Privacy Policy

Last updated: January 1, 2026

Effective Date: January 1, 2026

1. Introduction

UnclutterMail ("we", "our", "us", or "Service") is operated by Profectify LLC, a Delaware limited liability company. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email organization and digest service.

By using UnclutterMail, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Company Information

Legal Entity: Profectify LLC

Jurisdiction: Delaware, USA

Contact Email: [email protected]

Privacy Contact: [email protected]

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored using industry-standard bcrypt hashing)
  • Timezone and language preferences
  • Digest delivery preferences (time of day, frequency)

3.2 Email Data via OAuth

When you connect your Gmail or Microsoft 365 account using OAuth 2.0, we request access to:

  • Email Headers: Sender email address, sender name, subject line, date/time received, message ID
  • Email Metadata: Labels/folders, read/unread status, importance flags
  • Email Content: Limited to emails classified as newsletters, marketing, or promotional content for digest generation only
  • Calendar Data: Meeting details (title, participants, time) for meeting-related emails (if calendar access is granted)

Important Limitations:

  • We use read-only access to your email
  • We cannot send emails on your behalf
  • We cannot delete or modify your emails
  • We cannot access emails marked as personal or sensitive by our classification system
  • You can revoke access at any time through your Google or Microsoft account settings

3.3 Usage and Technical Data

We automatically collect:

  • IP address (for security and fraud prevention)
  • Browser type and version
  • Device information (operating system, screen resolution)
  • Pages visited and features used within our Service
  • Time and date of visits and interactions
  • Referring/exit pages and URLs
  • Performance and error data

3.4 Payment Information

Payment processing is handled by Stripe, Inc. We do not store your full credit card information. We retain:

  • Last 4 digits of credit card
  • Card brand (Visa, Mastercard, etc.)
  • Billing address
  • Transaction history
  • Stripe customer ID

4. How We Use Your Information

4.1 Core Service Functionality

We use your information to:

  • Authenticate you and provide access to your account
  • Connect to your email accounts via OAuth 2.0
  • Classify and categorize emails using AI algorithms
  • Generate and send daily digest emails
  • Create AI-powered email reply drafts
  • Apply custom filtering rules you create
  • Display email summaries and analytics in your dashboard

4.2 Communication

We use your email address to send:

  • Daily digest emails (as configured by you)
  • Account verification and password reset emails
  • Service announcements and updates
  • Billing and payment confirmations
  • Responses to your support inquiries

You can opt-out of non-essential communications through your account settings.

4.3 Service Improvement

We use aggregated, anonymized data to:

  • Improve our AI classification models
  • Analyze usage patterns and optimize performance
  • Develop new features and functionality
  • Conduct security and fraud analysis

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Consent: You explicitly consent to email access via OAuth authorization
  • Legitimate Interests: Improving our Service, fraud prevention, and security
  • Legal Obligations: Compliance with applicable laws and regulations

6. How We Share Your Information

6.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

  • GROQ: AI processing for email classification and reply generation
  • Brevo (formerly SendinBlue): Email delivery for digests and transactional emails
  • Stripe: Payment processing and subscription management
  • Cloud Infrastructure: Hosting and database services

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Prevention of fraud or security threats

6.3 Business Transfers

If Profectify LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6.4 No Selling of Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Google API Services User Data Policy

UnclutterMail's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request the minimum scopes necessary to provide our Service
  • We use Google user data solely to provide or improve user-facing features in UnclutterMail
  • We do not transfer Google user data to third parties except as necessary to provide the Service, comply with applicable law, or as part of a merger/acquisition with user notice
  • We do not use Google user data for serving advertisements
  • We do not allow humans to read Gmail data unless: (1) you give explicit consent, (2) it's necessary for security purposes, (3) to comply with applicable law, or (4) the data has been aggregated and anonymized

8. Data Security

We implement robust security measures to protect your data:

8.1 Encryption

  • In Transit: TLS 1.2+ encryption for all data transmission
  • At Rest: AES-256 encryption for OAuth tokens and sensitive data
  • Database: Encrypted database storage with regular backups

8.2 Access Controls

  • Role-based access control (RBAC) for internal systems
  • Multi-factor authentication for administrative access
  • Regular access reviews and privilege minimization
  • Comprehensive audit logging of all sensitive actions

8.3 Security Practices

  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • Secure development lifecycle practices
  • Incident response procedures

No Security is Perfect: While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Data Retention

9.1 Active Accounts

We retain your data for as long as your account remains active and as necessary to provide the Service. To minimize data storage, we automatically delete:

  • Email messages: Deleted after 90 days (excluding messages you explicitly save)
  • Data export files: Deleted after 7 days from generation

9.2 Account Deletion

When you delete your account or disconnect an email account:

  • Personal data and email metadata are deleted within 30 days
  • OAuth access tokens are immediately revoked with Google and Microsoft
  • Aggregated, anonymized analytics data may be retained indefinitely
  • Financial records are retained for 7 years as required by law
  • Database backups containing your data are purged within 90 days

9.3 Inactive Accounts

Accounts inactive for more than 2 years may be automatically deleted after email notice to you.

10. Your Rights and Choices

10.1 Access and Portability

  • Request a copy of your personal data in machine-readable format
  • Export your email classifications and digest history
  • Use our built-in data export tool to download all your data as a ZIP file

10.2 Rectification

  • Update your account information through your profile settings
  • Correct inaccurate data by contacting us

10.3 Deletion (Right to be Forgotten)

  • Delete your account and all associated data through account settings
  • Request specific data deletion by contacting us

10.4 Objection and Restriction

  • Object to specific data processing activities
  • Request restriction of processing under certain circumstances

10.5 Revoke OAuth Access

You can revoke UnclutterMail's access to your email at any time:

10.6 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. International Data Transfers

Your data is processed and stored in the United States. If you are located outside the United States, please note that we transfer data to the US and process it there.

For EEA users, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Your explicit consent for the transfer

12. Cookies and Tracking Technologies

12.1 Essential Cookies

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remembering user preferences

12.2 Analytics

We use first-party analytics to understand how users interact with our Service. We do not use third-party tracking or advertising cookies.

12.3 Cookie Control

You can control cookies through your browser settings, but disabling essential cookies may limit Service functionality.

13. Children's Privacy

UnclutterMail is not intended for users under 16 years of age (or under 13 in the United States). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete it immediately.

If you believe we have inadvertently collected information from a child, please contact us at [email protected].

14. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: Categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so opt-out is not applicable
  • Right to Non-Discrimination: We will not discriminate for exercising CCPA rights

To exercise these rights, contact [email protected].

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email to the address associated with your account
  • Display a prominent notice in the Service
  • For material changes affecting Google data use, obtain your consent if required

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

16. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Describe the nature of the breach and data affected
  • Explain steps we are taking to address the breach
  • Provide recommendations for protecting your information
  • Notify relevant authorities as required by law

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Profectify LLC

Email: [email protected]

Privacy Inquiries: [email protected]

Data Protection Officer: [email protected]

We aim to respond to all privacy inquiries within 30 days.