Legal
Privacy Policy
Last updated: 1 March 2025
MailBridge ("we", "us", or "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and the choices you have. If you have questions after reading this, reach us at privacy@mailbridge.ai.
1. Information we collect
We collect information you provide directly when you create an account, set up an organization, or contact us for support. This includes:
- Account information — your name, email address, and password (stored securely via Firebase Auth).
- Organization details — your workspace name and slug.
- Integration credentials — OAuth tokens and bot tokens for connected platforms (Slack, Discord). These are encrypted at rest using AES-256-GCM and never exposed in plaintext.
- Inbound email content — emails forwarded to your MailBridge inbound address are processed for triage and routing. Email bodies and metadata are stored temporarily to deliver the service.
- Usage data — basic analytics such as feature usage, page visits, and error logs used to improve the product.
2. How we use your information
We use the information we collect to:
- Provide, operate, and improve the MailBridge service.
- Process and route inbound emails to the correct Slack or Discord channel.
- Send transactional emails (account confirmation, password reset, billing receipts).
- Notify you of important service changes, security events, or policy updates.
- Detect and prevent abuse, fraud, or violations of our Terms of Service.
- Comply with applicable legal obligations.
We do not sell your personal information or use it for advertising purposes.
3. AI processing of email content
MailBridge uses large language models (LLMs) to classify and summarise inbound emails for triage purposes. Before content is sent to the AI:
- Email reply chains and quoted text are stripped — only the new message content is processed.
- Patterns matching financial account numbers, medical information, and other sensitive data formats are removed before the content reaches the model.
- The model receives only what is necessary to determine category, urgency, and a short summary.
We do not use your email content to train AI models. Processing is performed for the sole purpose of routing your messages.
4. Data sharing
We share data only in the following circumstances:
- Service providers — We use third-party services to operate MailBridge (for example, cloud hosting, error tracking, and payment processing). These providers access data only as necessary to perform their functions and are bound by confidentiality obligations.
- Connected platforms — When you connect Slack or Discord, message content is sent to those platforms as part of the routing process. Your use of those platforms is governed by their respective privacy policies.
- Legal requirements — We may disclose information if required to do so by law, court order, or a government authority.
- Business transfers — If MailBridge is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you of any such change.
We do not share your personal data with third parties for their own marketing or commercial purposes.
5. Data retention
We retain your data for as long as your account is active or as needed to provide the service.
- Account data — retained until you delete your account.
- Inbound email content and conversation history — retained for the duration of your subscription. If you cancel, we retain data for 30 days before permanent deletion.
- Raw webhook event payloads — automatically deleted after 7 days.
- Billing records — retained for 7 years as required for accounting and tax compliance.
You can request deletion of your data at any time by deleting your account from Settings → Profile, or by contacting us at privacy@mailbridge.ai.
6. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — request that we delete your personal data.
- Portability — receive your data in a structured, machine-readable format.
- Restriction — ask us to limit how we process your data in certain circumstances.
- Objection — object to processing based on legitimate interests.
To exercise any of these rights, contact us at privacy@mailbridge.ai. We will respond within 30 days.
7. Cookies
MailBridge uses cookies and similar technologies to:
- Keep you signed in to your account (authentication session cookie).
- Remember your preferences within the dashboard.
- Collect anonymous analytics about how the marketing site is used.
We do not use third-party advertising cookies. You can clear cookies at any time through your browser settings, though this will sign you out of the application.
8. Security
We take security seriously. Measures we have in place include:
- All data transmitted between your browser and our servers is encrypted over HTTPS/TLS.
- Integration credentials (API tokens, OAuth tokens) are encrypted at rest using AES-256-GCM before being stored in the database.
- Firebase Auth manages authentication; passwords are never stored or visible to MailBridge.
- Access to production systems is restricted to authorized personnel.
No system is completely secure. If you discover a security vulnerability, please report it responsibly to security@mailbridge.ai.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice in the dashboard before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
Continued use of MailBridge after changes take effect constitutes acceptance of the revised policy.
10. Contact
If you have questions about this Privacy Policy or how we handle your data, contact us:
- Email: privacy@mailbridge.ai
- General: hello@mailbridge.ai