Privacy Policy

Essential Cookies: We use essential cookies that are strictly necessary for the operation of our service. These cannot be disabled:

• callmail_session: Authentication session cookie (30 days expiration)

Analytics Cookies (Optional): We use Vercel Analytics to understand how users interact with our service. This helps us improve performance and user experience. You can decline analytics cookies through our cookie banner.

Your Choices: You can accept or decline optional analytics cookies through the cookie consent banner. Essential cookies cannot be declined as they are required for the service to function.

Google Account Information: When you sign in with Google, we receive your email address and basic profile information to identify your account.

Gmail Data (Read-Only Access): We access your Gmail inbox in read-only mode to check for new unread emails. We specifically check:

• Email sender addresses
• Email subject lines
• Email timestamps

User-Provided Information:

• VIP email addresses you choose to monitor
• Keywords you want to trigger calls
• Your phone number for receiving call notifications

We use your information solely to provide the CallMail service:

• Email Monitoring: We scan your unread emails to identify messages from your specified VIP senders or containing your specified keywords.
• Call Notifications: When a matching email is detected, we use Twilio to place a brief call to your specified phone number.
• Service Improvement: We may use aggregated, anonymized data to improve our service.

Database Storage: Your VIP contacts, keywords, phone number, and preferences are stored securely in our Supabase database with encryption at rest.

Data Residency: User data is stored in Supabase (PostgreSQL) hosted in AWS US-East region.

OAuth Tokens: Your Google authentication tokens are stored securely in our database and are used only to access your Gmail on your behalf.

Email Data Retention: Processed email IDs are retained for 30 days for deduplication purposes. User data is retained until account deletion.

Security Measures: We use industry-standard encryption (HTTPS/TLS) for all data transmission and encryption at rest for stored data.

We do not sell, trade, or transfer your personal information to third parties. We share data only with the following service providers (subprocessors):

• Twilio: We share your phone number with Twilio solely to place notification calls. No email data is shared with Twilio.
• Supabase: Database hosting for user accounts, contacts, keywords, and settings.
• Upstash: Background job scheduling and Redis caching.
• Google: We interact with Google's Gmail API using OAuth 2.0 for email metadata access.
• Vercel: Application hosting and deployment.

We will never:

• Sell your data to advertisers or data brokers
• Use your email content for advertising purposes
• Share your email data with third parties for their marketing
• Use your data for AI model training

CallMail's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the minimum necessary permissions (gmail.metadata scope)
• We use Gmail data only to provide the email notification feature
• We do not store, transfer, or use Gmail data for any purpose other than providing this service
• We do not allow humans to read your email content

Access and Control: You can view and modify your VIP contacts, keywords, and phone number at any time within the app.

Data Export: You can export all your data directly from the app Settings page at any time. No need to contact us.

Revoke Access: You can revoke CallMail's access to your Google account at any time through your Google Account permissions.

Delete Data: You can request deletion of all your data by contacting us. We will delete your data within 30 days of request.

Stop Monitoring: You can pause or stop email monitoring at any time using the controls in the app.