Mailopoly—Privacy Policy

1. Introduction

Mailopoly Pty Limited ("Mailopoly") is the operator of an intelligent email management and productivity platform via the website www.Mailopoly.com and associated mobile applications. Any information that you provide to Mailopoly through our services, or that is provided by a third party on your behalf, may be collected and used by Mailopoly in accordance with this privacy policy.

This privacy statement explains how Mailopoly protects the privacy of your personal information under the Australian Privacy Principles (Privacy Act 1988) and other applicable privacy laws. This policy applies to your use of Mailopoly's services and should be read in conjunction with our Terms and Conditions.

2. Information We Collect

The types of personal information that Mailopoly collects and holds may include:

Account information (name, email address, password, username)
Contact information (phone number, address)
Email content and attachments accessed through email provider APIs and protocols (Gmail, Outlook, Yahoo, IMAP, and others)
Email metadata (sender, recipient, timestamps, labels)
Calendar events and appointments
Task and action items extracted from emails
Financial information extracted from emails (such as bills and invoices)
Usage data and interaction with our services
Device information and identifiers

If you choose not to provide certain personal information to Mailopoly, we may not be able to provide you with full access to our services.

3. How We Collect Information

We collect personal information in several ways, including:

Directly from you when you create an account or use our services
Through your email accounts (Gmail, Outlook, Yahoo, IMAP, and other supported providers) when you grant us access via OAuth authorization or other secure authentication methods
Automatically through your use of our services
Through cookies and similar technologies
From third-party services when you use Single Sign-On

Email Provider Integrations: When you connect your email account, we access your email data through secure protocols and APIs provided by your email service (Gmail, Outlook, Yahoo, IMAP, and other supported providers). We request only the minimum permissions necessary to provide our services, including reading and sending emails on your behalf.

Gmail API Services: For Gmail users specifically, we access your email data using Google's Gmail API and adhere to Google's API Services User Data Policy, including the Limited Use requirements.

4. How We Use Your Information

Your personal information may be used to:

Provide and improve our email management and productivity services
Process and organize your emails, events, and tasks
Generate automated responses and suggestions
Analyze and improve our services' performance and features
Communicate with you about our services
Protect the security and integrity of our services
Comply with legal obligations
Debug and fix technical issues

Email Provider Data and Limited Use

Data obtained through email provider integrations (including Gmail, Outlook, Yahoo, IMAP, and other supported providers) is used exclusively to provide our email management and productivity services to you. We do not:

Use email data to train or develop general-purpose AI or machine learning models
Transfer email data to third parties except as necessary to provide our services or as required by law
Use email data for serving advertisements
Allow humans to read email data unless we have your affirmative agreement for specific messages, it is necessary for security purposes, or to comply with applicable law

Google User Data and Limited Use Requirements: For Gmail users specifically, Mailopoly's use of information received from Gmail APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

5. Data Processing and AI Features

Our service uses artificial intelligence and machine learning to process your emails and related data to provide features such as:

Automated email filtering and organization
Event and task extraction
Smart reply suggestions
Financial data processing

This processing is performed securely and in accordance with this privacy policy. For Gmail users, all processing adheres to Google's Limited Use requirements. All AI processing of email data is done solely to provide and improve our services for you. You can control these features through your account settings.

6. Data Sharing and Disclosure

We will not disclose your information, including email data from any provider, without your consent unless:

Required or authorized by law
Necessary to provide our services (e.g., cloud infrastructure providers with strict data processing agreements)
Required to protect our rights or property
Required to prevent immediate harm

We may share your data with trusted service providers who assist in operating our services, subject to strict confidentiality obligations and contractual requirements that they handle your data in compliance with this privacy policy and applicable data protection laws.

Email Data Sharing: Email data from any provider is never sold to third parties and is only shared with service providers as necessary to provide our services under strict confidentiality and data protection agreements.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

Encryption of data in transit and at rest using industry-standard protocols
Secure access controls and authentication, including OAuth 2.0 and other secure protocols for email access
Regular security assessments and vulnerability testing
Employee training and confidentiality agreements
Restricted access to personal data on a need-to-know basis
Secure data centers with physical security controls

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using reasonable measures.

8. Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information. These may include:

For Australian Users:

Right to access and correct your personal information
Right to complain to the Office of the Australian Information Commissioner

For California Residents:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information held by businesses
Right to opt-out of sale of personal information (note: we do not sell personal information)
Right to non-discrimination when exercising privacy rights

For EEA Users:

Right to access and portability
Right to rectification
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to object to processing
Right to withdraw consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within the timeframe required by applicable law.

9. International Data Transfers

We operate globally and may transfer your personal information to different jurisdictions:

For EEA users, we ensure appropriate safeguards through Standard Contractual Clauses and adequacy decisions
For US users, we comply with state-specific privacy laws including CCPA/CPRA
For all international transfers, we implement appropriate technical and organizational measures to protect your data

By using our services, you consent to your information being transferred to and processed in countries where we operate, which may have different data protection rules than your country.

10. Data Retention and Deletion

This section describes how long we retain different types of data and how you can request deletion of your data.

Email Provider Data

Data accessed from your email accounts (Gmail, Outlook, Yahoo, IMAP, and other supported providers) is subject to the following retention practices:

Active Processing: Email content, metadata, and extracted information (such as events, tasks, and financial data) are retained while your account is active and for as long as necessary to provide our services
Cached Data: We may temporarily cache email data for performance optimization. Cached data is automatically deleted within 90 days
Extracted Information: Information extracted from emails (tasks, events, financial summaries) is retained for the duration of your account to provide continuity of service
Account Disconnection: When you disconnect any email account from Mailopoly, we will delete all associated email content and metadata from that provider within 30 days, except for data we are required to retain for legal or regulatory purposes

Account Information

Active Accounts: Account information (name, email address, settings) is retained while your account remains active
Inactive Accounts: If your account is inactive for 24 consecutive months, we may send you a notice and subsequently delete your account and associated data within 90 days of the notice

Usage and Analytics Data

Usage data and analytics are retained for up to 26 months to help us improve our services
Aggregated and anonymized usage data may be retained indefinitely for statistical purposes

Legal Retention Requirements

We may retain certain data for longer periods when required by law, regulation, or to comply with legal obligations, resolve disputes, or enforce our agreements. This includes:

Financial and billing records (retained for 7 years to comply with tax and accounting requirements)
Data relevant to legal proceedings or investigations
Records necessary to comply with regulatory requirements

Data Deletion Procedures

You have the right to request deletion of your personal data at any time:

Manual Deletion Requests: Contact us at privacy@mailopoly.com to request deletion of your data. We will process your request within 30 days
Account Closure: You can delete your account through your account settings. Upon account deletion, we will delete or anonymize your personal data within 30 days, except as noted above for legal retention requirements
Email Account Disconnection: You can disconnect any email account from Mailopoly through your account settings. We will delete all email data from that provider within 30 days of disconnection
Provider-Level Revocation: You can also revoke Mailopoly's access to your email account through your email provider's security or permissions settings:
- Gmail users: Google Account Permissions
- Outlook/Microsoft users: Microsoft App Permissions
- Other providers: Check your email provider's security settings
We will delete all email data from that provider within 30 days of detecting revocation
Backup Data: Data stored in backups will be deleted according to our backup retention schedule, which does not exceed 90 days

What Happens After Deletion

Once data is deleted:

It is permanently removed from our active systems and cannot be recovered
It will be removed from backup systems according to our backup retention schedule
Aggregated or anonymized data that cannot identify you may be retained for statistical purposes
You will no longer be able to access services that depend on the deleted data

Important Note: Deletion of your data from Mailopoly does not delete the original data in your email provider's systems. Your emails remain in your email accounts with Gmail, Outlook, Yahoo, or whichever provider(s) you use.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze usage patterns:

Essential Cookies: Required for basic functionality and security (cannot be disabled)
Functional Cookies: Remember your preferences and settings (retention: 12 months)
Analytics Cookies: Help us understand how users interact with our services (retention: 26 months)

You can control cookie preferences through your browser settings, though disabling certain cookies may limit functionality.

12. Children's Privacy

Our services are not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

13. Region-Specific Disclosures

California Privacy Notice:
Under the CCPA/CPRA, California residents have specific rights regarding their personal information. See our California Privacy Notice for additional information.

EU/UK Privacy Notice:
For users in the European Economic Area or United Kingdom, additional rights and protections apply under the GDPR. See our EU/UK Privacy Notice for details.

Notice to Other Jurisdictions:
Users in other jurisdictions may have additional rights under their local laws. Contact us to learn more about jurisdiction-specific privacy rights.

14. Data Protection Representative

For users in the European Union, our EU representative can be contacted at: [EU Representative details]

For users in the United Kingdom, our UK representative can be contacted at: [UK Representative details]

15. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you via email or through a prominent notice in our service
For material changes affecting email data usage, obtain your consent where required

Your continued use of our services after changes become effective constitutes acceptance of the updated privacy policy.

16. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Mailopoly Pty Limited
Email: privacy@mailopoly.com
Support: support@mailopoly.com
Website: https://mailopoly.com

For data protection inquiries in the EU or UK, you may also contact our designated representatives using the information provided in Section 14.

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.