← Back to AutoEmail
Legal

Privacy Policy

Last updated: February 2026  ·  Effective date: February 2026

This Privacy Policy explains how AutoEmail (“we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use our AI-powered email automation platform. We are committed to processing your personal data lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

Nico Jaroszewski
Schlosstalstrasse 202
8408 Winterthur, Switzerland
Email: info@autoemail.dev

For any privacy or data protection request, contact us at: info@autoemail.dev

2. Personal Data We Collect

2.1 Account Information

  • Name and email address (provided at registration)
  • Organisation/company name
  • Billing information (processed by our payment provider)
  • Profile preferences and settings

2.2 Email Content Data

  • Email subjects, bodies, sender/recipient metadata from connected mailboxes
  • AI-generated draft content created by the platform
  • Email thread context used to generate contextual replies

2.3 Usage Data

  • Log data including IP address, browser type, pages visited, timestamps
  • Feature usage metrics and interaction events
  • Error reports and performance diagnostics

2.4 Cookies & Tracking

We use cookies and similar technologies as described in our Cookie Policy.

3. Legal Basis for Processing

PurposeLegal Basis (GDPR Art.)
Providing the AutoEmail serviceContract performance (Art. 6(1)(b))
AI-powered email draft generationContract performance (Art. 6(1)(b))
Analytics & service improvementLegitimate interests (Art. 6(1)(f))
Marketing communicationsConsent (Art. 6(1)(a))
Legal compliance & fraud preventionLegal obligation (Art. 6(1)(c))
Security & abuse preventionLegitimate interests (Art. 6(1)(f))

4. How We Use Your Data

  • Generating AI-drafted email responses using your email context
  • Presenting drafts for your review before any email is sent (human-in-the-loop)
  • Spam filtering and email triage classification
  • Providing analytics dashboards about your email activity
  • Authentication and account management
  • Sending product updates, security notices, and (with consent) marketing
  • Improving service reliability and debugging issues

Important: AutoEmail operates with a human-in-the-loop model. No email is sent automatically on your behalf without your explicit review and approval.

5. Data Sharing & Third Parties

We share personal data only where necessary with the following sub-processors:

Sub-processorPurposeLocation
ClerkUser authentication & session managementUSA (SCCs in place)
OpenRouter and selected text model providersAI email draft generation and classificationUSA (SCCs in place)
ConvexReal-time data storage & backendUSA (SCCs in place)

We do not sell your personal data. We do not share your email content with third parties for advertising purposes.

6. Data Retention

  • Account data: retained for the duration of your account, plus 30 days after deletion
  • Email content used for AI generation: retained for 90 days, then anonymised
  • Usage logs: retained for 12 months
  • Billing records: retained for 7 years as required by law

7. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access - request a copy of your personal data (Art. 15)
  • Right to rectification - correct inaccurate data (Art. 16)
  • Right to erasure - request deletion of your data (Art. 17)
  • Right to portability - receive your data in a structured, machine-readable format (Art. 20)
  • Right to restriction - limit how we process your data (Art. 18)
  • Right to object - object to processing based on legitimate interests or for direct marketing (Art. 21)
  • Right to withdraw consent - withdraw any previously given consent at any time without affecting prior processing

To exercise any of these rights, contact us at info@autoemail.dev. We will respond within 30 days.

8. International Data Transfers

Some of our sub-processors are based outside the EU/EEA (see Section 5). When transferring personal data outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the legal transfer mechanism, ensuring an equivalent level of protection. You may request copies of the relevant SCCs by contacting our DPO.

9. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS 1.2+), encryption at rest, access controls, and regular security reviews.

10. Cookies

We use cookies and similar technologies. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

11. Right to Lodge a Complaint

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your national authority at edpb.europa.eu.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a prominent notice in the platform. The “Last updated” date at the top of this page always reflects the most recent revision.

13. Contact Us

For any privacy-related questions or to exercise your rights, contact:
Email: info@autoemail.dev
Address: Nico Jaroszewski, Schlosstalstrasse 202, 8408 Winterthur, Switzerland

Terms of ServiceCookie PolicyLegal Notice