

7.2 Sensitive Information

We implement enhanced protections for sensitive categories of information including health data, financial information, and government identifiers. Additional safeguards may apply based on your industry or use case.

7.3 Cross-Border Transfers

When information is transferred internationally, we implement appropriate safeguards including Standard Contractual Clauses, adequacy decisions, or other approved mechanisms.

9.1 Privacy Contacts

• General Privacy Questions: privacy@emailmates.com
• Privacy Rights Requests: privacy@emailmates.com

9.2 EU Representative (if applicable)

[EU Representative Name and Address if you process EU personal data]

Response Time: We respond to privacy inquiries within 72 hours and complete rights requests within 30 days.