Privacy Policy

Effective Date: January 1, 2025

1. Introduction

SwiftInbox AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any way.

2. Information We Collect

2.1 Information You Provide

Waitlist Information: Email address and optional company information for our waitlist
Contact Information: Information you provide when contacting us for support
Feedback: Comments, suggestions, and feedback you provide

2.2 Automatically Collected Information

Usage Data: Pages visited, time spent on site, links clicked
Device Information: IP address, browser type, operating system
Cookies and Tracking: Information collected through cookies and similar technologies
Analytics Data: Basic website performance and user behavior analytics

2.3 Google Workspace Integration Information

When you use our Gmail add-on, we may access email information through Google's APIs to provide our services. We request only the minimum OAuth scopes necessary for our Gmail add-on functionality.

2.3.1 Data Access and Processing

Email Content: We may access email content for AI-powered analysis and summarization
Email Metadata: We may access email metadata for categorization and organization
Processing: All data processing occurs within Google's secure infrastructure
No Permanent Storage: Email content is never stored on our servers or any external systems
User Control: Users maintain full control over their data and can revoke access at any time

3. How We Use Your Information

3.1 Website and Marketing

Service Provision: Provide information about our products and services
Waitlist Management: Process waitlist applications and send updates
Communication: Respond to inquiries and provide customer support
Marketing: Send relevant updates and promotional materials (with consent)
Analytics: Improve our website and user experience

3.2 Google Workspace Service Provision

Email Processing: Analyze email content for AI-powered insights during active use only
Smart Categorization: Automatically categorize emails based on content and context
Priority Detection: Identify urgent and important emails
Summarization: Provide concise summaries of email conversations
Reply Suggestions: Generate contextual reply suggestions
Label Management: Apply intelligent labels for better organization

3.3 Legal and Security

Compliance: Meet legal obligations and regulatory requirements
Security: Protect against fraud, abuse, and security threats
Disputes: Resolve disputes and enforce our agreements

4. Information Sharing and Disclosure

4.1 Service Providers

We may share information with trusted third-party service providers:

Cloud Infrastructure: Google Cloud Platform for hosting and processing
Analytics: Google Analytics for basic website analytics
Email Services: For marketing communications and support

4.2 Google Workspace Data

No External Sharing: Email content and metadata accessed through Google APIs is never shared with third parties
Google's Privacy: Google's own privacy policy applies to data processed within their infrastructure
API Compliance: All data access complies with Google's API terms of service

4.3 Legal Requirements

We may disclose information when required by law:

Legal Process: In response to valid legal requests
Regulatory Compliance: To comply with applicable regulations
Protection of Rights: To protect our rights, property, or safety

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Data Security

5.1 Security Measures

We implement appropriate technical and organizational measures:

Encryption: Industry-standard encryption for data in transit and at rest
Access Controls: Role-based access controls and authentication
Regular Audits: Security assessments and penetration testing
Employee Training: Regular security and privacy training

5.2 Google Workspace Security

Google's Infrastructure: Leverages Google's enterprise-grade security standards
SOC 2 Type II: Benefits from Google's comprehensive security certifications
Data Residency: All data remains within Google's secure infrastructure
Access Logging: Comprehensive audit trails for all data access

6. Data Retention Policies

6.1 Website and Marketing Data

Waitlist Information: Retained until you unsubscribe or request deletion
Contact Information: Retained for 3 years after last interaction
Analytics Data: Retained for 2 years, then anonymized
Marketing Communications: Retained until consent is withdrawn

6.2 Google Workspace Data

Email Content: Never stored permanently; processed temporarily during active use only
Usage Analytics: Retained for 90 days, then deleted
Feature Usage: Retained for 1 year for service improvement, then anonymized
Error Logs: Retained for 30 days for troubleshooting, then deleted

6.3 Legal and Compliance Data

Financial Records: Retained for 7 years as required by tax laws
Legal Disputes: Retained until resolution plus 3 years
Regulatory Requirements: Retained as required by applicable laws

6.4 Data Deletion

Immediate Deletion: Upon user request, data is deleted within 30 days
Account Deletion: All associated data is deleted when an account is closed
OAuth Revocation: Revoking Google Workspace access immediately stops all data processing

7. Your Rights and Choices

7.1 General Rights

You have the right to:

Access: Request copies of your personal information
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal information
Portability: Receive your data in a portable format
Restriction: Limit how we use your information

7.2 Google Workspace Specific Rights

Revoke Access: Revoke Google Workspace permissions at any time through Google Account settings
Data Export: Export your data through Google's data export tools
Processing Control: Control what data is processed through our add-on settings
Immediate Cessation: Stop all data processing immediately by disabling the add-on

7.3 Marketing Communications

Opt-Out: Unsubscribe from marketing emails at any time
Preferences: Manage your communication preferences
Consent: Withdraw consent for marketing communications

7.4 Cookies and Tracking

Browser Settings: Control cookies through your browser settings
Opt-Out Tools: Use available opt-out mechanisms for tracking
Do Not Track: Respect Do Not Track browser signals

8. International Data Transfers

8.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

8.2 EU/UK Data Transfers

For EU and UK users, we use appropriate safeguards such as:

Standard Contractual Clauses (SCCs)
Adequacy decisions
Other approved transfer mechanisms

8.3 Google Workspace Data Location

Google's Infrastructure: Data processed through Google Workspace APIs remains within Google's global infrastructure
Google's Compliance: Google maintains compliance with international data transfer requirements
User Control: Users can control data location through their Google Workspace settings

9. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will delete it immediately.

10. GDPR Compliance (EU Users)

10.1 Legal Basis for Processing

We process your personal data based on:

Consent: For marketing communications and Google Workspace integration
Contract: To provide our services and fulfill agreements
Legitimate Interest: For service improvement and security
Legal Obligation: To comply with applicable laws

10.2 Your GDPR Rights

EU users have the following specific rights:

10.2.1 Right of Access (Article 15)

Request Information: Request confirmation of whether we process your personal data
Data Details: Receive details about what data we process, how, and why
Data Copy: Receive a copy of your personal data in a structured format

10.2.2 Right to Rectification (Article 16)

Correct Inaccuracies: Request correction of inaccurate personal data
Complete Information: Request completion of incomplete personal data
Timely Response: Corrections made within 30 days of request

10.2.3 Right to Erasure (Article 17)

Request Deletion: Request deletion of your personal data in specific circumstances
Immediate Processing: Process deletion requests within 30 days
Confirmation: Provide confirmation of deletion actions taken

10.2.4 Right to Restrict Processing (Article 18)

Limit Processing: Request restriction of data processing in specific circumstances
Temporary Hold: Temporarily stop processing while investigating requests
Notification: Notify other controllers of restriction requests when applicable

10.2.5 Right to Data Portability (Article 20)

Structured Format: Receive your data in a structured, commonly used format
Machine Readable: Data provided in machine-readable format
Direct Transfer: Request direct transfer to another controller where technically feasible

10.2.6 Right to Object (Article 21)

Object to Processing: Object to processing based on legitimate interests
Marketing Objections: Object to direct marketing at any time
Immediate Cessation: Stop processing upon objection unless compelling legitimate grounds exist

10.2.7 Rights Related to Automated Decision Making (Article 22)

Human Review: Request human review of automated decisions
Explanation: Receive explanation of automated decision-making logic
Appeal Rights: Right to challenge automated decisions

10.3 Exercising Your Rights

Contact Method: Submit requests via email to [email protected]
Response Time: We respond to all requests within 30 days
No Cost: Exercise of rights is free of charge
Verification: We may request verification of identity for security

10.4 Right to Lodge Complaints

Supervisory Authority: Right to lodge complaints with your local data protection authority
Contact Information: EU users can find their authority at: https://edpb.europa.eu/about-edpb/board/members_en
UK Users: Contact the Information Commissioner's Office (ICO) at https://ico.org.uk

11. CCPA Compliance (California Users)

11.1 California Consumer Rights

California residents have the right to:

Know: What personal information we collect and how it's used
Delete: Request deletion of personal information
Opt-Out: Opt out of the sale of personal information (we don't sell data)
Non-Discrimination: Equal service regardless of privacy choices

11.2 Categories of Personal Information

We collect the following categories:

Identifiers: Email addresses, IP addresses, account IDs
Commercial Information: Subscription and usage data
Internet Activity: Website usage and service interactions
Professional Information: Company and job information

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Email: Sending notice to your registered email address
Website: Posting prominent notices on our website
Effective Date: Updating the effective date at the top of this policy

13. Contact Information

For questions about this Privacy Policy or to exercise your rights:

Email: [email protected]
Support: [email protected]
Address: SwiftInbox Technologies Pvt Ltd., Church Road, Chikmagalur, 577101

14. Data Protection Officer

For EU users, our Data Protection Officer can be contacted at:
Email: [email protected]

15. Supervisory Authorities

EU users have the right to lodge complaints with their local data protection authority. UK users can contact the Information Commissioner's Office (ICO).

16. Google Workspace Integration Details

16.1 Data Processing Infrastructure

Google's Infrastructure: All data processing occurs entirely within Google's secure infrastructure
No External Storage: No email content is ever transmitted to or stored on non-Google servers
Temporary Processing: Email content is processed temporarily for AI analysis only during active use
User Control: Users maintain full control over their data and can revoke access at any time

16.2 Usage Analytics

Limited Analytics: Usage analytics are limited to basic feature usage counts only
No Content Analysis: We do not analyze or store email content for analytics purposes
Anonymized Data: Any analytics data is anonymized and aggregated
User Control: Users have full control over their data and can request deletion at any time

17. Google API Limited Use Compliance

SwiftInbox AI's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. SwiftInbox AI does not retain user data to develop, improve, or train generalized AI and/or ML models. All email data is processed in real-time using Google's AI services and is not stored permanently or used for model training purposes.

17.1 Limited Use Requirements

No Model Training: We do not use Google API data to develop, improve, or train generalized AI/ML models
No Data Retention: Email content is never stored permanently for any purpose
Real-time Processing: All AI analysis occurs in real-time during active user sessions only
Google's Infrastructure: Processing is performed using Google's AI services within their secure infrastructure

17.2 Data Processing Limitations

Temporary Access: Data is accessed only temporarily during active use of our Gmail add-on
No External Storage: No email content is ever transmitted to or stored on external servers
Purpose-Limited: Data is used solely for providing the specific features requested by users
User Control: Users maintain full control over their data and can revoke access at any time

17.3 Compliance Verification

Regular Audits: We conduct regular audits to ensure compliance with Google's Limited Use requirements
User Transparency: Users can review our data handling practices and request verification
Google Review: Our practices are subject to Google's review and approval process