Information We Collect
Account Information
When you register, we collect:
Full name and email addressLogin credentials (stored as hashed passwords or managed via OAuth)Subscription tier and billing details (processed by Stripe — we do not store raw card data)Gmail and Google Account DataIf you connect your Google account, we access your Gmail inbox data solely to deliver the service. Specifically, we may read, process, and categorise your emails to generate briefings, surface high-priority messages, and provide AI-driven summaries. We access only the data necessary for these functions.
We do not:
Read your emails for advertising purposesShare your email content with third parties for their own useAllow human employees to read your emails except where required by law or explicitly consented to for support purposesUsage DataWe collect interaction data such as features used, session duration, and error logs. This is used to improve product performance and reliability.
CommunicationsIf you contact us via email or chat, we retain those communications to resolve your query and improve our support.
How We Use Your Information
We use your data for the following purposes:
Service delivery: to generate inbox briefings, prioritise emails, and provide AI-driven summariesProduct improvement: to analyse usage patterns and fix bugs (using aggregated, anonymised data where possible)Account management: to authenticate you, manage your subscription, and send transactional communicationsLegal compliance: to meet our obligations under applicable lawWe do not use your data to train AI models. Your email content is processed by AI APIs solely to generate outputs for you in real time and is not retained by those APIs for model training purposes.
AI Processing and Third-Party Processors
To deliver the service, your data is processed by carefully selected third-party providers. We have Data Processing Agreements (DPAs) in place with each of the following:
Anthropic (Claude AI)
Users on our Pro tier have their email content processed by Anthropic's Claude Sonnet API. Anthropic does not use API-submitted data to train their models by default. See Anthropic's privacy policy at anthropic.com/privacy.
OpenAI
Users on our Free tier have their email content processed by OpenAI's GPT-4o mini API. OpenAI does not use API-submitted data to train models by default under their API terms. See openai.com/policies/privacy-policy.
Google
We use Google OAuth 2.0 and the Gmail API to access your inbox with your explicit consent. Our use of Google user data complies with Google's API Services User Data Policy, including the Limited Use requirements.
Stripe
Payments are processed by Stripe, Inc. We share only what is necessary (name, email, amount) for payment processing. See stripe.com/privacy.
Cloud Infrastructure
Our application is hosted on secure cloud infrastructure with encryption at rest and in transit. Access is restricted to authorised personnel only.
We do not sell your personal data to any third party, and we never share your email content with advertisers.
Data Retention
We retain your data for as long as your account is active or as needed to provide the service. Specifically:
Email content: processed in real time and not stored beyond what is necessary to deliver your briefing. Cached summaries are retained for up to 30 days to power your dashboard history, then automatically deleted.Account data: retained for the duration of your account. Deleted within 30 days of account closure upon request.Usage logs: retained for up to 12 months for debugging and product analytics, then purged.Billing records: retained for 7 years as required by applicable financial regulations.Data Security
We implement the following measures to protect your data:
TLS/HTTPS encryption for all data in transitAES-256 encryption for data at restRole-based access controls — only engineers with a direct need can access production systemsOAuth tokens stored securely and never logged in plaintextRegular security reviews of third-party dependenciesNo system is completely immune to security risks. In the event of a breach that affects your personal data, we will notify you and relevant authorities as required by applicable law within 72 hours of becoming aware of the incident.
Your Rights
All Users
Regardless of where you are located, you have the right to:
Access the personal data we hold about youRequest correction of inaccurate dataRequest deletion of your account and associated dataDisconnect your Gmail or Google account at any time from your account settingsOpt out of non-essential communicationsEuropean Users (GDPR)If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
Right to data portability: receive a copy of your data in a structured, machine-readable formatRight to restriction: request that we limit processing of your data in certain circumstancesRight to object: object to processing based on legitimate interestsRight to lodge a complaint: with your local data protection authorityOur lawful basis for processing your data is contractual necessity (to deliver the service you signed up for) and, where applicable, legitimate interests.
California Users (CCPA)If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:
The right to know what personal information we collect and how it is usedThe right to request deletion of your personal informationThe right to opt out of the sale of your personal information (we do not sell personal information)The right not to be discriminated against for exercising your CCPA rightsTo exercise any of these rights, contact us at
support@mingoolai.com. We will respond within 30 days.
Cookies and Tracking
We use essential cookies to maintain your login session. We do not use third-party advertising cookies or tracking pixels. You may disable cookies in your browser settings, though this may affect your ability to use the service.
Children's Privacy
MingoolAI is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.
International Data Transfers
MingoolAI is incorporated in the United States. If you access our service from outside the US, your data may be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms to protect your data in cross-border transfers. Our third-party processors (Anthropic, OpenAI, Google, Stripe) each maintain their own international transfer compliance frameworks, details of which are available in their respective privacy policies.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this document and, for material changes, notify you by email or via an in-app notice. Continued use of the service after the effective date of any changes constitutes your acceptance of the updated policy.
Contact Us
For any privacy-related questions, requests, or concerns:
Email: support@mingoolai.comWebsite: mingoolai.comWe aim to respond to all privacy requests within 5 business days.