Privacy Policy

We may collect personal information that you provide directly or that is generated through your use of the Services, including:

• Name, display name, account name, or profile identifier.
• Email address, phone number, account login credentials, and authentication identifiers.
• Account preferences, language settings, notification preferences, and profile configuration.
• Customer support messages, feedback, attachments, and correspondence with Plyndrox AI.
• Billing-related identifiers if paid services are later enabled, such as subscription plan, invoice reference, or transaction status, while payment card details may be processed directly by payment processors and not stored by us.

For business users, especially users configuring Plyndrox WhatsApp AI or Plyndrox Inbox AI for business purposes, we may collect business-related information, including:

• Company name, brand name, business category, industry, website, location, operating hours, products, services, policies, pricing information, and frequently asked questions.
• Business verification materials, supporting documents, screenshots, identity-related information, or records needed to configure integrations or meet platform compliance requirements.
• Team member names, roles, contact details, permission settings, and administrative activity logs.
• Business knowledge documents, training instructions, response tone preferences, escalation rules, and automation configuration.

We may automatically collect technical and usage information when you access the Services, including:

• IP address, approximate location derived from IP address, browser type, browser version, operating system, device type, screen size, referring URL, pages visited, timestamps, session duration, and interaction events.
• API request metadata, webhook delivery logs, error logs, diagnostic information, latency, performance events, and security logs.
• Identifiers associated with authentication sessions, cookies, local storage, device tokens, and similar technologies used to maintain secure and reliable access.

When you use AI functionality, including Plyndrox AI, AI-powered automations within Plyndrox WhatsApp AI, or AI Inbox Analysis within Plyndrox Inbox AI, we may process:

• Prompts, messages, questions, commands, conversation threads, uploaded context, documents, notes, and files submitted to the Service.
• AI-generated responses, summaries, suggested replies, classifications, intent labels, priority scores, moderation outcomes, automation decisions, and related system outputs.
• Feedback signals such as thumbs-up/down, edits, regenerated responses, copied responses, deleted responses, dismissed suggestions, and user-submitted corrections.
• Context used to personalize or improve responses, such as selected tone, preferred language, business knowledge base, conversation history, and feature settings.

If you connect your Gmail account to Plyndrox Inbox AI using the Gmail Integration, we will access and process Gmail data on your behalf. This includes, but may not be limited to:

• Email message bodies, subject lines, quoted text, reply chains, and thread content, including any embedded links, formatted text, and inline text content.
• Sender and recipient email addresses, display names, CC and BCC metadata to the extent accessible through the Gmail API, and contact information appearing in email headers.
• Message timestamps, thread identifiers, message identifiers, label identifiers, folder structure, read/unread status, starred status, and archival status.
• Attachment filenames, MIME types, and attachment size metadata — note that we do not by default read attachment content unless a specific feature requiring attachment analysis is activated and separately disclosed.
• Gmail labels, categories, filters, and folder organization that may be relevant to the analysis or prioritization features you use.
• Draft email content where you explicitly use features that involve draft creation or smart reply generation through the Service.
• Pagination and synchronization tokens used to efficiently fetch new email data incrementally without re-fetching entire mailboxes.
• OAuth Token metadata, including token issuance timestamps, last refresh timestamps, associated Google account identifiers, and scopes granted.

We access Gmail data exclusively through the Google Gmail API using OAuth 2.0 authorization. We do not access Gmail data through screen scraping, credential sharing, password storage, or any method other than the authorized API. The specific Gmail API scopes requested are limited to those necessary to provide the Plyndrox Inbox AI features you have enabled.

If you use Plyndrox WhatsApp AI or interact with a business that uses Plyndrox WhatsApp AI, we may process WhatsApp-related data through the WhatsApp Integration, including:

• Incoming and outgoing WhatsApp message content, including text, supported media metadata, and AI-generated or human-approved replies.
• Customer phone numbers, WhatsApp profile names where made available by Meta, message timestamps, delivery status, read or failed status where available, and conversation identifiers.
• Webhook payload metadata, message IDs, template IDs, business phone number IDs, WhatsApp Business Account IDs, and integration status information.
• Business administrator credentials or configuration values necessary to connect the WhatsApp Business API, such as tokens, phone number IDs, webhook verification values, and related setup metadata.

When you interact with Plyndrox AI, we process the text, prompts, commands, uploaded context, conversation history, and AI responses needed to provide the assistant experience. This may include sensitive information if you choose to submit it. You should not submit confidential, regulated, or highly sensitive information unless you are authorized to do so and understand the risks of AI-assisted processing.

Depending on your account settings and product functionality, Plyndrox AI prompts and responses may be stored to provide chat history, continuity, debugging, personalization, account recovery, and quality assurance. Certain transient processing data may be retained temporarily in logs or caches for operational reliability, security monitoring, and abuse prevention.

Plyndrox AI does not sell Plyndrox AI conversation data. We do not intentionally use private user conversations to train public third-party foundation models unless we provide a clear notice or obtain any consent required by applicable law. We may use aggregated, anonymized, or de-identified information to improve product performance, safety, analytics, and user experience, provided such information is not reasonably capable of identifying an individual.

Subject to product availability, technical limitations, and legal obligations, users may request access to, deletion of, or export of their Plyndrox AI conversation data. Deletion may not immediately remove data from encrypted backups, security logs, or disaster recovery systems, but such data will be isolated from ordinary use and removed in accordance with applicable retention schedules.

When a business customer connects Plyndrox WhatsApp AI, the Service may receive webhook events and message data from Meta's WhatsApp Business API. We use this data to process customer messages, apply business-defined automation rules, generate AI-assisted responses, and send messages through the connected WhatsApp Business account.

WhatsApp messages, metadata, delivery information, business account identifiers, and template-related information may be transmitted to or received from Meta Platforms, Inc. or its affiliates as necessary for WhatsApp Business API functionality. Such processing is also subject to Meta's applicable terms, developer policies, WhatsApp Business terms, and privacy documentation. Plyndrox AI does not control Meta's independent processing of information within Meta systems.

Incoming customer messages may be analyzed by AI systems using the business's configured knowledge base, instructions, FAQs, policies, tone settings, and escalation rules. Plyndrox WhatsApp AI may generate suggested or automated replies, classify requests, detect intent, summarize conversations, and record chat logs in the business dashboard. Business customers are responsible for reviewing and configuring automation behavior appropriately.

Business customers using Plyndrox WhatsApp AI are responsible for obtaining all notices, consents, permissions, and lawful bases required to communicate with their customers through WhatsApp and to process customer data using AI automation. Business customers must comply with applicable data protection laws, consumer protection laws, telecommunications rules, anti-spam requirements, Meta policies, and WhatsApp Business policies.

Business customers must not use Plyndrox WhatsApp AI to send unlawful, misleading, harmful, discriminatory, harassing, or policy-violating content. Plyndrox AI may suspend or restrict Plyndrox WhatsApp AI functionality where we reasonably believe an account, integration, or message flow presents a security, legal, abuse, spam, or platform compliance risk.

Plyndrox Inbox AI does not access your Gmail account without your explicit, informed consent expressed through the Google OAuth 2.0 authorization flow. You must actively initiate the connection by clicking "Connect Gmail" or an equivalent control within the Plyndrox Inbox AI interface and then completing the Google authorization screen, which clearly displays the permissions being requested. Until you complete this flow and grant authorization, we have no access to any Gmail data associated with your account.

The OAuth scopes we request are limited to those necessary for the specific Plyndrox Inbox AI features you have enabled. If we add features that require additional scopes, we will request your explicit re-authorization for the expanded permissions before accessing any additional data. We do not hold broader permissions than those you have actively granted.

Email Content Data and AI Inbox Analysis outputs accessed through the Gmail Integration are used exclusively to provide Plyndrox Inbox AI features to you, the authenticated account holder who authorized the connection. We do not use your email content to train publicly available AI models without your separately expressed consent. We do not share your email content with other Plyndrox AI users, advertisers, data brokers, or unrelated third parties. We do not use your email content for any purpose that is not disclosed in this Privacy Policy or separately communicated to you.

We apply data minimization principles to Plyndrox Inbox AI. This means we fetch and process only the email data necessary to deliver the specific features you are actively using. For example, if you are using the Smart Digest feature, we access recent email metadata and content sufficient to generate a daily summary. We do not perform bulk exports of your entire mailbox history unless a feature you explicitly activate requires broader historical access, and in such cases we will clearly describe the scope of data accessed.

Plyndrox AI does not use your Email Content Data to build advertising profiles, sell audience segments, perform cross-user behavioral profiling, or serve targeted advertisements. The Gmail data you share with us is used solely and exclusively to operate the Plyndrox Inbox AI features you have selected. This commitment applies regardless of whether you are on a free or paid plan.

When AI Inbox Analysis produces outputs such as summaries, intent labels, priority scores, or smart reply suggestions, those outputs are presented to you in the dashboard and are based entirely on your own email data. We do not commingle your email data with another user's email data to produce outputs. Each user's Plyndrox Inbox AI analysis is performed in isolation with respect to that user's own authorized Gmail data.

You may disconnect your Gmail account from Plyndrox Inbox AI at any time by using the "Disconnect Gmail" or "Revoke Access" control in the Plyndrox Inbox AI settings, or by visiting your Google Account permissions page at myaccount.google.com/permissions and revoking access to Plyndrox Inbox AI. Upon revocation, we will no longer be able to fetch new Gmail data. Existing Email Content Data stored in our systems for the purpose of displaying your history within the dashboard will be scheduled for deletion in accordance with our data retention policy described in Section 11.

Plyndrox Inbox AI uses the OAuth 2.0 authorization framework to obtain your consent to access Gmail data. During the authorization flow, you are redirected to Google's authorization server, where Google presents you with a consent screen listing the exact permissions (scopes) that Plyndrox Inbox AI is requesting. You have full visibility into what access is being requested before you grant it. Plyndrox AI does not have access to your Google account password at any point during or after this process.

The scopes we request are determined by the features you are activating. Typical scopes may include read access to Gmail messages and metadata, and where applicable, the ability to send email through your account for smart reply or follow-up features if you explicitly activate and authorize those capabilities.

After authorization, Google issues OAuth Tokens — including an access token for immediate API calls and a refresh token for long-lived access — to our backend systems. These tokens are stored in encrypted form in our database and are never exposed in API responses, user-facing interfaces, logs, or error messages. Access to stored OAuth Tokens is restricted to the backend services that need them to perform Gmail API calls on your behalf, and is not accessible to other users, frontend clients, or non-essential backend systems.

Refresh tokens are used solely to obtain new access tokens when they expire, allowing the Plyndrox Inbox AI service to continue operating between your active sessions without requiring you to re-authorize frequently. We do not use refresh tokens for any purpose other than refreshing access tokens for Plyndrox Inbox AI functionality.

We access only the Gmail API data permitted by the scopes you have granted. We do not access Google Drive, Google Calendar, Google Contacts, Google Workspace admin functions, or any other Google service beyond what is authorized. If future Plyndrox Inbox AI features require access to additional Google services, we will request those permissions separately and clearly identify what new access is being requested before you grant it.

Plyndrox AI's use of data obtained through Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide or improve features that are clearly visible within Plyndrox Inbox AI and that you have actively enabled.
• We do not transfer Gmail data to third parties except as necessary to provide and improve the Plyndrox Inbox AI service, in compliance with applicable law, and only to processors who are bound by confidentiality obligations.
• We do not use Gmail data to serve advertisements.
• We do not allow humans to read your Gmail messages unless you have given us explicit permission to do so, we need to do so for security purposes such as investigating abuse, or we are required to do so by law.
• We do not use Gmail data for any purpose not clearly disclosed to you at the time of authorization.

If you revoke our access through Google's permission management tools, our OAuth Tokens for your account will be invalidated by Google, and we will no longer be able to access your Gmail data through the API. Our systems will detect the token revocation upon the next API call and will update your account status to reflect the disconnected state. You may also disconnect from within the Plyndrox Inbox AI settings panel, which will trigger deletion of stored tokens from our database.

When you access Plyndrox Inbox AI features, our backend systems use your authorized OAuth Token to make API calls to the Gmail API on your behalf. Depending on the feature, this may involve fetching full message content, fetching only message headers and metadata, listing threads or labels, or searching messages based on specific criteria such as date range, sender, or label. Email data is fetched over encrypted HTTPS connections directly from Google's API servers.

For efficiency, we may use incremental synchronization techniques such as Gmail's history tokens or page tokens to fetch only new or changed messages since the last synchronization, rather than re-fetching your entire mailbox on each request. Synchronization state tokens are stored securely in our database associated with your account.

Fetched email content and metadata are passed to AI inference systems — either operated by Plyndrox AI directly or via AI API providers — to perform AI Inbox Analysis. This analysis may involve natural language understanding of email body text and subject lines, named entity recognition to identify people, companies, dates, and amounts, intent classification to determine the purpose of an email, sentiment analysis to assess tone and urgency, priority scoring algorithms that combine multiple signals to rank email importance, and generative AI to propose smart reply drafts.

When email data is transmitted to AI model providers as part of this inference pipeline, those providers receive the minimum necessary content to perform the requested analysis. We use AI providers who are bound by data processing agreements that prohibit them from using your data for their own model training purposes. The outputs of AI inference — summaries, labels, scores, and reply suggestions — are returned to our systems and presented to you in the Plyndrox Inbox AI dashboard.

For the Plyndrox Inbox AI service to function effectively — including enabling you to view your smart digest, revisit analyzed emails, and access historical prioritization scores — we store certain Email Content Data and AI Inbox Analysis outputs in our database. This stored data is associated with your account and is not shared with other users.

Specifically, we may store the following:

• Email message identifiers, thread identifiers, subject lines, sender and recipient addresses, and timestamps used as keys to link stored analysis to your inbox.
• Summarized or processed representations of email content generated by AI Inbox Analysis, such as summaries, intent labels, and priority scores — rather than raw full-body content in all cases.
• Smart reply suggestions generated by AI systems.
• Lead Intelligence Data extracted from emails, including identified contacts, companies, and deal signals.
• Synchronization state data such as history tokens used to efficiently fetch new data on subsequent sessions.

We may also temporarily cache raw email body content in memory or short-lived storage during active processing sessions to improve responsiveness, but we do not store full raw email bodies in permanent storage beyond what is necessary for active dashboard functionality. We continually evaluate our storage practices to minimize the retention of raw email content.

If you use smart reply features that allow Plyndrox Inbox AI to compose or send email on your behalf, this requires the Service to call the Gmail API's send or draft-creation endpoints. Before any email is sent through your account using this feature, you will receive a preview and an explicit confirmation step. We will not send email on your behalf without your active confirmation unless you have separately configured an automation that you have explicitly set up and approved for unattended operation.

Outbound emails composed or sent through Plyndrox Inbox AI may be stored in your Gmail Sent folder by virtue of the Gmail API's standard behavior, subject to how Google processes send requests. Plyndrox AI may also log metadata about send events — such as timestamp, recipient address, and subject — for audit, security, and customer support purposes.

Email communications often contain highly confidential information including legally privileged attorney-client communications, medical or health information, financial records, trade secrets, personal relationships, and sensitive business negotiations. You are responsible for evaluating whether connecting a particular Gmail account — especially a work or professional account — to Plyndrox Inbox AI is appropriate given the confidentiality obligations, workplace policies, regulatory requirements, or contractual restrictions that may apply to your email communications.

Plyndrox AI does not claim any ownership over your email content. Your email remains your property or the property of the applicable parties to those communications. We process your email content only in the capacity of a data processor or service provider acting on your behalf, for the limited purpose of providing the Plyndrox Inbox AI features you have enabled.

We do not use your email content to build cross-user indexes, competitive intelligence systems, industry trend databases, or aggregated signals that benefit other users or third parties. Your email data is processed individually, in the context of your own account, and the outputs are presented only to you. We do not identify or extract signals from your emails that could benefit a competitor, partner, advertiser, or other party outside your account.

The AI Inbox Analysis pipeline may identify and extract the following types of information from your email content for Lead Intelligence purposes:

• Contact information appearing in emails, including names, email addresses, phone numbers, company names, job titles, and websites where they appear in email bodies, signatures, or headers.
• Commercial signals such as inquiries about products or services, expressions of interest, price negotiations, project scoping conversations, budget discussions, and related commercial intent.
• Action items, follow-up tasks, deadlines, meeting requests, and commitments made or received in email threads.
• Deal-stage indicators such as first contact, proposal sent, approval requested, contract under discussion, or closing signals.
• Company and organizational data inferred from email domain names, signatures, or contextual mentions within email content.

Lead Intelligence Data is surfaced within your Plyndrox Inbox AI dashboard to help you manage relationships, prioritize follow-ups, and identify business opportunities. This data is stored in your Plyndrox Inbox AI account and is not shared with other Plyndrox AI users, business partners, or external lead databases. Lead Intelligence Data belongs to your account and represents information already present in your own email communications — we surface it as structured data, not create it from external sources.

Lead Intelligence processing necessarily involves data about third parties — the people and companies who send you email or whom you email. These individuals have not independently consented to Plyndrox AI's processing of their information. Their data appears in our systems solely because it was present in email communications you have authorized us to process.

We treat this third-party contact data with care. We do not sell it, aggregate it across users, use it to build marketing lists, or share it with external parties for any purpose unrelated to providing your Plyndrox Inbox AI service. If a third party contacts us about information we hold about them that originated from your email communications, we will direct such requests appropriately and work with you to resolve them where legally required.

Lead Intelligence Data is generated by AI inference and is subject to the inherent limitations of natural language processing, including the possibility of misclassification, missed signals, false positives, incorrect attributions, hallucinations, or incomplete extraction. You should treat Lead Intelligence outputs as AI-assisted suggestions rather than as verified facts. Plyndrox AI is not responsible for business decisions made in reliance on Lead Intelligence Data without independent verification.

Within the Plyndrox Inbox AI dashboard, you may review, edit, dismiss, or delete Lead Intelligence entries. Deleted Lead Intelligence Data will be removed from your active dashboard. Depending on our backup retention schedules, deleted entries may persist in encrypted backups for a limited period before being permanently purged, as described in Section 11.

While your Gmail account remains connected and your Plyndrox Inbox AI account remains active, Email Content Data, processed analysis outputs, and Lead Intelligence Data will be retained in our systems to provide continuous dashboard functionality, support feature performance, and allow you to access historical analysis. The retention period for actively connected accounts is governed by your account plan, product feature limits, and any retention controls available in your account settings.

When you disconnect your Gmail account from Plyndrox Inbox AI — whether by using the in-app disconnect control, revoking access through Google's account permissions, or deleting your Plyndrox AI account — we initiate a process to delete the following data:

• Stored OAuth Tokens (access and refresh tokens) associated with your Google account.
• Cached or stored Email Content Data fetched through the Gmail Integration.
• AI Inbox Analysis outputs stored in our active database, including summaries, intent labels, and priority scores.
• Lead Intelligence Data associated with your account.
• Synchronization state data such as history tokens.

We aim to complete deletion of active database records within 30 days of disconnection or account deletion request. Data may persist in encrypted backups for up to an additional 90 days until those backups are cycled out according to our standard backup rotation schedule. During this period, backup data is not used for any operational purpose and is not accessible to normal production systems.

In certain limited circumstances, we may be required to retain data beyond the standard deletion timelines described above, including where we are subject to a legal hold, litigation preservation obligation, regulatory investigation, lawful court order, or mandatory audit requirement. Where such obligations apply, we will retain only the minimum data required and for the minimum period required, and we will resume ordinary deletion processes as soon as the legal obligation is satisfied.

Security event logs associated with Plyndrox Inbox AI activity — such as login events, token refresh events, API call metadata, and rate limit events — may be retained for security investigation, fraud prevention, and compliance purposes even after your account is disconnected or deleted. These logs contain operational metadata rather than email content and are retained for a period consistent with our security and compliance needs, typically no longer than 12 months from the event date.

You may request early deletion of your Plyndrox Inbox AI data at any time by contacting us using the information in Section 20. We will process deletion requests within 30 days and will confirm completion to you. Note that early deletion may result in loss of dashboard history, analysis results, and Lead Intelligence Data that cannot be recovered after deletion.