Legal

Privacy Policy

Effective January 1, 2026 -  Last updated April 1, 2026

This policy explains what we collect, why we collect it, and how we protect it.

01

What we collect

When you create an account we collect your name, email address, and a hashed password, or an OAuth token if you sign in with Google or Microsoft. We never store your provider password.

When you connect Gmail or Microsoft, we receive an OAuth access token scoped to the actions required to operate U-Mail on your behalf. We do not persist raw email content on our servers beyond the time needed to render or complete the requested action.

We collect standard server logs such as IP address, browser type, pages visited, and timestamps for security and performance monitoring. Logs are retained for 90 days and then deleted.

02

How we use your data

We use your data to provide, operate, and improve U-Mail, including inbox sync, lightweight metadata-based classification, reply and organization insights, billing, support, and connected email workflows.

We send transactional emails such as password resets, billing receipts, and security alerts. We do not send marketing emails unless you have explicitly opted in.

We do not sell your data and we do not use your email content to train AI models.

03

Product processing

U-Mail intelligence uses lightweight structural and behavioral signals such as sender patterns, reply timing, thread depth, message frequency, and your interaction history to produce prioritization and classification recommendations.

Optional writing assistance tools are isolated, opt-in features. They do not read your inbox passively, and your overrides always outrank inferred signals.

04

Data storage and security

All data in transit is encrypted using HTTPS and TLS 1.2+. Data at rest is protected using industry-standard encryption provided by our cloud infrastructure.

OAuth tokens are stored in a hardened secrets manager with restricted access and audited access controls. We host on Google Cloud Platform with encrypted backups and regional failover.

05

Third-party sharing

We share data only with sub-processors necessary to operate the service: Google Cloud for hosting, Stripe for payments, Resend for transactional email, and Sentry for error monitoring with PII scrubbing.

We may disclose data if required by valid legal process and will notify you as permitted by law.

We do not use advertising networks, social media pixels, or behavioral analytics scripts.

06

Your rights

You may request a full export of your account data at any time from Settings -> Privacy.

You may delete your account and associated data at any time from Settings -> Account. Deletion is permanent and processed within 30 days.

If you are in the EU or UK, you have additional rights under GDPR and UK GDPR including access, rectification, restriction, and objection rights. Contact support@u-mail.ai to exercise them.

07

Cookies

U-Mail uses essential authentication cookies, a theme preference cookie, and Stripe fraud-prevention cookies on billing pages. See the Cookie Policy for the full list and storage details.

08

Children

U-Mail is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child provided us with personal data, contact support@u-mail.ai and we will delete it promptly.

09

Changes to this policy

We notify registered users by email at least 14 days before any material changes take effect. Continued use after that date constitutes acceptance of the updated policy.

Questions?

Need a privacy answer?

We respond to privacy enquiries within 5 business days. For deeper operational detail, see our security and cookie pages.