Privacy Policy

1. Information We Collect

Personal Information You Provide

• Account Information: Name, email address, password (encrypted), environmental preferences
• Profile Data: Profile picture, bio, sustainability goals, eco-commitment preferences
• Communication Data: Email content, attachments, and metadata when using our service
• Payment Information: Billing address, payment method details (processed by our secure payment partners)
• Support Communications: Messages, feedback, and correspondence with our support team

Information We Collect Automatically

• Usage Data: How you interact with our service, features used, time spent
• Device Information: Device type, operating system, browser type, IP address
• Log Data: Access times, pages viewed, errors encountered
• Environmental Impact Data: Trees planted, CO₂ offset, renewable energy usage metrics

Information from Third Parties

• Social Login: Basic profile information when you sign up using Google or Apple
• Environmental Partners: Tree planting confirmations, carbon offset verifications

2. How We Use Your Information

Primary Uses

• Provide, maintain, and improve our email services
• Process and deliver your emails securely
• Calculate and track your environmental impact
• Facilitate tree planting and carbon offset programs
• Authenticate your account and prevent fraud
• Provide customer support and respond to inquiries

Communication

• Send service-related notifications and updates
• Share monthly environmental impact reports (if opted in)
• Notify you about new sustainability features
• Provide important account or security information

Analytics and Improvement

• Analyze usage patterns to improve our service
• Optimize renewable energy usage across our servers
• Develop new eco-friendly features
• Measure and report on our collective environmental impact

3. Data Sharing and Disclosure

Service Providers

• Infrastructure Partners: Secure cloud hosting providers (Amazon Web Services, Google Cloud)
• Payment Processors: Stripe, PayPal for processing payments securely
• Environmental Partners: Tree planting organizations, carbon offset providers
• Email Security: Anti-spam and security service providers

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to:

• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users
• Prevent fraud or abuse of our service
• Comply with legal obligations

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4. Data Security

Technical Safeguards

• End-to-End Encryption: All emails are encrypted in transit and at rest
• Zero-Knowledge Architecture: We cannot access your encrypted email content
• Secure Infrastructure: SOC 2 Type II certified data centers
• Regular Security Audits: Third-party penetration testing and vulnerability assessments
• Multi-Factor Authentication: Available for all user accounts

Organizational Safeguards

• Employee background checks and security training
• Principle of least privilege access controls
• Regular security awareness training
• Incident response and breach notification procedures

5. Your Rights and Choices

Account Controls

• Access: View and download your personal data
• Correct: Update or correct inaccurate information
• Delete: Request deletion of your account and data
• Export: Download your emails and data in standard formats
• Privacy Settings: Control what data we collect and how it's used

Communication Preferences

• Opt out of marketing communications
• Choose frequency of environmental impact reports
• Manage notification preferences
• Control data sharing with environmental partners

6. International Data Transfers

Green Mails is based in the United States. If you are accessing our service from outside the US, please note that your information may be transferred to, stored, and processed in the United States and other countries.

We ensure adequate protection for international transfers through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where available
• Additional technical and organizational measures for data protection

7. Data Retention

Active Accounts

• Account Data: Retained while your account is active
• Email Data: Stored according to your settings (up to unlimited)
• Environmental Data: Kept to track long-term impact
• Usage Logs: Retained for 90 days for security and optimization

Account Deletion

• Personal data deleted within 30 days of account closure
• Anonymized environmental impact data may be retained for sustainability reporting
• Legal obligations may require longer retention periods
• Backup systems purged within 90 days

8. Children's Privacy

Green Mails is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

For users between 13-16 in the EU, we require parental consent before collecting personal information.

9. GDPR Rights for EU Users

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

Your GDPR Rights

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing

Legal Basis for Processing

• Contract Performance: To provide our email services
• Legitimate Interests: Service improvement, security, environmental impact
• Consent: Marketing communications, optional features
• Legal Obligation: Compliance with applicable laws

Data Protection Officer

Our Data Protection Officer can be reached at: dpo@greenmails.com

10. CCPA Rights for California Users

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights

• Right to Know: Request disclosure of categories and specific pieces of personal information
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal treatment regardless of exercising privacy rights

California Privacy Rights Requests

To exercise your rights, contact us at: privacy@greenmails.com or call 1-555-PRIVACY

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:

• Notify you by email of material changes
• Post the updated policy on our website
• Provide a summary of key changes
• Give you time to review before changes take effect

12. Contact Information