Privacy Policy

This Privacy Policy explains how Typemail ("we", "us") collects, uses, and protects information when you use our products and services, including our website, documentation, browser extension, API, and dashboard (collectively, the "Services").

Effective date: 2025-10-30

1. Data we collect

Account data: name, email, password hash, authentication identifiers (including OAuth tokens for Google/GitHub via Supabase).
Usage data: API request metadata (timestamps, endpoints, response codes), dashboard interactions, feature usage.
Billing data: plan, subscription status, invoices, and limited payment metadata handled by Stripe (we do not store full card details).
Content data: Markdown you send to the API and related parameters (e.g., template_id, ai_service). Generated HTML is processed transiently and may be stored for debugging when necessary.
Device/technical data: IP address, user agent, and basic diagnostics for security and abuse prevention.

2. Why we collect it (purposes)

Provide and operate the Services (authentication, API rendering, dashboard features).
Maintain security, prevent abuse, and troubleshoot issues.
Billing and account management (subscriptions, invoices, receipts).
Product improvement, analytics, and support.
Legal compliance and enforcing our Terms of Service.

3. Legal bases (EEA/UK)

Performance of a contract (providing the Services you request).
Legitimate interests (security, fraud prevention, product analytics, service improvement).
Consent (where required, e.g., certain cookies/marketing).
Legal obligations (tax, accounting, compliance).

4. Data retention

Account and billing records: retained while your account is active and for a reasonable period thereafter to comply with legal obligations.
API logs/usage: retained for limited periods for security, analytics, and support.
Content data: processed to fulfill requests; we minimize storage and only retain as needed for debugging, support, or if you explicitly enable persistence.

We use trusted service providers to operate the Services:

Supabase (authentication, database, storage, edge functions)
Stripe (payments, subscriptions)
Hosting/CDN and logging providers

We require sub‑processors to implement appropriate security and confidentiality measures. We do not sell personal data.

6. Security

We employ administrative, technical, and organizational measures appropriate to the risk, including encryption in transit, access controls, and least‑privilege practices. No method of transmission or storage is 100% secure.

7. International transfers

Your information may be processed in countries other than your own. Where applicable, we rely on approved transfer mechanisms (e.g., SCCs) and take steps to protect your data.

8. Your rights

Subject to local law, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You can submit requests via the Dashboard or by contacting us.

9. Cookies and analytics

We use essential cookies for authentication and localization (e.g., cross‑subdomain language cookie). We may use privacy‑respecting analytics to understand product usage. You can control non‑essential cookies where required by law.

10. Children

The Services are not directed to children under the age required by local law. We do not knowingly collect personal data from children.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated via the Services or email. Your continued use constitutes acceptance of the updated Policy.

12. Contact

For privacy inquiries or requests, contact support from your Dashboard. If required by local law, you may also have the right to raise concerns with your supervisory authority.

1. Data we collect​

2. Why we collect it (purposes)​

3. Legal bases (EEA/UK)​

4. Data retention​

5. Sharing and sub‑processors​

6. Security​

7. International transfers​

8. Your rights​

9. Cookies and analytics​

10. Children​

11. Changes to this Policy​

12. Contact​