Privacy Policy

BetterMail (“we”, “us”, or “our”) operates the BetterMail email productivity application available at bettermail.tech. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using BetterMail you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

1. Information We Collect

1.1 Account Information

When you sign in via Google OAuth or Microsoft OAuth, we receive:

• Your email address
• Your display name
• A profile avatar URL (where provided by the identity provider)
• OAuth tokens (refresh token) required to access your mailbox on your behalf

We do not receive or store your account password. Authentication is handled entirely by Google or Microsoft.

1.2 Email Data Processing

To provide BetterMail's features, the application temporarily processes email message content retrieved via the Google Gmail API or Microsoft Graph API.

BetterMail does not permanently store raw email message bodies or attachments on its servers.

Instead, BetterMail generates derived representations of email content used to power features such as semantic search and AI assistance. These derived representations include:

• PII-redacted summaries — concise descriptions of email content with personally identifiable information removed
• PII-redacted vector embeddings — mathematical representations of email meaning, generated after PII redaction
• Non-sensitive metadata — such as message timestamps, labels, sender/recipient domains, and thread structure

These derived representations cannot be used to reconstruct the original email message. Email content may be processed transiently in memory during feature execution but is not retained in its original form.

We do not process email content for advertising purposes and we do not sell email data to third parties.

1.3 Usage Data

We may collect anonymised telemetry about how you interact with the app (e.g., features used, session duration) to improve the product. This data cannot be used to identify individual users or read email content.

1.4 Log Data

Our servers automatically record standard log data including IP addresses, browser type, pages visited, and timestamps. This data is used for security monitoring and debugging only, and is retained for a maximum of 90 days.

2. How We Use Your Information

We use the data we collect exclusively to:

• Provide the Service — displaying your emails, sending replies, managing folders, and synchronising your mailbox
• Power AI features — AI-based search, email summarisation, smart compose suggestions, and the conversational AI assistant, which analyses derived email representations to answer your questions about your inbox
• Authenticate you — verifying your identity on each session via OAuth
• Improve the Service — using aggregated, anonymised usage data to fix bugs and build new features
• Security and fraud prevention — detecting anomalous activity or unauthorised access

We do not use your email content or Google/Microsoft account data for advertising, user profiling, or any purpose unrelated to providing the BetterMail Service.

3. How We Share Your Information

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

3.1 AI Service Providers

When AI features are used, relevant portions of email content may be temporarily processed by an AI service provider to generate summaries or responses. These providers act strictly as data processors under our instruction and are contractually prohibited from:

• Retaining email content after the request is complete
• Training machine learning models on your data
• Sharing your data with third parties

3.2 Infrastructure Providers

We use trusted cloud infrastructure providers for databases, vector storage, and caching. All data is encrypted in transit (TLS 1.2+) and at rest. These providers are used solely to store and process derived representations on our behalf.

3.3 Legal Requirements

We may disclose your data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, property, or the safety of our users.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, user data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

4. Data Retention

• Raw email message bodies and attachments — not stored on BetterMail servers and therefore not retained
• Derived embeddings and summaries — retained while your account is active; deleted within 30 days of account deletion
• OAuth tokens — stored encrypted; revoked and deleted immediately upon account disconnection or deletion
• Account information — deleted within 30 days of account deletion
• Server logs — retained for a maximum of 90 days
• AI conversation history — retained for 90 days after the last message, then permanently deleted

You may request deletion of your data at any time by contacting admin@bettermail.tech or by disconnecting your account from the Settings page, which immediately revokes our access tokens.

5. Google and Microsoft API Scopes

BetterMail requests the following OAuth scopes:

Google

• https://www.googleapis.com/auth/gmail.modify — read, compose, send, and manage messages; manage labels and drafts
• openid, email, profile — identify you and display your name and email address

Microsoft (Outlook)

• Mail.ReadWrite — read and manage your Outlook messages and folders
• Mail.Send — send email on your behalf
• offline_access — maintain access when you are not actively using the app
• openid, profile, email — identify you

We request only the minimum scopes necessary to deliver the Service. You can revoke our access at any time via your Google Account permissions or Microsoft Account app permissions.

6. Security

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for OAuth tokens and stored embeddings at rest
• Role-based access controls limiting who on our team can access production systems
• Regular security audits and dependency updates

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate data be corrected
• Deletion — request that your data be deleted
• Portability — request your data in a structured, machine-readable format
• Withdrawal of consent — disconnect your Google or Microsoft account from the Settings page at any time, which immediately revokes our access

To exercise any of these rights, contact us at admin@bettermail.tech. We will respond within 30 days.

8. Children's Privacy

BetterMail is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also notify you by email if we have your address on file.

10. Contact Us

• Email: admin@bettermail.tech
• Website: https://bettermail.tech

11. Google API Data Usage Compliance

BetterMail's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, BetterMail does not:

• Use Gmail data for advertising purposes
• Allow humans to read email content unless required for security investigation, legal compliance, or at the user's explicit request
• Transfer Gmail data to third parties except as necessary to provide the Service to the user
• Use Gmail data to develop, train, or improve machine learning models