1. Introduction

Misar AI Technology Pvt. Ltd. ("we," "our," or "us") operates Misar Mail ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the CAN-SPAM Act.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and password when you create an account
• Email Account Credentials: IMAP/SMTP credentials to connect your email accounts (encrypted using AES-256-GCM)
• Contact Lists: Email addresses and names of contacts you import or create
• Email Content: Emails you send through our campaign features

2.2 Information Collected Automatically

• Usage Data: How you interact with our Service
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP address (anonymized), access times, and pages viewed

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process and send your email campaigns
• Sync your connected email accounts
• Send you service-related notifications
• Respond to your inquiries and support requests
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract Performance: To provide the Service you requested
• Legitimate Interests: To improve our Service and prevent fraud
• Consent: For marketing communications (you can opt out anytime)
• Legal Obligation: To comply with applicable laws

5. Data Sharing

We do not sell your personal data. We may share information with:

• Service Providers: Trusted third parties who assist in operating our Service (e.g., hosting, email delivery)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Your Rights

6.1 GDPR Rights (EU Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Restriction: Limit how we process your data
• Objection: Object to certain processing activities

6.2 CCPA Rights (California Users)

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt out of the sale of personal information (we do not sell)
• Right to non-discrimination for exercising your rights

7. Data Security

We implement industry-standard security measures including:

• TLS encryption for data in transit
• AES-256-GCM encryption for sensitive credentials at rest
• Row-Level Security (RLS) for database access control
• Regular security audits and vulnerability assessments

8. Data Retention

We retain your personal data only as long as necessary to provide the Service and fulfill the purposes described in this policy. When you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

9. International Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data.

10. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children under 16.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance.

12. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at:

• Email: privacy@misar.io
• Data Protection Officer: dpo@misar.io