This Privacy Policy describes how Supermail ("Company," "we," "us," or "our") collects, uses, and protects information when you use our browser extension and related services (the "Service"). We designed Supermail with privacy as a foundational principle. This policy explains our data practices in detail.
Supermail operates on a client-side architecture. This means:
Key Point: Unlike traditional email clients that route your messages through their servers, Supermail processes your email entirely within your browser environment.
| Data Type | Purpose | Storage Location |
|---|---|---|
| Email address (for account) | Account identification and communication | Our servers (encrypted) |
| Subscription information | Billing and service tier management | Payment processor (Stripe) |
| Support communications | Customer service and issue resolution | Our support systems |
| Feedback and surveys | Product improvement | Our servers |
| Data Type | Purpose | Storage Location |
|---|---|---|
| Usage analytics (anonymized) | Product improvement, feature usage patterns | Analytics provider |
| Error logs | Debugging and service reliability | Error tracking service |
| Feature usage counts | Credit tracking, rate limiting | Our servers |
The following data is stored in your browser's local storage and Chrome extension storage. This data never leaves your device:
Supermail offers optional AI-powered features including email composition assistance, reply suggestions, threat analysis, and promise tracking. These features utilize Anthropic's Claude AI for processing.
Important: AI features are entirely opt-in. Email content is only transmitted to Anthropic when you explicitly invoke an AI feature (e.g., clicking "Suggest Reply" or "Improve").
When you use an AI feature, the following may be transmitted to Anthropic:
Supermail uses Anthropic's Claude AI exclusively. Your data transmitted to Claude is subject to Anthropic's usage policies and data handling practices. We recommend reviewing Anthropic's Privacy Policy for details on how they handle data.
The Service includes a tiered security system:
The Service integrates with Google APIs (Gmail API, Calendar API) to provide core functionality. Your use of these integrations is subject to Google's Terms of Service and Privacy Policy. We access your Google data only to provide the Service's features and in accordance with Google's API Services User Data Policy.
Subscription payments are processed by Stripe. We do not store complete credit card numbers on our servers. Stripe's handling of payment information is subject to Stripe's Privacy Policy.
We use analytics services to understand how the Service is used. Analytics data is aggregated and anonymized. We use Google Analytics for website analytics, which is subject to Google's Privacy Policy.
We implement technical and organizational measures to protect information, including:
Because email processing occurs in your browser:
In the event of a data security incident affecting your personal information, we will notify affected users in accordance with applicable law.
We retain account information for as long as your account is active. Upon account deletion, we will remove your personal information from our systems within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal claims).
Data stored locally in your browser (preferences, cached contacts, drafts) persists until you clear browser data, uninstall the extension, or explicitly delete it through the Service's settings.
Anonymized analytics data may be retained indefinitely as it cannot be linked to individual users.
You may request a copy of the personal information we hold about you by contacting us at the address below.
You may update your account information through the Service or by contacting us.
You may request deletion of your account and associated personal data. Note that this does not affect data stored locally in your browser or data held by third parties (Google, AI providers, payment processors).
You may revoke the Service's access to your Google account at any time through your Google Account security settings. This will prevent the Service from accessing your Gmail and Calendar data.
You may disable AI features entirely through the extension settings. When disabled, no email content is transmitted to Anthropic.
You may opt out of analytics tracking through browser settings or by using browser extensions that block analytics scripts.
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.
If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
To exercise these rights, contact us at the address below.
If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.
Supermail's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
For questions, concerns, or requests regarding this Privacy Policy or our data practices:
Privacy Inquiries: legal@trysupermail.com
General Support: hello@trysupermail.com