Privacy Policy for MailFlow (Flowful AI)

1. Data Controller

Flowful AI
Nicolas Chourrout
Avenue Beau Séjour, 79A
1410 Waterloo, Belgium
VAT: BE 1010.797.804
Email: contact@mailflowai.com

2. Data Collected

• From Google Sign-In: Name, email, profile picture.
• From Emails: Signatures, FAQs, tone/phrasing patterns (we do not store raw email content).
• From Knowledge Base: Webpages, files, Q&A.
• Automatically: Cookies, usage analytics (via GDPR-compliant tools).

3. How We Use Data

• We use data collected from Google Sign-In (Name, Email, Profile Picture) and Email content (e.g., Signatures, FAQs, tone/phrasing patterns) exclusively to provide and improve MailFlow's email drafting and related personalized services. We do not store raw email content; we only extract relevant snippets (e.g., signatures, key facts) to tailor responses.
• We do not use any user data obtained via Google Workspace APIs for developing, improving, or training generalized (non-personalized) AI or machine learning models. Any AI functionality within MailFlow is strictly for user-specific assistance (i.e., drafting replies and providing personalized features). Your data is never used to train or improve large language models outside of your immediate MailFlow usage.
• For billing via Stripe (payment data processed externally).

4. Third Parties

We share data with:

• Clerk (authentication), Vercel/Render (hosting), Pinecone (AI processing), Supabase (database).
• All providers are GDPR-compliant and subprocess data under contracts.

5. Data Retention

• Retained while your account is active.
• Deleted within 30 days of termination.

6. Security

• JWT tokens encrypt frontend/backend communication.
• Database row-level security and access controls.
• Encryption for stored data.

7. Your Rights (GDPR/CCPA)

• Request access, correction, or deletion of your data.
• Withdraw consent or object to processing: contact@mailflowai.com.

8. International Transfers

Data may be transferred outside the EU via third parties (e.g., Pinecone). We take appropriate measures to ensure that any such transfers are compliant with applicable data protection regulations, including the use of Standard Contractual Clauses (“SCCs”) or other approved safeguards.

9. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Any changes will be posted on our website, and the "Last Updated" date will be revised accordingly. Your continued use of our Service after any modifications constitutes your acceptance of the revised Privacy Policy.

10. AI and Machine Learning Usage

• No Generalized AI/ML Training: MailFlow (Flowful AI) does not use or transfer any Google user data for training generalized or non-personalized AI models. All user data processed from Google Workspace APIs, emails, and the knowledge base is used solely for providing individualized services such as drafting and customizing your email communications.
• Personalized AI Assistance Only: When you use our AI features (e.g., drafting email replies), the data that helps generate these replies remains specific to your account. It is not aggregated or used to build or improve generalized AI models. Our AI processes rely on your personal data only in the context of delivering the service to you, and not to enhance any system-wide model.
• No Third-Party Generalized AI Training: We do not share or sell your data to third-party AI tools for the purpose of training or enhancing their generalized models. If third-party AI services are involved in generating your email drafts (e.g., via an API call), your data is processed transiently and solely to fulfill your request; we ensure the third party does not use your data for its own model training.