Back to Home

Privacy Policy

How we collect, use, and protect your information when you use Stackado Mail.

Effective: November 19, 2025

1. Overview

Stackado Mail ("we," "our," or "us") respects your privacy and is committed to protecting it. This policy explains what we collect, how we use it, and the choices you have.

2. Information We Collect

A. Information you provide

  • Name and email address when you create an account.
  • Optional communications preferences for product updates and onboarding tips.
  • Support requests and messages you send to us.

B. Gmail data via Google OAuth

When you connect your Google account, you authorize Stackado Mail to access Gmail data strictly to power the assistant. This includes the ability to: read relevant message content and metadata to surface it in‑product; prepare and save drafts in Gmail when you choose; send messages on your behalf when you ask; and support triage by marking messages read/unread or applying organizational labels. If enabled, we may also create labels used by the product to keep your inbox organized. We do not use Gmail data for advertising or sell it.

We do not sell Gmail data. Message bodies and attachments are processed on-demand and are not persisted long-term. Minimal operational logs supporting security and reliability may be retained for up to 90 days before deletion.

You can revoke access at any time at https://myaccount.google.com/permissions.

C. Google Calendar data via Google OAuth

If you connect Google Calendar, Stackado Mail may read calendars and events to help check availability and, when you explicitly ask, create or update events on your behalf. Calendar access is used only to support scheduling features you initiate. We do not use Calendar data for advertising or sell it.

Calendar data is used only to display availability and to create or update events when you explicitly ask the assistant to schedule. You can revoke Google access anytime at https://myaccount.google.com/permissions.

D. Messages and AI processing

To generate drafts, summaries, and recommendations, we process the text you enter and relevant Gmail context through third-party large language model (LLM) providers. We send only the minimum data needed to fulfill your request. Your prompts and outputs are not used by us to train or fine‑tune models.

E. Automatically collected information

  • Diagnostic data such as timestamps and API performance metrics.
  • Operational logs for system health, security, and reliability (retained up to 90 days).

3. How We Use Information

  • Fetch and process Gmail content on your behalf.
  • Generate AI‑assisted drafts and insights relevant to your instructions.
  • Authenticate your account and manage access.
  • Improve reliability, performance, and security.
  • With consent, send onboarding tips and product updates (opt‑out anytime).

4. How We Share Information

We do not sell your personal information. We share data only with processors necessary to operate the service, including:

  • LLM inference providers to process prompts and produce responses (for example, OpenAI, Anthropic, Google Gemini, Deepinfra, and the OpenRouter aggregation service).
  • Authentication and account services (e.g., Clerk) and OAuth management.
  • Infrastructure and storage (e.g., Hetzner, Google Cloud, Supabase, Upstash Redis).

These providers must comply with confidentiality, security, and privacy obligations. We do not allow them to use your data for advertising or to train their general models.

5. Google API Services Limited Use

Stackado Mail’s use and transfer of information to any other app received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Gmail and Calendar data are used only to provide or improve user‑facing features, transferred only to processors as necessary, not used for advertising, and not read by humans except with your consent, for security, or to comply with law.

6. Data Retention

  • Account metadata (name, email) is retained while your account is active.
  • Gmail message bodies and attachments are processed on‑demand and not stored long‑term, unless you explicitly save content in the product.
  • Operational logs supporting security/reliability are retained up to 90 days.

7. Data Deletion

You may request account deletion at any time. We will delete stored personal information associated with your account, subject to legal or operational requirements. To request deletion, email hello@stackado.com.

8. Security

We use industry‑standard security measures, including secure OAuth flows, encrypted connections, access controls, and principle of least privilege. No system is 100% secure; you use the service at your own risk.

9. Your Rights

Depending on your jurisdiction (e.g., GDPR/CCPA), you may have rights to access, correct, delete, or export data, and to opt out of certain processing. Contact us to exercise these rights.

10. Changes

We may update this policy from time to time. Material changes will be communicated via email or in‑app notice. The effective date will reflect the latest version.

11. Contact

For privacy questions or requests, contact hello@stackado.com.