Privacy Policy

1. Introduction

This Privacy Policy explains how Genroe (Australia) Pty Ltd ABN 51 092 916 731 ("we", "us", "our", or "Licensor") collects, uses, discloses, and protects information when you use MailSignal (the "Software") and visit our website at https://mailsignal.app (the "Website").

We are committed to protecting your privacy and handling your personal information in accordance with applicable privacy laws, including:

• The Australian Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
• The European Union General Data Protection Regulation (GDPR)
• The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• The UK Data Protection Act 2018 and UK GDPR
• Other applicable data protection laws in jurisdictions where our users are located

By using the Software or Website, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use the Software or Website.

2. Information We Collect

We collect different types of information depending on how you interact with our Software and Website.

2.1 Information You Provide Directly

Account Registration Information:

• Name and email address (if you create an account)
• Company name and business information (for commercial licenses)
• Payment information (processed by third-party payment processors)
• Communications you send to us (support requests, feedback, inquiries)

Email Account Authentication:

• Email addresses of accounts you connect to the Software
• OAuth authentication tokens from Microsoft Office 365 and Google Gmail
• Account identifiers provided by Third-Party Services

2.2 Information Collected Automatically by the Software

Email Count Data:

• Unread email counts from your connected Office 365 and Gmail accounts
• Timestamp of last count retrieval
• Account-specific count history (stored temporarily for display purposes)

Authentication and Security Data:

• OAuth authentication tokens (stored locally on your device in encrypted format)
• Token expiration and refresh timestamps
• Authentication success/failure events

Usage and Diagnostic Data:

• Application launch and close events
• Account connection and disconnection events
• Feature usage statistics (e.g., which features you use and how often)
• Error logs and crash reports
• Software version and build number
• Operating system version and configuration

Device Information:

• Device type and hardware identifiers
• Windows version and build number
• IP address (for license validation and security purposes)
• Unique device identifiers (hashed for privacy)

2.3 Information Collected Through the Website

Website Usage Data:

• IP address and approximate geographic location
• Browser type and version
• Pages visited and time spent on pages
• Referring website or source
• Device type and screen resolution
• Date and time of access

Cookies and Tracking Technologies: We use cookies and similar tracking technologies on our Website. See Section 8 for detailed information about cookies.

2.4 Information from Third-Party Sources

Third-Party Service Providers:

• Information from Microsoft and Google when you authenticate your email accounts
• Payment information from payment processors (we do not store full credit card details)
• Analytics data from third-party analytics services

Publicly Available Information:

• Business information from public registries (for commercial license verification)
• Information you make publicly available on social media or other platforms

2.5 Information We Do NOT Collect

We explicitly do NOT collect, access, or store:

• The content of your emails
• Email attachments
• Email metadata (subject lines, sender/recipient information, timestamps)
• Contact lists or address books
• Calendar information
• Any other data from your email accounts beyond unread counts

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Operate the Software

• Authenticate your email accounts via OAuth
• Retrieve and display unread email counts from your connected accounts
• Maintain authentication tokens and refresh them as needed
• Process your license activation and validation
• Provide customer support and respond to your inquiries
• Send you important notices about the Software (security updates, service changes)

3.2 To Improve and Develop the Software

• Analyze usage patterns to improve features and functionality
• Identify and fix bugs, errors, and performance issues
• Develop new features based on user needs
• Conduct research and analytics to enhance user experience
• Test new features and updates

3.3 To Ensure Security and Prevent Fraud

• Detect and prevent unauthorized access or security breaches
• Verify license authenticity and prevent software piracy
• Monitor for suspicious activity or abuse
• Comply with legal obligations and enforce our terms
• Protect our rights, property, and safety, and that of our users

3.4 To Communicate With You

• Respond to your support requests and inquiries
• Send you software updates and security notifications
• Provide information about new features or changes to the Software
• Send marketing communications (only with your consent, where required)
• Conduct surveys and request feedback

3.5 For Legal and Compliance Purposes

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from government authorities
• Enforce our End User License Agreement and other policies
• Resolve disputes and protect against legal liability
• Exercise or defend legal claims

3.6 With Your Consent

• For any other purpose disclosed to you at the time of collection
• For purposes you specifically authorize

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (the EULA) and provide the Software.
• Legitimate Interests: Processing is necessary for our legitimate business interests, including improving and developing the Software, ensuring security and preventing fraud, analyzing usage to enhance user experience, and marketing our services (where permitted).
• Legal Obligation: Processing is necessary to comply with legal obligations.
• Consent: Where we have obtained your explicit consent (you may withdraw consent at any time).

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information in the following circumstances:

5.1 Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating the Software and Website, including:

• Microsoft and Google: We share authentication requests with Microsoft Office 365 and Google Gmail to enable email account connections. These providers process authentication according to their own privacy policies.
• Payment Processors: If you purchase a license, your payment information is processed by third-party payment processors. We do not store full credit card details.
• Cloud Hosting Providers: We may use cloud hosting services to host our Website and store limited data.
• Analytics Providers: We use analytics services to understand how users interact with our Website and Software.
• Customer Support Tools: We use customer support platforms to manage and respond to your inquiries.
• Email Service Providers: We use email services to send you notifications and communications.

All third-party service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Requests from government authorities or law enforcement
• National security or law enforcement requirements
• Protection of our rights, property, or safety, or that of our users or the public

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for any purpose, including research, analytics, and marketing.

6. Data Storage and Security

6.1 Where We Store Your Data

Local Storage: Most data collected by the Software is stored locally on your device, including:

• Authentication tokens (encrypted)
• Email count data (temporary cache)
• Application settings and preferences

Our Servers: We may store limited data on servers located in Australia (primary data center).

For users in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission.

6.2 How We Protect Your Data

We implement reasonable technical and organizational security measures to protect your information, including:

Encryption:

• Authentication tokens are encrypted using AES-256 encryption
• Data transmitted between the Software and Third-Party Services uses TLS/SSL encryption
• Website connections use HTTPS encryption

Access Controls:

• Strict access controls limit who can access your information
• Multi-factor authentication for internal systems
• Regular security audits and vulnerability assessments

Security Monitoring:

• Continuous monitoring for suspicious activity
• Intrusion detection and prevention systems
• Regular security updates and patches

Data Minimization:

• We collect only the minimum data necessary to provide the Software
• We do not access or store email content
• We delete data when no longer needed

6.3 Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Authentication Tokens: Stored locally on your device until you disconnect your email accounts or uninstall the Software.
• Usage Data: Retained for up to 24 months for analytics and improvement purposes, then aggregated or deleted.
• Account Information: Retained for the duration of your account plus 7 years for legal and compliance purposes.
• Support Communications: Retained for 7 years to provide ongoing support and resolve disputes.
• Legal Holds: Data may be retained longer if required for legal proceedings or regulatory investigations.

You may request deletion of your data at any time (see Section 7 for your rights).

6.4 Security Limitations

While we implement reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information. You are responsible for:

• Maintaining the security of your device and user accounts
• Using strong passwords and enabling two-factor authentication
• Keeping your Software updated with the latest security patches
• Reporting any suspected security breaches to us immediately

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

7.1 Rights for All Users

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information (subject to legal obligations).
• Objection: Object to our processing of your information for certain purposes.
• Portability: Request a copy of your information in a structured, machine-readable format.
• Withdraw Consent: Withdraw consent for processing based on consent (does not affect prior processing).

7.2 Additional Rights for EEA, UK, and Swiss Users (GDPR)

• Right to Restriction: Request restriction of processing in certain circumstances.
• Right to Object to Automated Decision-Making: Object to decisions based solely on automated processing.
• Right to Lodge a Complaint: Lodge a complaint with your local data protection authority.

7.3 Additional Rights for California Residents (CCPA/CPRA)

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose.
• Right to Delete: Request deletion of your personal information (subject to exceptions).
• Right to Opt-Out of Sale: We do not sell personal information, but you have the right to opt-out if we ever do.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: Request limitation on use of sensitive personal information (if applicable).
• Authorized Agent: You may designate an authorized agent to make requests on your behalf.

7.4 Additional Rights for Australian Users (Privacy Act)

• Access and Correction: Request access to and correction of your personal information.
• Complaints: Lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC).

7.5 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@mailsignal.app
• Mail: Genroe (Australia) Pty Ltd, ABN 51 092 916 731

We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our Website. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance your experience and collect usage data.

8.2 Types of Cookies We Use

• Essential Cookies: Necessary for the Website to function properly (e.g., session management, security).
• Analytics Cookies: Help us understand how visitors use our Website (e.g., Cloudflare Web Analytics).
• Functional Cookies: Remember your preferences and settings.
• Marketing Cookies: Track your activity across websites to deliver targeted advertising (only with your consent).

8.3 Managing Cookies

You can control cookies through your browser settings:

• Accept All Cookies: Allow all cookies for full Website functionality.
• Reject Non-Essential Cookies: Block analytics and marketing cookies (may limit functionality).
• Delete Cookies: Remove cookies already stored on your device.

Most browsers allow you to view and delete cookies, block third-party cookies, block all cookies (may prevent Website from functioning properly), and receive notifications when cookies are set.

8.4 Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Our Website does not currently respond to DNT signals, as there is no industry standard for how to interpret them.

8.5 Software Analytics

The Software may collect anonymous usage analytics (see Section 2.2). You can opt out of analytics through the Software's settings.

9. International Data Transfers

We are based in Australia, and your information may be transferred to, stored, and processed in Australia and other countries where we or our service providers operate.

9.1 Transfers from the EEA, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, we ensure appropriate safeguards for international data transfers, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
• Your Explicit Consent: Where you have provided explicit consent for the transfer

9.2 Transfers from Other Jurisdictions

For users in other jurisdictions, we comply with applicable data transfer requirements and implement appropriate safeguards.

9.3 Data Protection Standards

Regardless of where your data is processed, we apply the same high standards of data protection described in this Privacy Policy.

10. Children's Privacy

The Software and Website are not intended for children under the age of 18 (or the age of majority in your jurisdiction).

We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@mailsignal.app. We will delete such information promptly.

11. Third-Party Links and Services

11.1 Third-Party Websites

Our Website may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing any information.

11.2 Third-Party Services

The Software integrates with Microsoft Office 365 and Google Gmail. Your use of these services is governed by their respective privacy policies:

• Microsoft Privacy Statement: https://privacy.microsoft.com
• Google Privacy Policy: https://policies.google.com/privacy

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will provide notice through the Software, Website, or email
• Your continued use of the Software or Website after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@mailsignal.app
• Company: Genroe (Australia) Pty Ltd
• ABN: 51 092 916 731

We will respond to your inquiry within a reasonable timeframe.