When you connect your email account (including Gmail, Outlook, Hotmail, Office 365, or other supported email providers) to our Services, we access the following information:

• Email Messages: Metadata (e.g., sender, recipient, subject) and email content when you open an email as required for the functionality of the app
• OAuth Tokens: These are for authentication purposes to access your email account securely
• Email Processing: Our Browser extension(s) reads email content locally on your device to provide the core functionality of our service. When you choose to report incorrect predictions, specific email content may be copied and processed as described in Section 4.3
• Email Headers: For Pro subscribers, we analyze SPF, DKIM, and DMARC records for authentication validation
• Links and URLs: For Pro subscribers, we extract and analyze links within emails for security scanning
• Attachments: For Pro subscribers, we access attachment metadata and content for security analysis

We also collect:

• Account Information:Your name, email address, profile information, and subscription tier when you register with us
• Subscription Data: Payment information, billing history, subscription status, and free trial usage (processed securely through Stripe)
• Usage Data: Information about how you interact with our Service, including:
  • Device type, operating system, and browser type
  • Feature usage patterns and frequency
  • Error logs and performance data
  • Threat detection statistics and categorization results

Information collected is used for the purposes of fulfilling contractual service requirements, service improvements, and troubleshooting.

We use the information we collect to:

• Core Services: Process, analyze, categorize, and manage emails as specified by the app's functionality across Free and Pro tiers
• Security Analysis: Perform AI-powered threat analysis, link scanning, attachment scanning, and email authentication validation
• Account Management: Authenticate your identity, manage your account, and process subscription services
• Communication: Communicate with you about updates, issues, support requests, and subscription changes
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service
• Service Improvement: Use de-identified content from user-reported false positives to improve the accuracy of our predictive models and security features

We do not use your data for advertising purposes or any purpose unrelated to providing the Services.

Free users receive:

• Email Categorization: Automatic sorting and organization of emails
• AI Email Threat Analysis: Basic threat detection and security assessment

Pro subscribers receive all Free features plus:

• Link Scanner: Real-time analysis of URLs and links within emails for malicious content
• Attachment Scanner: Security analysis of email attachments for threats and malware
• SPF/DKIM/DMARC Validation: Email authentication protocol verification

Note: New users can access all Pro tier features through our 7-day free trial before subscription begins.

Our service uses predictive models and security tools to analyze and categorize your emails for potential security threats. Specifically, we analyze:

• Sender reputation and email headers
• Link destinations and attachment characteristics (Pro tier)
• Email content patterns associated with common scams and phishing attempts
• Behavioral patterns that may indicate suspicious activity
• Email authentication records and validation (Pro tier)

These models may occasionally produce false positives or inaccurate predictions. To continuously improve our service, we provide a mechanism for users to report these inaccuracies. User feedback is crucial for enhancing the accuracy and effectiveness of our service for all users.

Our service includes automated analysis that may flag emails as potentially suspicious. While this automated process helps protect your security:

• No emails are automatically deleted or moved without your confirmation
• You maintain full control over all actions taken on your emails
• You can provide feedback on any automated decision

All data is stored securely in compliance with relevant industry standards.

• Email data: Not stored beyond what is necessary to provide the Services. Email content is processed locally on your device and is not stored on our servers during normal operation
• Link and Attachment Analysis: For Pro users, link destinations and attachment metadata may be temporarily cached for security analysis (maximum 24 hours)
• Authentication tokens: Stored in encrypted form for the duration of your use of the Service
• Account information: Retained until you request deletion or close your account
• Subscription data: Retained as required for billing, tax, and legal compliance purposes (minimum 7 years for tax records, or as required by applicable law)

We implement technical and organizational measures to protect your information, including:

• Encrypted transmission (e.g., HTTPS, TLS) and storage of sensitive data
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to personal data
• Secure development practices and regular security training for our team
• Enhanced security measures for Pro tier features including isolated processing environments

In the event of a data breach that may affect your personal data, we will notify you without undue delay, consistent with our legal obligations.

When you report inaccurate predictions by clicking the designated button:

• We copy only the specific email content necessary for improving our service
• Any personally identifiable information (PII) is automatically removed
• The de-identified content is used solely for service improvement purposes
• Original email content is never stored on our servers in its complete form
• De-identified reported content is retained for a maximum period of 90 days, after which it is permanently deleted

We do not sell or rent your personal information to third parties. We only share your information in the following circumstances:

5.1 Service Providers

• Cloud Infrastructure: Amazon Web Services (AWS)
• Payment Processing: Stripe for subscription billing and payment processing (Pro tier only)
• Security Intelligence Providers: Partners supplying threat intelligence feeds and malware detection databases (Pro tier only)
• Analytics & Monitoring: Tools used for performance and error tracking (aggregated and de-identified data only)

All service providers are bound by strict confidentiality agreements and are permitted to use your data only for providing services to us.

5.2 Other Circumstances

• With Your Consent: If you explicitly authorize us to share specific information
• For Legal Compliance: To comply with applicable laws, regulations, or legal requests
• Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event of bankruptcy

Our Browser extension requires the following permissions:

• Read and change your data on websites you visit: This allows us to analyze email content on supported email provider websites to identify security threats and provide categorization
• Display notifications: To alert you about potential security issues and categorization results
• Read your browsing history: Limited only to email provider domains to enable email security features
• Access to downloads (Pro tier): For attachment scanning functionality
• Network requests (Pro tier): For link scanning and real-time threat intelligence

These permissions are used only for the purposes of providing our email security services and are not used to track general browsing activity.

Ṣọ Email Security adheres to the applicable requirements for each email service provider, including:

• Google's Limited Use Requirements (for Gmail)
• Microsoft's API Terms of Use (for Outlook, Hotmail, and Office 365)
• Similar requirements for other supported email providers

In all cases, your email data is:

• Used only for providing or improving the Services
• Not used for advertising purposes or shared with third parties
• Handled securely and kept confidential at all times

When using Google Workspace APIs (including Gmail):

• We do not use these APIs to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models
• Any AI/ML models developed using data from Google Workspace APIs are specifically tailored to the email security functions of our service and are not used for general-purpose AI applications
• Our use of these APIs is limited to the specific functionality of the Ṣọ Email Security service as described in this Privacy Policy
• We comply with all requirements set forth in Google's API Services User Data Policy

You have the right to:

• Access your information: You can request a copy of the personal information we hold about you by emailing soemailfeedback@soemailsecurity.com
• Correct your information: You can update your account information through your account settings or by contacting us
• Delete your information: You can request deletion of your account and associated data by emailing soemailfeedback@soemailsecurity.com
• Downgrade subscription: Pro subscribers can downgrade to Free tier while retaining basic functionality
• Revoke access: You can revoke our access to your email account by visiting your email provider's account permissions or security page:
  • Google: https://myaccount.google.com/permissions
  • Microsoft: https://account.microsoft.com/permissions
  • Yahoo: https://mobileapi.yahoo.com/oauth2/authorize

You may:

• Opt out of email communications: Follow the unsubscribe instructions in any email we send
• Opt out of reporting: False positive reporting only occurs when you explicitly click on the reporting link. You can choose not to click this link and still use the core service without any limitations
• Disable specific features: Pro subscribers can selectively disable link scanning, attachment scanning, or authentication validation while maintaining other Pro features
• Limit permissions: You can choose not to provide certain permissions to our extension, but this may limit the functionality of the Services

When you click on the reporting link for a false positive, you are providing explicit consent to copy and process the relevant email content as described in Section 4.3. This consent is provided on a case-by-case basis, as reporting only occurs when you actively choose to click the reporting link.

If you are a California resident, you also have the right to:

• Know what personal information we collect and how it is used
• Request deletion of personal information
• Request correction of inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell or share)
• Limit the use of Sensitive Personal Information (SPI), where applicable

Our Services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 13 (COPPA compliance). In the European Union, the minimum age for consent varies between 13 and 16 depending on local law.

If you become aware that a child has provided us with personal information without appropriate parental consent, please contact us at soemailfeedback@soemailsecurity.com. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

We are committed to complying with applicable privacy regulations, including:

• General Data Protection Regulation (GDPR): For users in the European Economic Area, we respect your rights to access, correct, delete, and port your personal data, and to object to certain processing activities
• California Consumer Privacy Act & California Privacy Rights Act (CCPA/CPRA): For California residents, we respect your rights as outlined in Section 8.4
• For EEA/UK residents, transfers rely on Standard Contractual Clauses (SCCs) or other recognized safeguards.

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Post the updated policy on our website with an updated effective date
• Notify you via email and/or a prominent notice on our website
• Update the "Effective Date" at the top of this page
• In some cases, seek your explicit consent to continue using our Services with the new terms

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: soemailfeedback@soemailsecurity.com
• Mailing Address: SO Labs, 7909 Flint Rd SE #202 Calgary AB T2H 1G3 Canada

By using our Services, you acknowledge that you have read and understood this Privacy Policy. Your continued use of the Services constitutes your agreement to its terms.