Privacy Policy

1. Introduction

Gmelius SA ("Gmelius," "we," "us," or "our") is a Swiss-registered company (CHE-411.148.873) dedicated to transforming email management and collaboration through innovative products. Our headquarters are located in Geneva, Switzerland.

2. Information We Collect

We adhere to a policy of minimal data collection. The information we may collect includes:

Personal Information:

• Name
• Email address
• Profile picture or Gravatar
• Timezone and language preferences
• Gmail signatures and aliases
• List of labels and calendars
• Gmelius configuration and data (e.g., subscription details, templates, notes, campaigns)
• Thread IDs, Draft IDs, Message IDs linked to Gmelius features (e.g., shared labels, sequences)

When Email Tracking is Enabled:

• Subject and recipients of tracked emails to notify you of opens and display related activities.

When AI Reply Assistants are Enabled:

• Email content.

3. How We Use Your Information

We use the collected information to:

• Personalize your experience and respond to your individual needs.
• Improve our services based on your feedback.
• Enhance customer support by effectively addressing your inquiries.
• Communicate with you about our products and services, including promotional offers.

4. Third-Party AI Models

Gmelius leverages Google's Gemini models to enhance features such as email categorization ("AI Tagging", "AI Sorting Assistants") and draft reply generation ("AI Reply Assistants").

AI Sorting Assistants:

• We only process the email subject and body in real-time for categorization purposes. This data is not stored on our servers.

AI Reply Assistants:

• We only process the email body to generate draft replies. This data is securely stored on our servers using advanced encryption to improve personalization. Users can delete their data at any time.

All stored email content is encrypted. Google's Gemini models do not retain any data after processing; it is deleted immediately once its purpose is fulfilled. Processing is conducted solely to deliver our services and is not used for any other purposes.

5. User Consent and Data Deletion

We require explicit user consent before processing any data with our AI models. Users have the ability to delete their data at any time, ensuring complete control over their personal information.

We maintain a strict zero data retention policy with our AI service providers. Google's Gemini models do not retain any customer data on their servers beyond immediate processing requirements, ensuring that your data is promptly deleted after use. For more information, please refer to Google's data governance policy.

This approach ensures that while your email content is used to enhance our services, it remains protected by encryption and is processed only for its specific, intended purpose.

6. Data Security

We implement robust security measures to protect your information, including:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS. Data at rest is also encrypted.
• Access Controls: Access to user data is restricted to authorized personnel on a need-to-know basis.
• Regular Audits: Our infrastructure and practices are monitored 24/7. We are SOC2 Type II certified. For more details, visit our Trust Center.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. You can delete your Gmelius account and associated data at any time from your Account page. Please note that some data may remain in our backups for up to 90 days.

8. Third-Party Services

We may share your personal information with trusted third-party service providers who assist us in operating our website, conducting our business, or servicing you, provided they agree to keep this information confidential. We do not sell or trade your personal information.

9. Analytics Services

We use third-party analytics services, including Google Analytics and Microsoft Clarity, configured to anonymize your IP addresses and not transmit any personally identifiable information (PII). We also use HubSpot's analytics services to understand how you use our services. For more information on HubSpot's privacy practices, please refer to their Privacy Policy.

10. Payment Processing

We rely on third parties to process credit card transactions and do not store your credit card details. Currently, we use the services of Stripe, Inc. (certified PCI level 1). For more information on Stripe's privacy practices, please refer to their Privacy Policy.

11. Links to Other Websites

Our services may contain links to other websites not operated or controlled by Gmelius. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

12. Children's Privacy

We are committed to protecting the privacy of children aged 16 or under. If you are aged 16 or under, please obtain your parent or guardian's permission before providing us with personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by email or by posting a notice on our website. We encourage you to review this Privacy Policy periodically.

14. Applicable Law

This Privacy Policy is governed by the substantive laws of Switzerland. Any disputes arising out of or relating to this policy shall be subject to the jurisdiction of the competent courts of the Canton of Geneva, with the jurisdiction of the Swiss Federal Court expressly reserved.