Data Protection

Privacy Policy

Last Updated: March 2026

1. Information We Collect

We collect information necessary to provide our email automation and communication services. This includes your email, name, and profile information retrieved via Google OAuth, as well as contact data (names and emails) you upload to our platform via CSV or manual entry.

2. Use of Google User Data

Gmailo's use and transfer to any other app of information received from Google APIs will adhere to theGoogle API Services User Data Policy, including the Limited Use requirements.

We access your Google data strictly for the following purposes:

  • Gmail (Read/Send): To display email threads within our dashboard, detect replies to stop automated follow-ups, and send outreach emails on your behalf. We do not read emails other than those related to your connected campaigns.
  • Google Sheets (Read-Only): Accessed only when you explicitly import a contact list. We read the spreadsheet data once to create leads in our system and do not retain persistent access to the file content.
  • Profile Info: To identify your account and display your name/avatar in the user interface.

We do not use your Google Workspace data to train generalized AI models. Any AI processing (e.g., reply generation) is performed on a per-request basis with transient data retention.

3. Billing and Subscription Data

If you purchase a paid plan, billing data is processed by your chosen payment channel (for example Apple App Store, Google Play, Stripe, or PayPal). We receive limited records needed for entitlement, fraud prevention, support, accounting, and compliance, such as purchase status, product identifier, transaction reference, renewal state, and billing country.

4. Data Security

All sensitive data, including OAuth tokens and personal identifiers, are encrypted at rest and in transit using industry-standard protocols (AES-256 and TLS 1.3). We do not store your Google account password.

5. Third-Party Sharing

We do not sell your data or your contacts' data to any third party. Data is only shared with essential sub-processors (like database providers and AI processing units) strictly necessary to fulfill our service obligations.

6. Data Retention

We retain account and operational data as long as your account is active or as needed to provide services, resolve disputes, enforce agreements, and comply with legal obligations. You can request account deletion. Some records may be retained for legal, tax, fraud-prevention, or audit requirements.

7. Your Rights

Under GDPR and CCPA, you have the right to access, delete, or port your data. You can disconnect your Google accounts and delete your entire gmailo profile at any time directly through the account settings menu.

8. Contact

Privacy requests: privacy@gmailo.ai. Legal requests: legal@gmailo.ai. You may also review our Terms of Service and Subscription Policy.