Privacy Policy
Last updated: 10/21/2024
1. Introduction
ChillMail ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ChillMail application ("the App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.
2. Anti-Spam Policy and Email Consent
ChillMail strictly prohibits the sending of spam or unsolicited commercial emails. Users of our service must ensure that:
- All email recipients have explicitly consented to being contacted
- Every email sent through our platform includes a clear and functioning unsubscribe mechanism (either a link or keyword response)
- Recipients' unsubscribe requests are honored immediately
- Email lists are properly maintained and cleaned of unsubscribed addresses
- All emails comply with applicable laws and regulations, including CAN-SPAM Act requirements
- No deceptive subject lines or sender information is used
Clear identification that the message is an advertisement when applicable
- Best Practices and Compliance Requirements:
- Maintain proper documentation of recipient consent
- Regularly clean and update email lists
- Monitor bounce rates and engagement metrics
- Implement proper email authentication (SPF, DKIM, DMARC)
- Follow email scheduling best practices
- Maintain professional and ethical communication standards
Any attempt to circumvent these practices, including but not limited to:
- Sending emails to scraped or purchased lists
- Removing or obscuring unsubscribe options
- Ignoring unsubscribe requests
- Using techniques to bypass spam filters
- Engaging in aggressive or misleading email practices
- Failing to maintain proper consent records
Will result in immediate account termination without refund.
ChillMail actively monitors user behavior and email practices. Users found in violation of these policies will have their accounts terminated immediately without prior notice or refund. We maintain a zero-tolerance policy for spam and unsolicited emails to protect our platform's integrity and our users' reputation.
3. Information We Collect
ChillMail is a B2B email application designed for professional business communication with consenting recipients. To provide this service, we require access to certain information from your Google account. We request the following scopes and use them as described:
https://www.googleapis.com/auth/gmail.send: We use this scope to send emails on your behalf through your Gmail account.
https://www.googleapis.com/auth/gmail.readonly: We use this scope to read incoming emails in order to check the reply status of sent emails and remove them from the email sending queue. We do NOT store any data obtained through this scope.
https://www.googleapis.com/auth/userinfo.profile and https://www.googleapis.com/auth/userinfo.email: We use these scopes to obtain your email address and a link to your public profile picture. We store only this information.
https://www.googleapis.com/auth/pubsub: We use this scope to receive notifications about interactions in your Gmail account, which allows us to update the status of sent emails in real-time. We do NOT store any data obtained through this scope.
We do not collect or store any other personal information beyond your email address and a link to your public profile picture. We do not store passwords for user accounts, as we exclusively use Google for authentication.
4. How We Use Your Information
We use the information we collect solely for the purpose of providing and improving the ChillMail service. Specifically:
- To send emails on your behalf through your connected Gmail accounts.
- To monitor the status of sent emails and manage your email sending queue.
- To display your profile picture and email address within the App.
- To authenticate your access to the App.
We do not use your data for any form of automated decision-making or profiling.
5. Data Storage and Security
Data Storage and Security
We take the security of your data seriously and implement robust security measures to protect your information. Specifically:
- All data transmission between our application and third-party services (Google, Microsoft 365) is encrypted using industry-standard TLS (Transport Layer Security) protocols.
- We utilize end-to-end encryption for all sensitive data storage and transmission within our systems.
- Our application infrastructure is hosted on secure cloud servers with multiple layers of security controls, including firewalls and intrusion detection systems.
We implement a secure authentication system using:
- OAuth 2.0 integration with Google and Microsoft 365 for secure account access
- JWT (JSON Web Tokens) stored securely in HTTP-only cookies for session management
- No sensitive authentication data is stored in localStorage, providing enhanced protection against XSS attacks
- Secure session management with automatic token rotation and validation
We enforce strict access controls and authentication mechanisms to prevent unauthorized access to your data.
Our application employs the following security best practices:
- HTTPS-only communication
- Secure cookie attributes (HTTP-only, Secure, SameSite)
- Content Security Policy (CSP) headers
- Regular security patches and updates
Regular security audits and vulnerability assessments are conducted to maintain the integrity of our security systems.
All stored data is encrypted at rest using industry-standard encryption algorithms.
We maintain secure backup systems with the same level of encryption and protection as our primary systems.
Our development team follows security best practices and undergoes regular security training.
We only store your email address and a link to your public profile picture. We do not store any other data obtained through the Gmail API, Microsoft Graph API, or authentication processes. All data is stored securely and protected against unauthorized access through the security measures described above.
6. Sharing of Your Information
We do not share any of your personal information or data with third parties.
7. Your Data Rights
You have the right to:
- Delete your ChillMail account and associated information at any time.
- Remove any Gmail accounts connected to your ChillMail account.
- Request information about the data we hold about you.
To exercise these rights, please contact us at [email protected].
8 Data Retention
We only retain your email address and account settings for as long as you maintain an active account with ChillMail. Upon account deletion, all associated data is permanently removed from our systems.
9. Age Restrictions
ChillMail is intended for use by individuals who are of legal age to use email services in their respective jurisdictions. We do not knowingly collect or solicit information from anyone under the legal age to use our application according to your jurisdiction.
10. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by sending an email to the address associated with your account. You are advised to review this Privacy Policy periodically for any changes.
11. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at:
Email: [email protected]