Privacy Policy

• Account & workspace data. Email, name, optional company name, hashed password (bcrypt via Supabase Auth), avatar URL if provided via OAuth, the workspace name, brand-tone settings, and team-member roles.
• Customer email content. When you paste an email into the generator or connect Gmail, we store the inbound email body, sender, subject, timestamps, and the AI drafts we produce. This is the substance of the service.
• OAuth tokens. If you connect Gmail, we store an access token and refresh token. Both are encrypted at rest with pgcrypto using a key not stored in the application database.
• Billing data. Plan tier, subscription state, and a Dodo Payments customer/subscription identifier. Card numbers are processed by Dodo and never reach our servers.
• Usage telemetry. IP address, user-agent, request timestamps, feature flags, error events. Used to operate and secure the service.
• Audit log. Security-sensitive events (billing changes, integration connects, role updates) are recorded for owner/admin review and for our own incident response.

We process the data described above to:

• Deliver the core feature (drafting replies in your brand voice).
• Authenticate you and gate access to your workspace via row-level security.
• Bill you on the plan you selected and provide receipts.
• Detect abuse — rate-limit credential stuffing, throttle out-of-control AI usage, prevent cross-workspace data access.
• Send transactional email (welcome, billing receipts, security alerts). We don't send marketing email without an opt-in.
• Respond to security or legal requests we are required to honor.

We do not train shared models on your customer email content. Each generation request is sent to our LLM provider (Groq) for that single inference and is not retained for model training under our processor agreements.

We rely on the following processors. The list is current as of the date above; we'll update it before adding any new processor that handles customer data.

• Customer emails / drafts. Retained for the life of the workspace. Owners can delete on demand from Settings → Data & privacy, or by deleting the workspace.
• Usage telemetry. Aggregated indefinitely for billing/quota; raw events 90 days.
• Audit log. 365 days, then rolled off in chunks.
• OAuth tokens. Held until you disconnect the integration; deleted within 24 hours of disconnect.
• Backups. Encrypted Supabase backups roll off on a 7-day window.

Wherever you live, you can:

• Export everything — Settings → Data & privacy → Download export gives you a JSON of every workspace-scoped row.
• Delete everything — same page, Permanently delete workspace. Cascade-removes every dependent row.
• Correct, restrict, or port any of the above. Contact us and we'll process within 30 days.
• Object to processing grounded in legitimate-interest where applicable.
• Withdraw consent at any time for processing that depended on it (e.g., Gmail OAuth — disconnect from Settings → Integrations).

Workspace data is isolated by Postgres row-level security. OAuth refresh tokens are encrypted at rest with pgcrypto. We require HTTPS everywhere. Access to production is limited and audited. Two-factor authentication is available for every account at Settings → Security.

Vulnerability reports are welcome at security@quickply.com or via our security.txt.