Privacy Policy

At MailNotes we take your privacy seriously. This policy describes how our Chrome extension collects, uses, and protects your information when you use it to connect Gmail with Notion.

1. Data we collect

MailNotes accesses the following data only when you manually run the extension on an open email:

• Email content (Gmail): subject, body, and basic metadata (sender, date) of the email you are currently processing.
• PDF attachments: the content of PDF files attached to the email, when you activate this feature.
• Account information: your email address and Google user ID, to identify your session.
• Notion data: access to your list of databases so you can select where to save the information.
• Anonymous usage data: product metrics such as interaction events and technical errors, without personally identifiable information, to improve service stability.

2. How we use your information

We use your information exclusively to:

• Process and summarize the content of emails you manually select.
• Generate summaries, tasks, and structured data using artificial intelligence.
• Send the processed information to your Notion workspace.
• Manage your account, subscription, and credits.

MailNotes does not sell or commercialize your personal data to third parties under any circumstances.

3. Third-party providers

To deliver the service, MailNotes works with the following trusted providers:

• OpenAI (API): the content of your selected email is sent to the OpenAI API to generate summaries and extract information. OpenAI does not use this data to train its public models under their API terms of use.
• Notion (API): processed data is sent directly to your Notion account.
• Stripe: secure payment processing and subscription management. MailNotes does not store credit card data.
• PostHog: anonymous product analytics and technical error detection.

4. Google API Limited Use compliance

MailNotes' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

This means:

• We only access Gmail data when the user manually runs the extension.
• We do not use Google Workspace data to train generalized AI models.
• We do not share Gmail data with third parties beyond the providers necessary for the service described in this policy.

5. Storage and security

MailNotes processes data in transit and does not store the content of your emails on our servers. Data flows from Gmail to the AI and directly to your Notion without being permanently stored.

We do store only:

• Your user ID and access tokens, required to maintain your active session with Google and Notion.
• The number of credits consumed to manage plan limits.
• Saved custom prompts (Pro plan only), stored linked to your account.

All communication between your browser, our API, and third-party services is encrypted using TLS 1.2+ (HTTPS). Our servers use disk-level encryption at rest.

MailNotes has passed the App Defense Alliance CASA Assessment – Tier 2 (Lab Tested & Lab Verified), an independent security evaluation conducted by TAC Security and authorized by the App Defense Alliance. The certification (ID: 9060cab1, valid until January 2027) verifies that MailNotes meets OWASP ASVS security standards for applications accessing Gmail data. All evaluated categories — authentication, session management, access control, data protection, cryptography, communications, and others — received a Pass result.

6. Data retention

Access tokens and account data are retained while your account is active. If you request account deletion, we will delete all your data within a maximum of 30 days, unless we are legally required to retain it.

7. Your rights

At any time you can:

• Revoke MailNotes' access to Gmail from your Google security settings.
• Revoke access to Notion from your workspace integration settings.
• Request access, correction, or deletion of your data by contacting us.
• Object to the processing of your data or request its portability.

If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with the competent supervisory authority.

8. Cookies and analytics

The MailNotes website (mailnotes.es) uses a self-hosted instance of Umami for anonymous web analytics. No third-party cookies are used and no browsing data is shared with advertising platforms.

The Chrome extension does not use cookies. Session data is stored in the browser's local storage (chrome.storage).

9. Changes to this policy

We may update this policy periodically. The last updated date at the top of this document always reflects the current version. We recommend checking this page from time to time for significant changes.

10. Contact

For any questions about this policy or the processing of your data, contact us at mailnotes@mailnotes.es.