Privacy Policy

1. Who we are

Mail2Draft ("we", "us", "our") is an email-to-draft automation service available at mail2draft.eu. If you have questions about this policy, contact us at support@mail2draft.eu.

2. What data we collect

We collect the following categories of data:

• Account data: your name, email address, and (optionally) a Google account ID when you register or sign in via Google.
• Billing data: billing name, address, VAT number, and payment method details. Payment processing is handled by Stripe; we do not store card numbers.
• Email content: when an email is forwarded to your Mail2Draft address, we temporarily process the subject, body, and any attachments in order to generate a draft payload and deliver it to your webhook. Email content is not stored permanently after delivery.
• Activity log data: metadata about each processed email (timestamp, matched flow, webhook response status). This helps you debug and audit your flows.
• Usage data: standard server logs (IP address, browser, pages visited) for security and operational purposes.

3. How we use your data

• To provide and operate the Mail2Draft service.
• To process and route inbound emails to your configured webhook endpoints.
• To manage your subscription and send billing-related emails (invoices, payment confirmations).
• To send transactional emails (email verification, magic link sign-in, password reset).
• To detect and prevent abuse, fraud, and security threats.

We do not sell your data to third parties or use it for advertising.

4. Data sharing

We share data only with the following trusted service providers who process it on our behalf:

• Stripe — payment processing and subscription management.
• Your webhook endpoint — we POST the draft payload (derived from your email) to the URL you configure. You control this endpoint.
• Infrastructure providers — cloud hosting and email delivery services necessary to operate the platform.

5. Data retention

• Account data is retained for as long as your account is active. You may request deletion at any time.
• Email content (body and attachments) is processed in memory and not persisted after webhook delivery.
• Activity log entries are retained for 90 days.
• Billing records are retained for 7 years to comply with financial regulations.

6. Your rights

Under the GDPR and applicable EU law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Object to or restrict certain processing activities.
• Request a machine-readable export of your data (data portability).
• Lodge a complaint with your national data protection authority.

To exercise any of these rights, email support@mail2draft.eu.

7. Cookies

We use only strictly necessary cookies for session management and CSRF protection. We do not use tracking or advertising cookies.

8. Security

All data is transmitted over HTTPS. We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

9. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions, contact us at support@mail2draft.eu.