Privacy Policy for Emailx

Effective Date: 22/12/2024

Welcome to Emailx. Protecting your privacy is our top priority. This Privacy Policy outlines how Julien Paltrinieri (Partita IVA), operating as Emailx (Ditta Individuale), collects, uses, and safeguards your personal information. We are fully compliant with the General Data Protection Regulation (GDPR) and all other applicable laws, including Google's API Services User Data Policy.

By using our website or services, you agree to the terms outlined in this policy.

1. Identity and Contact Information

This section provides the clear, stable, and professional identity Google requires from all developers, including Partita IVA freelancers.

Detail	Information
Owner/Data Controller	Julien Paltrinieri
Partita IVA (VAT Number)	14364730961
Registered Address	VIA S SIMPLICIANO 1, 20121 MILANO (MI), ITALIA
Email for Privacy/Data Protection Inquiries	team@emailx.ai

2. Information We Collect and Third-Party Sources

We collect data based on our legitimate interest to provide and improve our services and with your explicit consent where required.

2.1. Information You Provide Directly

Contact & Account Information: Name, email address, phone number, and any details provided when creating an account or subscribing.
Feedback and Communication: Data submitted through bug reports, surveys, or email correspondence.

2.2. Information Collected Automatically

Device & Browser Data: IP address, browser type, device information, operating system, and referring/exit pages.
Usage Data: Time spent on our website, pages viewed, and interactions.
Cookies and Tracking: Collected via cookies or similar technologies to improve functionality (see Section 8).

2.3. Information from Third-Party Sources (Crucial for Google Acceptance)

We only collect data from third parties with your explicit authorization.

Third-Party Source	Data Collected	Purpose
Google API (Gmail)	Email content, metadata (subject, sender, recipients, timestamps)	To allow users to send personalized emails and analyze email history for AI-driven response suggestions (see Section 3.2).
Unipile API (to access LinkedIn data)	Profile data (Name, Job Title, Company, Public Profile URL)	To enrich contact profiles for better campaign personalization and targeting within the Emailx application.
Google Analytics	Website interaction, user demographics (anonymized)	To analyze website performance and user behavior for optimization.

3. How We Use Your Information and Justification of Sensitive Scopes

3.1. General Processing Purposes

Service Delivery: To provide and maintain access to the Emailx service, including updates and technical support.
Communication: To send essential service updates and respond to user inquiries.
Website & Product Optimization: To analyze usage and improve our platform's design and features.
Compliance: To meet legal obligations and enforce our Terms & Conditions.

3.2. Justification for Sensitive Gmail API Scopes

For the service to function, we request access to the following sensitive Google User Data Scopes. This access is strictly necessary for the service's core, user-facing features:

Requested Scope	Clear, Specific Justification
`https://www.googleapis.com/auth/gmail.readonly`	This scope is strictly necessary to detect replies to previously sent email campaigns. Allowing emailx to calculate reply rates, positive reply rates and bounce rates. Replies detected are also used to halt email campaigns, preventing spam. We do not use this data for advertising.
`https://www.googleapis.com/auth/gmail.send`	This scope is strictly necessary to allow you to send emails directly from the Emailx application after they have been personalized and generated by our service.

Important Note on Google User Data: Our use of information received from Google APIs will strictly adhere to the Google API Services User Data Policy, including the Limited Use requirements. We will only use this data to provide or improve user-facing features and will not transfer or sell this data for advertising or any other unauthorized purpose.

4. Data Retention Periods (Crucial for Google Acceptance)

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to satisfy legal, accounting, or reporting requirements.

Category of Data	Retention Period
Account/Contact Data	Retained for 12 months after the account is closed or the last service interaction, unless a longer period is required by law.
Usage/Analytics Data	Retained for 26 months from the time of collection.
Gmail/Unipile API Data	Retained only for the duration of your active subscription and deleted immediately upon account closure or withdrawal of API consent.
Legal/Financial Data	Retained for 10 years as required by Italian tax and civil law.

5. Sharing, Security, and International Transfers

5.1. Sharing Your Information

We do not sell your personal data. We only share it with:

Service Providers: Third parties providing essential services (hosting, analytics, email delivery) who are bound by strict contractual clauses to protect your data.
Legal Obligations: To comply with applicable laws or protect the rights, property, or safety of Emailx.
Business Transfers: In the event of a merger, acquisition, or sale of assets.

5.2. Data Security

We implement robust technical and organizational measures to safeguard your personal data, including:

Encryption (SSL/TLS) for all data transmission.
Regular security audits and vulnerability assessments.
Strict access controls to internal systems.

If you suspect a data breach, contact us immediately at team@emailx.ai.

5.3. International Data Transfers

Your personal data may be transferred to countries outside the European Economic Area (EEA), such as the United States. In such cases, we ensure that adequate safeguards are in place, primarily by utilizing Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data to the required standard.

6. Your Data Protection Rights (GDPR)

Under the GDPR, you have the following rights:

Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Correct inaccurate or incomplete personal data.
Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal or contractual obligations.
Right to Data Portability: Receive your personal data in a structured, commonly used format.
Right to Object: Object to processing for direct marketing or legitimate interests.

To exercise your rights, please contact us at team@emailx.ai.

You also have the Right to Lodge a Complaint with your local Data Protection Authority (DPA). In Italy, this is the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).

7. Children's Privacy and Updates

Our services are strictly not intended for users under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will take immediate steps to delete the information and terminate the account.

8. Cookies and Tracking

8.1 Strictly Necessary Cookies

Required for the application to perform its basic functions, such as managing your login session and remembering your preferences. These cannot be disabled.

8.2 Analytics Cookies

Used to collect aggregated, anonymized information about how users interact with my website (e.g., which pages are most popular) via services like Google Analytics.

9. Updates to This Privacy Policy

We may update this policy to reflect changes in our services or legal requirements. We will notify you of significant changes by email or through a prominent notice on our website prior to the change becoming effective.