KolectAI ("we", "us", or "our") operates Kolect Mailer (the "Service"). This Privacy Policy describes how we collect, use, and safeguard information when you use the Service.
Information We Collect
Account Information
- Name and email address
- Profile information from your Google account
- Authentication identifiers and tokens
Gmail Data (when you connect your Gmail account)
- Permission to send emails on your behalf through Gmail
- Metadata about emails you send through our Service (recipients, timestamps, subjects)
- Replies you receive via Kolect (to emails sent through our Service)
- Any additional email threads you explicitly grant us access to (e.g., via manual import)
Important: Our access to your Gmail inbox is strictly limited to: replies you receive via Kolect, and any additional threads you explicitly grant us access to. We do NOT have broad access to read your entire Gmail inbox.
Usage Data
- Service usage patterns and interactions
- Log data for diagnostics and security
Gmail Data Usage
What Gmail Data We Access and Why
When you connect your Gmail account, we request the following specific permissions:
| Permission Scope | What It Accesses | Why We Need It |
|---|---|---|
| gmail.send | Send emails on your behalf | To enable bulk email sending and campaign management features |
| gmail.readonly | Read specific email threads | To fetch replies to emails sent via Kolect and threads you explicitly import |
| userinfo.email | Your email address | To identify your account and enable login |
| userinfo.profile | Your name and profile picture | To personalize your experience and display your identity |
How We Use Your Gmail Data
- Send emails (bulk campaigns, sequences) when you compose and send them through our Service
- Store metadata about emails you send (recipients, subjects, timestamps) in our database
- Track delivery status for emails you sent via our Service
- Fetch and display replies to emails you sent through Kolect
- Fetch and display any email threads you explicitly import or grant access to
- Provide analytics about your email campaigns (delivery rates, open rates, reply rates)
How Reply Tracking Works:
When you send emails through Kolect, we track the email thread IDs. When recipients reply, we use the Gmail API to fetch those specific reply threads so you can view and respond to them within Kolect. We only access threads related to emails sent via our Service.
Strictly Limited Gmail Access:
Our access to your Gmail inbox is strictly limited to: (1) replies you receive via Kolect (to emails sent through our Service), and (2) any additional threads you explicitly grant us access to (e.g., via manual import). We do NOT have broad access to browse or read your entire Gmail inbox.
What We Do NOT Do With Your Gmail Data:
- We do NOT browse or access your entire Gmail inbox - only specific threads as described above
- We do NOT use your Gmail data to train AI models or machine learning algorithms
- We do NOT sell or share your Gmail data with advertisers or data brokers
- We do NOT use your Gmail data for advertising or marketing purposes
- We do NOT allow unauthorized humans to read your emails
- We do NOT transfer your Gmail data to third parties except as described in this policy
How We Use Information
- Provide, maintain, and improve the Service functionality
- Send bulk emails and manage email campaigns on your behalf via Gmail
- Receive and display replies to emails you sent through our Service
- Generate analytics about your email campaigns (delivery, opens, replies)
- Authenticate your account and maintain your session
- Secure the Service and prevent abuse
- Comply with legal obligations and enforce our terms
- Communicate with you about the Service (e.g., important updates)
Data Sharing and Third Parties
We do not sell, rent, or trade your personal information or Gmail data. We only share data in the following limited circumstances:
Service Providers
We use the following third-party service providers that may process your data:
- Supabase (Database & Authentication) - Stores your account information, email metadata, and campaign data. All sensitive data is stored encrypted in our Supabase database. Supabase operates under strict data processing agreements.
- Google LLC (Gmail API) - We use Gmail API to send emails on your behalf through official Google APIs under OAuth 2.0 authorization. Google's own privacy policies apply to their services. We do NOT use Gmail to read or access your inbox.
- Postmark (Inbound Email Processing) - When recipients reply to emails you send through our Service, replies are received by Postmark's inbound email service and forwarded to our servers. Postmark acts as a secure email relay and does not store or use your data for any other purpose.
These providers are contractually obligated to protect your data and only use it to provide services to us.
Legal Requirements
We may disclose information if required by law, court order, or legal process, or to protect our rights, property, or safety.
Business Transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
Data Retention
Email Campaign Data Retention
- Active accounts: We retain email campaign metadata, sent email information, and replies received through our Service for as long as your account is active to enable the Service functionality.
- After disconnection: When you disconnect your Gmail account or delete your Kolect Mailer account, we delete all associated campaign data and email messages within 30 days.
- Backup retention: Data in backup systems is automatically purged within 90 days of deletion from production systems.
Other data: We retain account information, usage logs, and non-Gmail data as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You can request deletion of your account and all associated data at any time.
Security
We implement and maintain technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction.
Security Measures Include:
- Encryption of data in transit using TLS/SSL protocols
- Encryption of sensitive data at rest in our database
- OAuth 2.0 secure authentication with Google
- Access controls limiting who can access user data
- Regular security audits and monitoring
- Secure API token storage with AES-256-GCM encryption
- Automated security scanning and vulnerability assessments
- Secure webhook authentication for inbound email processing
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
Your Rights and Controls
You have the following rights regarding your data:
Revoke Gmail Access
You can revoke Kolect Mailer's access to your Gmail account at any time:
- Visit your Google Account Permissions page
- Find "Kolect Mailer" in the list of connected apps
- Click "Remove Access"
When you revoke access, we will delete your campaign data and email messages within 30 days as described in our retention policy.
Other Rights
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and all data
- Export: Request a machine-readable export of your data
- Object: Object to processing of your data
To exercise these rights, contact us at support@kolect.ai
Contact
For questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:
KolectAI
Email: support@kolect.ai
Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will revise the "Effective date" at the top of this page. If we make material changes, we will notify you by email or through a prominent notice in the Service before the changes take effect. We encourage you to review this Privacy Policy periodically.