Privacy Policy for Ṣọ Email

Effective Date: January 13, 2025

SO Labs (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share user data and personal information when you use our services. This policy applies to our website, application, and any related services (collectively referred to as the "Services").

1. Information We Collect

1.1 Google User Data

When you connect your email account (including Gmail, Outlook, Hotmail, Yahoo Mail, Office 365, or other supported email providers) to our Services, we access the following information:

  • Email Messages: Metadata (e.g., sender, recipient, subject) and email content when you open an email as required for the functionality of the app.
  • OAuth Tokens: These are for authentication purposes to access your email account securely.
  • Email Processing: Our Browser extension(s) reads email content locally on your device to provide the core functionality of our service. When you choose to report incorrect predictions, specific email content may be copied and processed as described in Section 4.3.
1.2 Other Personal Information

We also collect:

  • Account Information:Your name, email address, and profile information when you register with us.
  • Usage Data: Information about how you interact with our Service, including:
    • Device type, operating system, and browser type
    • Error logs and performance data
    • Information collected is used for the purposes of fulfilling contractual service requirements, service improvements and troubleshooting.

2. How We Use Your Information

We use the information we collect to:

  • Process, analyze, and manage emails as specified by the app's functionality.
  • Authenticate your identity and manage your account.
  • Communicate with you about updates, issues, or support requests.
  • Comply with legal obligations and enforce our Terms of Service.
  • Improve service accuracy: We use de-identified content from user-reported false positives to improve the accuracy of our predictive models. This helps us reduce incorrect predictions for all users.

We do not use your data for advertising purposes or any purpose unrelated to providing the Services.

3. How Our Service Works

3.1 Security Assessment Process

Our service uses predictive models to analyze and categorize your emails for potential security threats. Specifically, we analyze:

  • Sender reputation and email headers
  • Link destinations and attachment characteristics
  • Email content patterns associated with common scams and phishing attempts
  • Behavioral patterns that may indicate suspicious activity

3.2 False Positives and User Feedback

These models may occasionally produce false positives or inaccurate predictions. To continuously improve our service, we provide a mechanism for users to report these inaccuracies. User feedback is crucial for enhancing the accuracy and effectiveness of our service for all users.

3.3 Automated Decision Making

Our service includes automated analysis that may flag emails as potentially suspicious. While this automated process helps protect your security:

  • No emails are automatically deleted or moved without your confirmation
  • You maintain full control over all actions taken on your emails
  • You can provide feedback on any automated decision

4. How We Store and Protect Your Information

4.1 Data Storage and Retention

All data is stored securely in compliance with relevant industry standards.

  • Email data: Not stored beyond what is necessary to provide the Services. Email content is processed locally on your device and is not stored on our servers during normal operation.
  • Authentication tokens: Stored in encrypted form for the duration of your use of the Service.
  • Account information: Retained until you request deletion or close your account.
4.2 Data Security

We implement technical and organizational measures to protect your information, including:

  • Encrypted transmission (e.g., HTTPS, TLS) and storage of sensitive data.
  • Regular Security audits and vulnerability assessments.
  • Access controls limiting employee access to personal data.
  • Secure development practices and regular security training for our team.
4.3 Processing of Reported Content

When you report inaccurate predictions by clicking the designated button:

  • We copy only the specific email content necessary for improving our service.
  • Any personally identifiable information (PII) is automatically removed.
  • The de-identified content is used solely for service improvement purposes.
  • Original email content is never stored on our servers in its complete form.
  • De-identified reported content is retained for a maximum period of 90 days, after which it is permanently deleted.

5. Sharing Your Information

We do not sell or rent your personal information to third parties. We only share your information in the following circumstances:

5.1 Service Providers

  • Cloud Infrastructure: Amazon Web Services (AWS)
  • Analytics: Google Analytics (with privacy-enhancing configurations)
  • Customer Support: Zendesk for managing support requests

All service providers are bound by strict confidentiality agreements and are permitted to use your data only for providing services to us.

5.2 Other Circumstances

  • With Your Consent: If you explicitly authorize us to share specific information.
  • For Legal Compliance: To comply with applicable laws, regulations, or legal requests.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event of bankruptcy.

6. Browser Extension Permissions

Our Browser extension requires the following permissions:

  • Read and change your data on websites you visit: This allows us to analyze email content on supported email provider websites to identify security threats.
  • Display notifications: To alert you about potential security issues.
  • Read your browsing history: Limited only to email provider domains to enable email security features.

These permissions are used only for the purposes of providing our email security services and are not used to track general browsing activity.

7. Service Provider Requirements and API Usage

7.1 Service Provider Compliance

Ṣọ Email Security adheres to the applicable requirements for each email service provider, including:

  • Google's Limited Use Requirements (for Gmail)
  • Microsoft's API Terms of Use (for Outlook, Hotmail, and Office 365)
  • Yahoo's Developer Network Terms of Use (for Yahoo Mail)
  • Similar requirements for other supported email providers

In all cases, your email data is:

  • Used only for providing or improving the Services.
  • Not used for advertising purposes or shared with third parties.
  • Handled securely and kept confidential at all times.

7.2 Google Workspace API Usage

When using Google Workspace APIs (including Gmail):

  • We do not use these APIs to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models.
  • Any AI/ML models developed using data from Google Workspace APIs are specifically tailored to the email security functions of our service and are not used for general-purpose AI applications.
  • Our use of these APIs is limited to the specific functionality of the Ṣọ Email Security service as described in this Privacy Policy.
  • We comply with all requirements set forth in Google's API Services User Data Policy.

8. Your Rights and Choices

8.1 Access and Control

You have the right to:

8.2 Opt-Out

You may:

  • Opt out of email communications: Follow the unsubscribe instructions in any email we send.
  • Opt out of reporting: False positive reporting only occurs when you explicitly click on the reporting link. You can choose not to click this link and still use the core service without any limitations.
  • Limit permissions: You can choose not to provide certain permissions to our extension, but this may limit the functionality of the Services.

8.3 Consent for Reporting

When you click on the reporting link for a false positive, you are providing explicit consent to copy and process the relevant email content as described in Section 4.3. This consent is provided on a case-by-case basis, as reporting only occurs when you actively choose to click the reporting link.

9. Children's Privacy

Our Services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information without appropriate parental consent, please contact us at hi@soemailproject.com. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

10. Compliance with Privacy Regulations

We are committed to complying with applicable privacy regulations, including:

  • General Data Protection Regulation (GDPR): For users in the European Economic Area, we respect your rights to access, correct, delete, and port your personal data, and to object to certain processing activities.
  • California Consumer Privacy Act (CCPA): For California residents, we respect your rights to know what personal information we collect, delete your personal information, and opt-out of the sale of your personal information.

11. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Post the updated policy on our website with an updated effective date
  • Notify you via email and/or a prominent notice on our website
  • Update the "Effective Date" at the top of this page
  • In some cases, seek your explicit consent to continue using our Services with the new terms

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

By using our Services, you acknowledge that you have read and understood this Privacy Policy. Your continued use of the Services constitutes your agreement to its terms.