MAYL AI PRIVACY POLICY

Effective date: August 18, 2025

Mayl AI turns messy inboxes into organised workspaces without hoarding your email. We read just enough to label and draft, throw the raw text away, and keep only the minimum data needed to run the service. Our commitment is to your privacy and security.

My People Know Inc. acts as a Data Processor for your email data while serving as Data Controller for account and profile information processed through this service.

1. What do we see?

  • Account basics – Your name, login email, and role.
  • OAuth tokens – Encrypted keys that let our service securely talk to your Gmail account.
  • Usage signals – When you log in and which features you click, helping us improve the service.
  • Optional profile info – Your rates, shipping address, or payout details, which are protected with an extra layer of encryption.
  • Never Stored: We never store full email bodies, attachments, or your contact lists.

2. Where does the data come from?

  • You – When you type or paste information into your profile.
  • Gmail API – When you grant access, Google sends us email metadata (like sender, subject, and date) needed to organize your inbox.
  • Our Site – We use essential cookies to make sign-in and core features work.
  • Technical Logs – Standard error logs and analytics provide technical stats (like your IP address and browser type) to help us maintain the service.

3. Why do we need it? (Our Legal Basis)

  • To perform our contract with you – We process data to run the app, provide smart labels for your mail, and draft replies in your voice. These are the core services you sign up for.
  • To charge for paid plans – As required by contract and financial law.
  • For our legitimate interest – We use data for security monitoring, abuse prevention, error logging, and service maintenance to ensure a secure and reliable experience. Essential cookies for login also fall under this category.
  • With your consent – For analytics and non-essential cookies, and for emailing you product updates you’ve opted in to receive.

4. Who else touches it?

We use a small number of trusted service providers to help run Mayl AI. All vendors are bound by strict data-processing agreements that forbid them from using your information for their own purposes, including training their own AI models.

  • Google Cloud Platform – For secure hosting and AI processing via Vertex AI (USA).
  • Perplexity AI – For domain-reputation look-ups to help identify scams (USA).
  • Stripe – For secure subscription payments (USA).

Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. AI & Your Privacy

We engineered Mayl AI to be private by design.

  • Zero Email Storage: The raw text of your emails is streamed to Google's Vertex AI in memory for real-time processing and is immediately discarded. We never store your email content.
  • Personalized Writing Style: To draft replies that sound like you, we analyze the redacted body text of the last 50 emails you have sent to create a unique, anonymized writing profile (a "persona vector"). This profile contains style pointers, not your words, and allows us to match your voice without storing your personal conversations.
  • Contract Review (Beta): The contract review feature works the same way: your file is processed in memory with sensitive details redacted, analyzed for red flags, and then immediately discarded.
  • No AI Training: Neither Google nor Perplexity keeps your content or uses it for AI training after a response is generated. We never use your data to train any models.

6. Security Snapshot

  • Encryption: TLS 1.2+ on every connection and AES-256 for data at rest. Select profile fields are additionally wrapped with Google Cloud KMS.
  • Team Security: All staff accounts are protected by multi-factor authentication (MFA).
  • Audits: We undergo an annual third-party penetration test to proactively find and fix vulnerabilities.
  • Breach Notifications: In the event of a personal data breach, we will notify affected users within 72 hours where required by law. A breach means unauthorized access to, loss of, or accidental disclosure of your personal data.

7. How long we keep things

  • Account & Billing Records – Seven years from sign-up, as required by Canadian tax laws.
  • OAuth Tokens – Deleted within 30 days after you disconnect your account.
  • Persona & Label Metadata – Deleted within 30 days after you close your account.
  • Server Logs – Kept for 12 months, then anonymized.

8. Your Controls & Rights

  • Request an Export: Email us to request an export of your data. We typically fulfill these requests within 30 days.
  • Delete Your Account: You can use the "Delete account" button in your settings to permanently wipe your personal data within 30 days (except for financial records we are legally required to keep).
  • Cookie Controls: You can opt-out of non-essential cookies via our Cookie Banner.
  • Regional Rights: We honor regional privacy rights under GDPR (Europe), CCPA (California), and PIPEDA (Canada). Just email us with your request.
  • Right to Complain: You have the right to lodge a complaint with your local data protection authority if you believe we've mishandled your personal data.

9. International Transfers

Your data is stored and processed on Google Cloud servers in the United States. For users outside the U.S., we rely on Standard Contractual Clauses and Google's robust compliance certifications (including ISO 27001 and SOC 2) to ensure your data is protected to a high international standard.

10. Children's Privacy

Our Service is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you are under 18, you may not use our Service. If we become aware that a user is under the age of 18, we will terminate their account immediately and delete their information.

11. Changes to This Policy

We will email registered users 30 days before any material change to this policy and post the new notice at mayl.ai/privacy.

12. Talk to Us

Privacy questions? Reach the team at legal@mayl.ai or write to:

My People Know Inc.

100 King Street West, Suite 5700

Toronto, Ontario M5X 1C7

Canada

Subscribe for launch updates and creator email tips

Follow our journey
Instagram
Tiktok
Twitter
Product
Terms of Service
Privacy Policy
© 2025 Mayl AI. All rights reserved.