Privacy Policy

Last updated: 4 May 2026

This Privacy Policy explains what information Mailwise ("we", "us") collects when you use the Service, why we collect it, and how we protect it. We aim to collect only what we need to run the Service and never sell your personal data.

1. Information we collect

We collect three categories of information:

  • Account information. Your email address, name, and profile picture from Google when you sign in. We do not store passwords for Google accounts.
  • Service data. The watchers you configure (URLs, names, target prices), the results of those watchers, the alerts we send you, and your notification preferences.
  • Email metadata. If you grant Gmail access, we read message metadata (sender, subject, snippet, date) to generate your daily summary. We do not store full message bodies and we do not access attachments.
  • Billing information. When you subscribe, PayPal handles your payment details. We receive a subscription identifier and status from PayPal — we never receive or store your card number.
  • Technical information. Limited request metadata (IP address, user agent, timestamps) for security, abuse prevention, and debugging. The support form also captures this when you contact us.

2. How we use information

We use the information we collect to:

  • Authenticate you and operate your account.
  • Run your watchers, deliver alerts, and produce daily summary emails.
  • Process subscriptions and prevent fraud.
  • Reply to support requests.
  • Maintain the security and reliability of the Service.
  • Comply with our legal obligations.

We do not sell personal data, and we do not use your email content for advertising or to train AI models.

3. Sub-processors

To run the Service, we share limited information with the following providers, each of which is contractually obliged to handle the data in line with this policy:

  • Google — sign-in and Gmail metadata access.
  • Supabase — primary database and authentication storage.
  • Resend — delivery of alert, summary, and support emails.
  • OpenAI — generating short natural-language summaries from your alerts and email metadata.
  • PayPal — processing subscription payments.
  • Netlify — hosting and request-level logging.

4. International transfers

Our infrastructure is primarily located in the European Union. Some sub-processors may process data in the United States or other regions. Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards.

5. Retention

We retain account data for as long as your account is active. Watcher run history and alerts are kept for up to 12 months unless you delete them sooner. When you delete your account, we delete or anonymise your personal data within 30 days, except where law requires us to retain it (for example, billing records).

6. Your rights

Depending on where you live, you may have rights under data-protection laws (such as the UK GDPR or EU GDPR), including:

  • Access — get a copy of the personal data we hold about you.
  • Correction — ask us to fix inaccurate information.
  • Deletion — ask us to erase your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection / restriction — limit certain processing.
  • Withdraw consent — for processing based on consent (such as Gmail access).
  • Lodge a complaint — with your local data-protection authority.

To exercise these rights, contact us via the support page. You can revoke Gmail access at any time from your Google account permissions.

7. Cookies and storage

Mailwise uses a small number of cookies and similar storage to keep you signed in (a session cookie set by NextAuth) and to remember your preferences. We do not use third-party advertising cookies. PayPal and Google may set their own cookies on the pages they serve during sign-in or checkout, governed by their privacy policies.

8. Security

We use HTTPS, encrypted database connections, and least-privilege service credentials. We restrict access to production data to a small number of people. No system can be perfectly secure, so we encourage you to use a strong, unique Google account and to enable two-factor authentication.

9. Children

Mailwise is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has used the Service, contact us so we can delete the account.

10. Changes to this policy

We may update this Privacy Policy as the Service evolves. Material changes will be communicated via email or in-app notice before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For questions about this policy or to make a privacy request, contact us via the support page.