EmailyBack to Home

Privacy Policy

Last Updated: February 2025

Our Privacy Commitment

What we do

  • Process emails to perform requested actions
  • Store only metadata, embeddings and summaries
  • Automatically delete content after processing
  • Delete everything when you disconnect

What we don't do

  • Store raw email content long-term
  • Store attachments
  • Train AI models on your data
  • Sell or share data with advertisers

Contents

1. Important Information and Who We Are

Our Role: Data Processor

Emaily is a Data Processor. When you connect your email account to Emaily, you (or your organization) remain the data controller of your emails. We process your email data solely to provide the services you've requested.

RoleWhat it means
Data ControllerYou or your organization
Data ProcessorEmaily

Contact Details

For any questions about this privacy policy or to exercise your data rights, please contact us at privacy@emaily.click

2. The Data We Collect

What We Store

Data TypeStored?Purpose
Account DataYesEmail address, name, preferences
MetadataYesSender, subject, timestamps
EmbeddingsYesVector representations for search (not reversible)
AI SummariesYesBrief summaries of email content
LabelsYesClassifications applied to emails

What We Do NOT Store

  • Raw Email Body — Processed in memory, then discarded
  • Email Attachments — Never accessed or stored
  • AI Training Data — Your data is never used to train AI models

Temporary Processing

When processing your emails, we temporarily cache email content for a short period (24-72 hours maximum) to perform the requested actions. This cache is automatically purged after processing.

3. How We Use Your Data

We use your data for the following purposes:

  • Provide email categorization
  • Generate email summaries
  • Enable semantic search
  • Create draft replies
  • Improve service reliability

We Do NOT

  • Sell your personal data
  • Use your email content to train AI models
  • Share your data with advertisers
  • Access your emails for any purpose other than providing the service

4. Data Shared with AI Providers

To provide categorization, summarization, and draft reply features, we use third-party AI providers:

  • Anthropic (Claude)
  • OpenAI (GPT)
  • Google (Gemini)

AI Provider Commitments

  • Use data only for our service — contractually required
  • Not train models on your data — contractually required
  • Not store data beyond processing — zero data retention agreements
  • Maintain enterprise security — SOC 2 compliant providers

5. International Data Transfers

Your data may be processed in:

  • United States (AWS infrastructure)
  • European Union (if you select EU region)
  • Australia (if you select AU region)

For transfers outside the EEA, we ensure protection through Standard Contractual Clauses (SCCs), Data Processing Agreements with all providers and EU-US Data Privacy Framework compliance where applicable.

6. Data Security

We implement security measures including:

  • 🔒Encryption in Transit — TLS 1.2+ on all connections
  • 🔒Encryption at Rest — AES-256 for stored data
  • 🔒Access Control — Role-based access, principle of least privilege
  • 🔒Token Security — OAuth tokens encrypted in database

Incident Response

In the event of a data breach affecting your personal data, we will notify affected users within 72 hours and notify relevant supervisory authorities as required by law.

7. Data Retention

Data TypeRetention Period
Account dataUntil you delete your account
Metadata & embeddingsUntil you disconnect or delete
Temporary email cache24-72 hours maximum
Audit logs90 days

When You Disconnect or Delete

When you disconnect your email provider or delete your account, all your data is permanently deleted. This includes embeddings, summaries, and metadata. This happens automatically upon disconnection, no manual request required.

8. Your Legal Rights

Under GDPR and similar laws, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your data
  • Restriction — Request limited processing of your data
  • Portability — Request transfer of your data
  • Objection — Object to processing based on legitimate interest
  • Withdraw Consent — Withdraw consent at any time

How to Exercise Your Rights

  1. Self-Service: Disconnect your account in Settings, all data is automatically deleted
  2. Email Us: Contact privacy@emaily.click for any data requests
  3. Response Time: We respond to all requests within 30 days

Questions?

For questions about this privacy policy or your data, contact us at:

privacy@emaily.click