Privacy Policy

Effective 2026-05-11.

AI for Mail reads your Fastmail inbox at your request, asks an AI to classify messages, and writes server-side rules so future mail sorts itself. The whole product is structured around not keeping your email content. This page explains exactly what data we touch and what we keep.

1. Who we are

The service is operated by Veridit AS, a Norwegian limited company.

• Organisation number: 993255076
• Registered address: Bjerkealléen 39, 0487 Oslo, Norway
• Email for privacy questions: hello@ai-for-mail.com

Veridit AS is the data controller for personal data processed through AI for Mail.

2. Data we store

The following are kept in our Postgres database on EU-hosted infrastructure (Hetzner, Germany):

• Account credentials: the email address and password you use to sign in to AI for Mail (password hashed via Django's default algorithm).
• Fastmail OAuth tokens: the access and refresh tokens we receive when you connect your Fastmail account, used to call JMAP on your behalf. Encrypted at rest with Fernet (AES-128-CBC + HMAC-SHA256).
• AI provider API keys, if you choose to bring your own. Encrypted at rest the same way.
• Per-email classification metadata: the category our AI assigned (e.g. Primary, Marketing), the model name used, request duration, and token counts. No subject, no sender, no body.
• Your UserProfile: the short questionnaire from onboarding (your name, work context, key collaborators by name) that the rule generator uses for personalisation. Editable from settings at any time.
• Generated rules: the conditions and target folders our AI proposes and you approve.
• Aggregate usage records: date, plan tier, count of AI calls, model used. We keep these for invoice substantiation per Norwegian bookkeeping law (see Retention).

3. Data we do NOT store

By design, the following never reach our database:

• The content of your emails — bodies, attachments, subjects, headers.
• The full text of prompts we send to AI providers.
• The full text of responses we receive from AI providers.

Email content does pass through our service in transit when we make a JMAP call to Fastmail and a prompt call to your AI provider, but it is not persisted in our database. In development we may write prompt and response files to disk for debugging; this is gated behind a setting and disabled in production.

4. Demographic data for product research

During onboarding we ask optional, general demographic questions (such as broad profession category, country, mailbox size band). Answers are written immediately to a separate statistical database with no account identifier, no IP, and no timestamp narrower than month. The link to your account is severed at the moment of collection — your responses cannot be traced back to you.

We do not keep a per-account copy of demographic answers. Your account record contains only what is necessary to operate the service and to substantiate invoices under Norwegian law (see section 2).

We use the anonymous statistics to understand who our users are and where the product needs improvement. Because they cannot be reconnected to any individual, they are kept indefinitely.

Answering demographic questions is optional. Skipping them does not limit the rest of the service.

5. Sub-processors

To deliver the service we share data with the following processors:

• Fastmail (Fastmail Pty Ltd, Australia / Philadelphia) — your mailbox. We hold an OAuth token to read messages and write rules on your behalf.
• The AI provider you select — the contents of individual emails are sent in prompts. Default is Deepseek (China). You may choose OpenAI (US), Anthropic (US), Google (US), or x.ai (US) instead, or supply your own key.
• Hetzner Online GmbH (Germany) — VPS hosting, Postgres database storage.
• Stripe, Inc. (US, with EU subsidiaries) — anticipated, for subscription billing. Not yet integrated; this page will be updated when it is.

For US-based processors we rely on the EU-US Data Privacy Framework adequacy decision. For Australia (Fastmail) we rely on standard contractual clauses where applicable.

6. Cookies and analytics

We set a single functional cookie: Django's session cookie, used to keep you signed in after login. This is strictly necessary for the service and does not require consent under GDPR.

We run our own analytics on our own infrastructure — no third-party analytics services. We log aggregate page views, browser type, screen size, country (derived from the visitor's IP and then discarded), and referring URLs. We do not set tracking cookies, do not collect personal data, and do not share data with third parties. Visitor IPs are hashed with a daily-rotating salt and never stored in raw form.

We do not and will not use Google Analytics, Meta Pixel, or any third-party advertising tracker.

7. Your rights

Under the GDPR you have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — have your data deleted (subject to retention obligations below).
• Portability — receive your generated rules and UserProfile in a machine-readable format.
• Restriction — limit processing in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Complaint — lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

To exercise any of these, email hello@ai-for-mail.com. We aim to respond without undue delay, and within one month at the latest. For complex or numerous requests we may extend by up to two further months and will let you know within the first month if so.

8. Retention

When you delete your account:

• 90-day grace period — your account is disabled but recoverable. Used to allow undo of accidental deletion.
• After 90 days — all personal data (account credentials, OAuth tokens, API keys, classifications, UserProfile, rules, per-account demographic copy) is purged from production databases.
• Anonymous statistical data (from section 4) is kept indefinitely. It cannot be used to identify you.
• Aggregate usage records are retained for 10 years as required by the Norwegian Bookkeeping Act (bokføringsloven) to substantiate invoices. These records contain no email content, no sender or recipient information, and no rule content — only counts, dates, plan tiers, and model names. They cannot be used to reconstruct what your mail looked like.
• Backups — encrypted Postgres backups roll off after 12 months. Deletion in the live database is irreversible after 90 days plus the backup cycle.

9. Age requirement

AI for Mail mirrors Fastmail's age policy: the service is intended for users aged 13 and above. We do not knowingly accept accounts from younger users. If you believe a child under 13 has signed up, email us and we'll remove the account.

10. Changes to this policy

Material changes are announced via email to active subscribers at least 30 days before they take effect. Non-material changes (clarifications, additional sub-processors that don't change the data category) are reflected here without notice.

11. Security

We follow industry-standard practices: TLS in transit, Fernet (AES-128-CBC + HMAC-SHA256) encryption for sensitive fields at rest, hashed account passwords, scoped OAuth tokens. Access to production systems is restricted to authorised personnel.