Privacy Policy

MailZiro (“we,” “us,” “our”) operates MailZiro.com, an AI-powered email classification and filtering service. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our Service.

For privacy inquiries or to exercise your rights, contact us at: privacy@mailziro.com

2.1 Information you provide directly:

• Account information: name, email address, and password (stored as a bcrypt hash);
• Billing information: processed and stored by our payment processor (we do not store full card numbers);
• Support correspondence: emails and messages you send to our support team.

2.2 Information collected automatically through the Service:

• Email metadata: sender address, sender display name, subject line, email headers (Date, From, To, CC, List-Unsubscribe, MIME type), and structural signals used for classification. We do NOT persistently store the full body content of emails;
• Classification results, confidence scores, and applied rules per email;
• Your custom rules, sender allow/block lists, and folder preferences;
• Usage data: features used, pages visited, actions taken within the dashboard;
• Device and browser information: IP address, browser type, operating system, time zone;
• Cookies and similar tracking technologies (see our Cookie Policy).

2.3 Information from third-party integrations:

When you connect a Gmail or Outlook account, we receive an OAuth 2.0 access token and limited profile information (email address) from Google or Microsoft. We use these tokens solely to access your mailbox for classification purposes. Tokens are encrypted at rest.

We use your information to:

• Provide, operate, and maintain the Service — including email classification and filtering;
• Process payments and manage subscriptions;
• Send transactional communications (receipts, security alerts, account notifications);
• Respond to your support requests;
• Analyze aggregate usage trends to improve the Service (we use anonymized data only);
• Detect, prevent, and investigate security incidents, fraud, or abuse;
• Comply with legal obligations.

We will only send you marketing communications with your explicit consent, and you may unsubscribe at any time.

If you are located in the European Economic Area (EEA) or UK, our legal bases for processing are:

• Contract performance: processing necessary to deliver the Service you signed up for;
• Legitimate interests: improving the Service, preventing fraud, ensuring security;
• Legal obligation: complying with applicable laws;
• Consent: where you have explicitly opted in (e.g., marketing communications).

We retain your account data for as long as your account is active. You may delete your account at any time from account settings, after which:

• Account and personal data is deleted within 30 days;
• Backups containing your data are purged within 90 days;
• Anonymized, aggregated analytics data may be retained indefinitely.

Email metadata used for classification is retained for your configured audit log period (7 days for Free, 30 days for Pro, 90 days for Enterprise), after which it is automatically deleted.

We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:

• Service providers: we use trusted third-party vendors for infrastructure (cloud hosting, databases), payment processing, and email delivery — each bound by confidentiality agreements and data processing agreements;
• Legal requirements: if required by law, court order, or to protect the rights, property, or safety of MailZiro, our users, or the public;
• Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred, subject to the same privacy protections described here.

We take security seriously. Our measures include:

• All data transmitted over HTTPS/TLS;
• Passwords stored as bcrypt hashes (never in plain text);
• OAuth tokens and encryption keys encrypted at rest using AES-256;
• Access controls and role-based permissions limiting data access internally;
• Regular security reviews and dependency audits.

No system is perfectly secure. In the event of a data breach that affects your rights, we will notify you and applicable regulators within the timeframes required by law.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of your personal data;
• Correction: request correction of inaccurate or incomplete data;
• Deletion: request deletion of your personal data (“right to be forgotten”);
• Portability: receive your data in a portable, machine-readable format;
• Objection: object to processing based on legitimate interests;
• Restriction: request that we restrict processing of your data;
• Withdrawal of consent: withdraw consent at any time where processing is consent-based.

To exercise these rights, email privacy@mailziro.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

Your data may be stored and processed in data centers located outside your home country. When transferring data out of the EEA, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms approved by the European Commission.

We use cookies and similar technologies. For full details on the cookies we use and how to manage them, see our Cookie Policy.

We may update this Privacy Policy periodically. Material changes will be communicated by email or prominent notice in the Service at least 14 days before taking effect. We encourage you to review this page regularly.

For privacy-related inquiries: