Privacy Policy

MailMind (“we”, “our”, “us”) is operated by MailMind Technologies. We are the data controller for the personal data we collect about you. You can contact us about privacy matters at privacy@mailmind.app.

We collect the following categories of personal data:

• Account data: your name, email address, and hashed password when you register.
• Email metadata: sender, recipient, subject, and timestamps of emails in your connected inbox. We do not permanently store email bodies.
• Task data: AI-extracted tasks derived from your emails, including due dates and priority scores.
• Usage data: pages visited, features used, and timestamps — collected via server logs.
• Device data: browser type, OS version, and device identifiers used for push notification delivery.
• Billing data: subscription plan. Payment card details are processed by Stripe and never stored on our servers.

We process your data under the following legal bases (GDPR Art. 6):

• Contract performance (Art. 6(1)(b)): to provide the MailMind service you signed up for.
• Legitimate interest (Art. 6(1)(f)): to improve our service, prevent fraud, and ensure security.
• Consent (Art. 6(1)(a)): for marketing communications and push notifications (you may withdraw at any time).
• Legal obligation (Art. 6(1)(c)): to comply with applicable laws and regulations.

We retain your account and task data for as long as your account is active. If you delete your account, all personal data is permanently erased within 30 days, except where retention is required by law (e.g., billing records for 7 years in some jurisdictions). Email metadata processed for task extraction is deleted immediately after processing.

If you are in the European Economic Area or UK, you have the following rights:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate data.
• Erasure (“right to be forgotten”): request deletion of your data. Submit a request at privacy@mailmind.app.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interest.
• Restriction: ask us to restrict processing in certain circumstances.
• Withdraw consent: where processing is consent-based, you can withdraw at any time without affecting prior processing.

To exercise any of these rights, email us at privacy@mailmind.app. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

We share your data with the following trusted third-party processors:

For transfers to processors in the USA, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism.

We use only strictly necessary cookies (session tokens). We do not use advertising or analytics cookies. No third-party tracking scripts are loaded on our pages.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed with bcrypt. OAuth tokens are encrypted before storage. We conduct regular security audits and follow OWASP guidelines.

MailMind is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us immediately at privacy@mailmind.app.

We may update this policy periodically. We will notify you by email and update the “Last updated” date above. Continued use of MailMind after changes constitutes acceptance of the revised policy.