Privacy Policy
Last updated: July 13, 2026
1. Information We Collect
Account Information
When you create an account, we collect your email address and a password (stored securely as a hashed credential via Supabase Auth).
Email Provider Credentials
When you connect a Gmail account via OAuth, we receive and store an access token and refresh token from Google. These are used exclusively to send emails on your behalf and are stored encrypted. For Zoho Mail, you provide MCP URLs which we use to route messages.
Contact Data
You may upload contact lists containing email addresses, names, and other fields. This data is stored in our database and used only for your campaigns. You represent that you have obtained consent to email those contacts.
Usage Data
We collect email open events (via tracking pixels), click data, bounce notifications, and reply status to provide deliverability analytics. We also collect basic usage metrics such as API call frequency.
Cookies
We use essential cookies (localStorage) for authentication session management. No tracking cookies or third-party analytics cookies are used.
2. How We Use Your Information
- To operate and maintain the Service
- To send emails on your behalf through connected providers
- To track email delivery, opens, and replies
- To improve the Service and troubleshoot issues
- To communicate with you about your account
3. Data Sharing
We do not sell your personal data. We share data only with:
- Supabase — database hosting and authentication (see Supabase Privacy)
- Google — Gmail API access via OAuth (see Google Privacy)
- Vercel — hosting infrastructure (see Vercel Privacy)
4. Data Retention
We retain your data as long as your account is active. You may delete your account and associated data by contacting us. Email provider tokens persist until revoked or expired.
5. Data Security
We implement encryption in transit (TLS) and at rest. Access tokens are stored in the database and are accessible only to the authenticated user and the system for sending email.
6. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or port your data. Contact us at support@thinkandautomate.dev to exercise these rights.
7. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for their privacy practices.
8. Changes to This Policy
We may update this policy. Material changes will be notified via email or a notice on the Service.
9. Contact
For privacy-related inquiries: support@thinkandautomate.dev