Privacy Policy

Last Updated: January 30, 2025

Welcome to LegacyMail (“we,” “us,” or “our”). This Privacy Policy explains how we handle information when you use our services (the “Service”), which include our local MBOX reader and other features that may involve server-side data processing (“Server-Side Features”).

Our core MBOX reader service is designed for local processing. This means your MBOX files and the email data contained within them (“Local Data”) are processed and stored only on your computer. However, our Server-Side Features require server-side processing and involve different data handling practices as described below.

1. Local Data (MBOX Reader)

• Local Data: We do not access, collect, store, or transmit your MBOX files or any email content, attachments, or metadata from those files. All processing happens locally within your browser.
• Usage Data (Local Operations): We do not track how you interact with your Local Data within the Service (e.g., which emails you view, searches you perform locally).

2. Account and Subscription Information

Some features, like premium subscriptions or future cloud-based functionalities (if offered), may require you to create an account. If you choose to create an account (e.g., using email/password or through third-party providers like Google Sign-In via services like Clerk), we may collect:

• Account Information: Your name, email address, password (hashed), and potentially profile picture if provided through a third-party service. This information is used for account management, authentication, and communication regarding your account or subscription.
• Subscription Information: If you purchase a premium subscription, our payment processor (e.g., Stripe) will handle your payment details directly. We may receive information like subscription status, plan type, and transaction identifiers, but typically not your full credit card number.
• Third-Party Authentication: If you sign in using a third-party service like Google, we receive information based on your permissions granted to that service (e.g., name, email, profile picture). We rely on the security practices of these third-party providers. For details on how Clerk handles your data when used for authentication, please see Clerk’s Privacy Policy.

3. Server-Side Features and User Content

Our Server-Side Features may allow you to upload or sync content (“User Content”), such as files, images, or other data, for storage, processing, and analysis. Unlike our local MBOX reader, these features require sending data to our servers.

Information We Collect

When you use our Server-Side Features, we may collect:

• User Content: The files, data, or other information you choose to upload or sync.
• Processing Metadata: Technical information about the processing, such as upload timestamps and processing status.

How We Use This Information

We use your User Content to:

• Provide the services you requested, which may include processing, analysis, and storage.
• Generate insights, categorizations, or other output, potentially using AI.
• Improve our models, algorithms, and service quality.

To provide these services, we may share your User Content with third-party service providers under strict confidentiality agreements that prohibit them from using your data for any purpose other than providing the requested processing services.

Data Retention and Deletion

• User Content: The retention period for your User Content depends on the feature you are using. We will retain your User Content for as long as necessary to provide the service or until you choose to delete it. Some services may delete content from our servers shortly after processing. Please refer to the specific feature’s documentation or interface for details.
• Processed Data: We may retain data derived from the processing of your User Content (e.g., AI-generated labels, analysis results, metadata) to allow you to access your results in the future without needing to re-upload and re-process your content.
• Processing Logs: We may retain technical logs related to the processing for troubleshooting and service improvement purposes.

User Consent

By using our Server-Side Features, you consent to the collection, processing, and storage of your User Content as described in this section. You can choose not to use these features if you prefer not to upload any content to our servers.

4. How We Use Collected Information (Account Holders Only)

If we collect Account or Subscription Information, we use it to:

• Provide, maintain, and improve account-related features of the Service.
• Process subscription payments and manage your subscription.
• Communicate with you about your account, updates, or support requests.
• Authenticate you and secure your account.
• Comply with legal obligations.

5. Data Sharing

• Local Data: We never share your Local Data because we never collect it.
• Account Information: We do not sell your Account Information. We may share it with:
  • Service Providers: Companies that help us operate (e.g., authentication providers like Clerk, payment processors like Stripe, cloud hosting providers if applicable for account data). These providers are bound by confidentiality agreements and only use the data to perform services for us.
  • Legal Requirements: If required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• User Content and Processed Data: For our Server-Side Features, we may share your User Content with third-party service providers as described in Section 3. These providers are bound by strict confidentiality agreements and are prohibited from using your data for any purpose other than providing the requested processing services.

6. Data Security

We implement reasonable technical and organizational measures to protect any Account Information and uploaded content we store. However, no internet transmission or electronic storage is 100% secure. You are responsible for the security of your Local Data on your own computer.

7. Data Retention

Account Holders: We retain your Account Information for as long as your account is active or as needed to provide you with account-related services. We may retain some information after account closure if necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

Server-Side Feature Users: Data retention for our Server-Side Features is described in Section 3 above.

8. Your Choices and Rights

Depending on your location, you may have rights regarding your personal information, such as the right to access, correct, delete, or restrict its processing. You can usually manage your account details through your account settings. For requests related to AI-generated data or other inquiries, please contact us.

9. Children’s Privacy

The Service is not intended for minors under 18 (or a different age threshold depending on the jurisdiction). We do not knowingly collect personal information from minors.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website or through the Service. Your continued use of the Service after changes constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our practices, please contact us at: cory@legacymail.ai