Back

Privacy Policy

Last Updated: 2025-02-26

Introduction

Mailmondo (“we,” “our,” or “us”) is an AI-powered Gmail Add-on designed to enhance your email experience. This Privacy Policy explains how we collect, use, store, share, and protect your information—including Google user data—in compliance with applicable data protection laws (such as the GDPR) and Google's requirements. By using our add-on, you consent to the practices described herein.

Information We Collect

Google User Data via OAuth

When you sign in using your Google account, we request the following OAuth scopes:

  • gmail.addons.execute: For basic add-on functionality
  • gmail.readonly: To read email content for analysis
  • script.external_request: To perform backend API calls
  • userinfo.email: For user identification
  • gmail.addons.current.action.compose: To enable compose window actions
  • gmail.addons.current.message.metadata: To access email metadata

From these scopes, we collect:

  • Email Address: Retrieved via getUserEmail() to uniquely identify your account
  • Message Metadata: Including subject, sender, and date
  • OAuth Tokens: Used solely for authentication and secure access to Gmail

Email Content

When you activate our features (such as summarization or language analysis), your email content is temporarily processed in memory using functions like loadEmailContent(). Importantly, email content is not permanently stored.

Usage and Account Information

We also collect:

  • Usage Statistics: Including feature usage counts and error logs
  • Account Details: Such as account creation date and user preferences

These details are stored as follows:

  • MongoDB Atlas: Stores your email address, usage statistics, account creation date, and preferences
  • Apps Script Properties: Stores temporary data such as a 5-minute authentication cache and API usage counters

How We Use Your Data

Your data is used solely for the purposes below:

  • Authentication and Account Management: Your email address and OAuth tokens authenticate your account and help manage access
  • Service Functionality: Your email content and metadata are processed in real time to power AI-driven features
  • Service Improvement: Usage data and error logs enable us to monitor performance and enhance our features
  • Operational Support: Temporary caches and usage counters support efficient backend operations and rate limiting

Data Sharing, Transfer, and Disclosure

We share your data only with trusted third parties and solely for purposes necessary to deliver our service:

Google Cloud Platform (GCP)

  • Purpose: Hosting our backend services and managing authentication
  • Data Shared: Google OAuth tokens and basic account information
  • Transfer & Security: Data is transmitted over HTTPS and stored using industry-standard encryption

OpenAI

  • Purpose: AI-powered analysis of your email content
  • Data Shared: Only the email content you explicitly provide for processing
  • Transfer & Security: U.S.-based servers using Standard Contractual Clauses (SCCs)

MongoDB Atlas

  • Purpose: Storing your account information
  • Data Shared: Your email address and other account details
  • Transfer & Security: EU-based data centers with SCCs for transfers outside the EU/UK

DeepL

  • Purpose: Providing language detection and translation features
  • Data Shared: Only text excerpts necessary for translation
  • Transfer & Security: EU-based processing in compliance with GDPR

Discord

  • Purpose: System monitoring and error logging
  • Data Shared: Technical metadata and error logs
  • Transfer & Security: Industry standards for GDPR compliance

Data Storage and Retention

  • Email Content: Processed solely in memory during active sessions and never permanently stored
  • Temporary Caches: OAuth tokens and API usage counters with 5-minute expiry
  • Account and Usage Data: Stored for the duration of your account's active status
  • Usage and Error Logs: Retained for 30 days
  • Backups: Maintained for up to 7 days, with encrypted storage

Security Measures

  • Encryption: Data is encrypted in transit (TLS 1.3 or higher) and at rest (AES-256)
  • Access Controls: Role-based access and regular privilege reviews
  • Vulnerability Management: Regular scans, quarterly penetration tests, and monitoring
  • Rate Limiting: API calls are rate-limited per user

Your Rights

You have certain rights regarding your personal data. You can:

  • Access: Request a JSON export of your data
  • Correction: Ask for inaccuracies to be corrected
  • Deletion: Request full deletion of your account and related data
  • Portability: Request your data in a standardized format
  • Object: Object to processing based on legitimate interests

Breach Notification

  • Internal Protocol: We will immediately disable compromised systems and assess breach severity
  • Notification Timelines: Authorities will be notified within 24 hours for GDPR-reportable incidents
  • User Notification: Affected users will be notified within 72 hours for high-risk breaches
  • Remediation: A post-mortem will be publicly shared within 30 days of the breach

Policy Updates

We may update this Privacy Policy periodically. Material changes will be:

  • Published on our website with an updated “Last Updated” date
  • Notified to you via email or within the add-on if they materially affect your rights

Contact Information

For any questions or concerns regarding this Privacy Policy or our data practices, please contact us:

Definitions

  • “Service” refers to the mailmondo Gmail add-on
  • “Personal Data” means data about a living individual who can be identified from that data
  • “Usage Data” means data collected automatically about how the service is used
  • “Cookies” are small files stored on your device
  • “Data Controller” means the person or organization that determines the purposes for which and the manner in which any personal data are processed
  • “Data Processor” means any person or organization that processes data on behalf of the Data Controller
  • “Data Subject” means any living individual who is using our Service and is the subject of Personal Data