Privacy Policy

1. The VoiceToMail Chrome Extension: The client-side software installed in the user's browser that captures voice input and interacts with the Gmail interface.
2. The VoiceToMail Web Platform: The cloud-based dashboard used for account management, subscription billing, and data rights administration, available at voicetomail.eu.
3. Backend API Services: The secure infrastructure hosted on Google Cloud Platform (GCP) that facilitates AI inference, user authentication, and service administration.

This Policy does not govern the practices of third parties or services that users may interact with independently of VoiceToMail, such as the Google Gmail service itself, except where explicitly described herein regarding our integration.

Daniele Donzello
Juliana Ursyna Niemcewicza 26 lok. 57, 02-306 Warszawa
NIP (Tax Identification Number): 7011250684
Jurisdiction: Poland (European Union)
Regulatory Authority: President of the Personal Data Protection Office (Prezes Urzedu Ochrony Danych Osobowych, UODO)

For the processing of Gmail message content and voice inputs, VoiceToMail acts primarily as a Data Processor (or Service Provider) on behalf of the user, who retains the role of Data Controller over their specific email content. However, VoiceToMail assumes Controller responsibilities regarding the security, retention, and sub-processing of this data while it is within our infrastructure.

Inquiries regarding this Policy or the exercise of user rights should be directed to our privacy office:

• Email: legal@voicetomail.eu
• Subject Line: "Privacy Compliance Inquiry"

VoiceToMail's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This signifies that our handling of data obtained through Google API scopes is governed by stricter standards than standard personal data.

In strict adherence to Google's verification requirements for sensitive scopes, we legally bind ourselves to the following limitations:

1. User-Visible Features Only: We only access Gmail data to provide features that are prominently visible and requested by you, the user. Specifically, this includes drafting emails from voice notes, generating AI replies based on thread context, and summarizing email threads. We do not use Gmail data for background processes unrelated to these explicit tasks.
2. Prohibition on Advertising: We never use Gmail data for advertising. We do not sell, transfer, or analyze your email content or metadata for serving ads, including retargeting, personalized, or interest-based advertising.
3. Prohibition on Profiling: We do not use email content to build personal profiles of users for creditworthiness, lending, or marketing demographics.
4. No Data Transfer: We do not transfer Gmail data to third parties, except as necessary to provide the features (e.g., sending text to our AI provider for drafting), for security purposes (investigating abuse), to comply with applicable law, or as part of a merger/acquisition where the successor entity agrees to these same terms.

No human at VoiceToMail reads your emails. We strictly prohibit human access to user data unless:

• You have provided affirmative, specific consent for us to view a specific message (e.g., for a complex support ticket).
• It is necessary for security purposes, such as investigating a vulnerability or abuse.
• It is required to comply with applicable law or a valid legal process.
• The data is aggregated and fully anonymized for internal operations (e.g., statistics on average email length) and contains no personally identifiable information.

Data Type: Raw audio captured via the microphone.
Collection Method: Browser-native webkitSpeechRecognition API.
Processing Location: Voice data is processed using the browser's built-in speech recognition capabilities. In Google Chrome, the webkitSpeechRecognition API transmits audio data to Google's cloud-based speech recognition servers for transcription. The audio is processed by Google and the transcribed text is returned to the browser. VoiceToMail's own servers never receive raw audio data. See Section 10 (Sub-Processors) for Google's role as a sub-processor in this context.
Storage: None. VoiceToMail does not upload, store, or archive raw audio files on our servers. The audio data exists transiently in the browser's volatile memory and is discarded immediately after transcription by the browser's speech recognition service.

Data Type: Email subject lines, body text, recipient lists, sender information, and timestamps ("Thread Context").
Collection Method: Accessed via the Gmail API and secure reading of the Gmail interface (DOM) when you trigger a "Generate Reply," "Generate Email," or "Summarize" action. The extension reads the email thread currently visible in your Gmail compose or reading view.
Purpose: To allow the AI to understand the context of the conversation so it can generate a relevant response.
Storage: Ephemeral. This data is processed in real-time and transmitted to our AI sub-processors solely for the purpose of generating a response. We do not permanently store email content on our servers. Any temporary cache required for processing is automatically purged within 30 days or immediately upon session termination.

Data Type: Button clicks (e.g., "Start Recording," "Insert Draft"), feature usage counts, error logs, performance latency metrics, and application version information.
Collection Method: Captured via the PostHog analytics suite.
Privacy Control: All telemetry is pseudonymized. Events are associated with your Firebase User ID (a persistent, unique account identifier) rather than your name or email address. This means that while your identity is not directly visible in our analytics dashboard, your behavioral patterns (such as which features you use and when) can be associated with your account. Pseudonymized data remains personal data under GDPR, and we process it under our legitimate interest in improving service quality and reliability (GDPR Art. 6(1)(f)).
Cookie Consent: On the VoiceToMail website (voicetomail.eu), PostHog uses cookies and local storage for session tracking. We will ask for your consent before placing analytics cookies. You can manage your analytics preferences at any time through our cookie settings. See Section 15 (Cookies and Tracking Technologies) for details.
Purpose: To identify bugs, optimize latency, understand feature adoption, and improve the service.
What We Do NOT Track: We do not track the content of your actions (i.e., we know you clicked "Generate," but we do not know what you generated or the content of your emails).

Data Type: Google User ID (UID), email address, display name, and profile picture URL.
Collection Method: Via Firebase Authentication (Google Sign-In).
Purpose: To authenticate your session, enforce subscription limits, and sync preferences across devices.

Data Type: Subscription tier, payment status, renewal dates, transaction history, and one-time purchase records (package type, purchase amount, payment status, generation credits granted).
Collection Method: Provided by Stripe, our payment processor.
Purchase Records: When you purchase a Generation Pack, we store a purchase record containing the Stripe session identifier, package details, generation credits granted, and timestamps. Purchased generation credits are tracked in your account balance and do not expire during active service.
Failed Purchase Handling: In the rare event that a purchase processing error occurs, the transaction details are stored in a dead letter queue for manual review. Dead letter records are automatically purged after 30 days.
Security Note: VoiceToMail never accesses, handles, or stores full credit card numbers or CVC codes. This data is handled exclusively by Stripe's PCI-DSS compliant infrastructure.

Data Type: User-configured preferences including language, tone, auto-generate settings, and custom instructions (free-text, max 500 characters).
Storage Mechanism: Stored server-side in your account profile (Firestore).
Purpose: To personalize AI-generated email drafts according to your preferences. Custom instructions are incorporated into the AI generation prompt to tailor outputs to your needs.
Privacy Note: Custom instructions may contain personally identifiable information (e.g., your name, title, organization). This data is included in data exports and deleted upon account deletion.

Data Type: User preferences (e.g., theme selection, onboarding completion status), extension session data.
Storage Mechanism: chrome.storage.local (for the extension) and localStorage (for the website).
Access: This data resides physically on your device. VoiceToMail servers do not access this data unless you explicitly initiate a synchronization action.

Data Type: When you generate an email, we create a generation record containing: a unique generation ID, your pseudonymized user identifier, identifiers of the prompt template and AI model used, input and output measurements (character counts, token counts, processing time, estimated cost), your satisfaction rating (if provided), and whether the generation used "Thinking Mode."
What We Do NOT Store: We do not store your actual input text, email context, or the generated email content. Only metadata and measurements are retained in generation records.
Purpose: To optimize prompt and model selection (see Section 5.3), monitor service quality, calculate usage costs, and improve the service over time.
Retention: Generation records are retained for 12 months and then automatically deleted.

Data Type: Like/dislike ratings on generated emails, linked to generation IDs. Aggregate feedback statistics: total ratings count, pending bonus credits, and bonus generation balance.
Purpose: To improve the quality of AI-generated emails through service optimization, and to provide bonus generation credits as an incentive for feedback (1 free generation for every 5 ratings).
Lawful Basis: Contractual necessity (the feedback incentive system is part of the service) and legitimate interest (improving service quality).

Data Type: Name, email address, message content, and IP address.
Collection Method: Via the contact form on the VoiceToMail website.
Purpose: To respond to your inquiry, prevent abuse, and maintain correspondence records.
IP Address: Your IP address is collected for fraud prevention and abuse detection purposes. IP addresses are personal data under GDPR. The lawful basis for this processing is our legitimate interest in preventing abuse (Art. 6(1)(f)).

Data Type: Your browser's language preference (navigator.language).
Collection Method: Read from the browser's API when you first access the website or extension.
Purpose: To set the default display language for the Service interface.
Storage: Stored locally on your device as a preference setting. Not transmitted to our servers unless you explicitly change your language preference in account settings.
Legal Basis: This is strictly necessary for providing the Service in your preferred language and does not require consent under the ePrivacy Directive.

We transmit text transcripts and email context to the following providers for AI processing:

1. OpenAI, L.L.C. (United States): For high-complexity drafting and summarization.
2. Google Gemini (via Google Cloud Vertex AI): For specific processing tasks.

Additionally, some AI processing may occur on self-hosted infrastructure within our Google Cloud Platform environment, using open-source models. In these cases, your data remains within VoiceToMail's infrastructure and is not transmitted to a third-party AI provider.

We use statistical optimization (Thompson Sampling) to automatically select the best-performing prompt templates and AI models for each email generation request. This automated selection is based on aggregate user satisfaction data across all users, not on your individual profile or personal characteristics. You retain full control over all generated content: you can reject any generated result and request a different version (which will use a different prompt and model combination), edit the result, or discard it entirely.

We configure our AI integrations to minimize data retention.

• Abuse Monitoring: AI providers may retain inputs for a maximum of 30 days solely for the purpose of monitoring for abuse (e.g., generating illegal content). This data is encrypted, accessible only to authorized security personnel, and is deleted automatically after the retention window.
• No Secondary Use: The AI providers are contractually restricted from using your data for profiling, advertising, or any purpose other than returning the generated text to VoiceToMail.

VoiceToMail offers an optional "Thinking Mode" feature. When enabled, the AI performs a two-step process: first analyzing the email situation, then generating a reply based on that analysis. The analysis output ("thinking") is streamed to you in real time but is not stored on our servers. Only token counts and performance measurements from the thinking step are retained for cost analysis. Thinking Mode consumes two (2) quota units per generation.

Scope: We rely on your explicit, affirmative consent for the processing of Gmail data and voice data.
Mechanism: This consent is obtained through the Google OAuth consent screen (where you grant specific permissions) and the browser permission prompt (for microphone access).
Revocability: You may withdraw this consent at any time by revoking the OAuth token in your Google Account settings or removing the extension.

Scope: Processing your account credentials, subscription status, preferences, custom instructions, and facilitating the technical transmission of data to the AI provider.
Justification: This processing is strictly necessary to deliver the service you have subscribed to (i.e., we cannot generate an email draft without processing the text).

Scope: Collecting pseudonymized usage telemetry (PostHog analytics), enforcing security protocols, preventing fraud, IP address collection from the contact form, and generation metadata storage for service optimization.
Justification: We have a legitimate interest in ensuring our Service is secure, bug-free, and operational. We have balanced this interest against your privacy rights by strictly pseudonymizing analytics data, minimizing data collection, and providing opt-out mechanisms where feasible.

Scope: Retaining financial transaction records, including subscription invoices and one-time purchase records.
Justification: We are required by EU tax laws and Polish accounting standards to retain invoice and payment data for a statutory period (typically 5-7 years).

You may trigger the deletion of your data through the following methods:

• Web Dashboard: Selecting the "Delete Account" option will immediately scrub your identity from our active databases, delete all associated generation records, feedback data, preferences, and custom instructions, and revoke our access tokens.
• Data Export: You may request a complete export of your personal data (account metadata, preferences, generation history metadata, feedback statistics, subscription history) via the Settings dashboard before deletion.
• Extension Interface: You may manually clear your local preferences and session data at any time via the extension settings or by removing the extension.

Note: Account deletion does not delete emails inside your Gmail account, as those are stored by Google, not us. Financial records required by tax law are retained in anonymized form.

We prioritize vendors who are certified under the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework.

• Google LLC: Certified.
• OpenAI, L.L.C.: Certified (or ensuring equivalent protection).
• Stripe, Inc.: Certified.
• PostHog, Inc.: EU-hosted instance (see Section 10).

Where a vendor is not certified under the DPF, or where the DPF does not apply, we rely on the European Commission's Standard Contractual Clauses (SCCs) as a legal transfer mechanism. These clauses contractually bind the vendor to protect your data to European standards, including requirements for encryption and government access challenges.

In the event of a confirmed data breach affecting personal data, VoiceToMail will:

1. Notify the Polish supervisory authority (UODO) within 72 hours of becoming aware of the breach, where feasible.
2. Notify affected users without undue delay if there is a high risk to their rights and freedoms.
3. Execute a containment and remediation plan to mitigate harm.

You may request a complete export of your personal data (account metadata, preferences, custom instructions, generation history metadata, feedback statistics, subscription history) in a machine-readable format (JSON) via the Settings dashboard.

You can update your profile information, display name, and preferences directly within the application settings (both the extension popup and the web dashboard).

You may request the permanent deletion of your account. Upon this request:

• We delete your account metadata from Firebase.
• We delete your generation records, feedback data, preferences, and custom instructions.
• We delete your Stripe customer token (subject to legal retention of invoice records for up to 7 years).
• We purge any cached email context.
• We remove your pseudonymized identifier from PostHog analytics.

Note: This does not delete emails inside your Gmail account, as those are stored by Google, not us.

You may choose to disable specific features (e.g., auto-generate, Thinking Mode) which restricts our processing of your data. You may also opt out of analytics tracking on the website via the cookie consent settings.

You have the right to object to processing based on our legitimate interests (Section 6.3). Upon receiving an objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

You can stop all Gmail data collection immediately by revoking VoiceToMail's access to your Google Account. Go to https://myaccount.google.com/permissions, select "VoiceToMail," and click "Remove Access."

You have the right to lodge a complaint with the supervisory authority:
Prezes Urzedu Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warszawa, Poland
Website: https://uodo.gov.pl

To exercise any of your rights, contact us at legal@voicetomail.eu. We will respond within 30 days as required by GDPR. We may need to verify your identity before fulfilling certain requests.

In the past 12 months, we have collected:

• Identifiers (Name, Email, IP Address from contact form).
• Commercial Information (Subscription purchase history, one-time purchase history).
• Internet Activity (Extension interaction logs, pseudonymized usage telemetry).
• Sensitive Personal Information (Gmail content, strictly for service functionality under user control).

VoiceToMail does not sell your personal information. We do not "share" your personal information for the purpose of cross-context behavioral advertising.

You have the right to limit the use of your sensitive personal information (Gmail content) to that which is necessary to perform the services. We automatically adhere to this limitation by default (see Section 3 "Limited Use").

California residents may designate an authorized agent to make a request on their behalf. We will verify the agent's authority and your identity before processing such requests. We will not discriminate against you for exercising your privacy rights.

Our website uses the following categories of cookies and similar technologies:

Essential (Always Active):

• Authentication session tokens (Firebase Auth)
• CSRF protection tokens
• Theme and language preferences (stored in localStorage)

These are strictly necessary for the website to function and do not require consent.

Analytics (Requires Consent):

• PostHog tracking cookies and localStorage entries for session identification, feature usage analysis, and performance monitoring.
• These are placed only after you grant consent via our cookie banner.

We do not use marketing or advertising cookies.

The Chrome Extension uses chrome.storage.local to store your preferences, session data, and extension settings. This storage is governed by the Chrome Web Store policies and your installation consent, and is necessary for the extension to function.

You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in our website footer. You may also configure your browser to reject all cookies or to notify you when a cookie is set, though this may affect website functionality.