Privacy Policy

Last updated: February 13, 2026

Overview

EmailAI ("we", "our", "us") is a Chrome browser extension that helps you write emails by turning bullet points into polished messages. We are committed to protecting your privacy and being transparent about how we handle your data.

The short version: We do not store, log, or sell your email content. Your bullet points are sent to our AI service to generate an email, then immediately discarded. We collect the minimum data necessary to operate the service.

What Data We Collect

Anonymous Usage Data (All Users)

  • Anonymous usage identifier: A randomly generated UUID stored locally on your device, used solely to track your daily free email count. This ID is not linked to any personal information.
  • Usage counts: The number of emails generated per day, used to enforce the free tier limit of 30 emails/day.

Account Data (Signed-in Users Only)

  • Email address: Provided via Google OAuth when you sign in to upgrade to the Pro plan.
  • Name: Provided via Google OAuth.
  • Subscription status: Whether you have an active Pro subscription.

Payment Data

Payment processing is handled entirely by Stripe. We do not store, process, or have access to your credit card numbers or payment method details. Stripe's privacy policy governs the handling of your payment information.

What We Do NOT Collect

  • Email content: The bullet points you type and the emails generated are processed in real-time and immediately discarded. We do not store, log, read, or analyze your email content.
  • Browsing history: We do not track or collect information about the websites you visit.
  • Personal files: We do not access any files on your device.
  • Contacts: We do not access your contacts or address book.
  • Location data: We do not collect your geographic location.

How We Use Your Data

  • To generate emails based on your bullet points (processed in real-time, not stored).
  • To enforce the daily free tier limit (30 emails/day).
  • To manage your Pro subscription status, if applicable.
  • To communicate important service updates, if you have provided an email address.

Third-Party Services

We use the following third-party services to operate EmailAI:

  • Google Gemini API: Your bullet points are sent to Google's Gemini API to generate email text. The content is processed in real-time and is subject to Google's API terms of service. Google does not use API data to train their models.
  • Google OAuth: Used for authentication when signing in to access Pro features. We receive only your name and email address. Subject to Google's Privacy Policy.
  • Stripe: Used for payment processing for Pro subscriptions. We do not store payment details. Subject to Stripe's Privacy Policy.
  • Cloudflare: Our backend infrastructure runs on Cloudflare Workers. Subject to Cloudflare's Privacy Policy.

Data Retention

  • Email content: Not retained. Processed in real-time and immediately discarded.
  • Usage counts: Retained for operational purposes (daily limit enforcement). Reset daily.
  • Account data: Retained as long as you have an active account. You may request deletion at any time.
  • Payment records: Managed by Stripe according to their retention policy and applicable legal requirements.

Data Security

We implement appropriate technical and organizational measures to protect your data. All data transmission between the extension and our servers is encrypted using HTTPS/TLS. Our backend infrastructure is hosted on Cloudflare's globally distributed network with enterprise-grade security.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request that we correct any inaccurate personal data.
  • Right to erasure: You can request that we delete your personal data.
  • Right to restriction: You can request that we restrict the processing of your personal data.
  • Right to data portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to object: You can object to the processing of your personal data.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at the email address below. We will respond to your request within 30 days.

Legal Basis for Processing (GDPR)

We process personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the EmailAI service you requested (email generation, subscription management).
  • Legitimate interest: Processing necessary for usage tracking to enforce free tier limits and maintain service quality.
  • Consent: Where you have explicitly consented, such as signing in with Google OAuth.

Children's Privacy

EmailAI is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

niklas@held0.com