Privacy Policy for Outmail
Effective Date: 30th September 2025
Outmail (“Outmail”, “we”, “our”, or “us”) operates the website https://outmail.in and provides email outreach and campaign automation services (“Services”). We respect your privacy and are committed to protecting your personal data in compliance with India’s Digital Personal Data Protection Act (DPDP, 2023), industry best practices, and applicable global standards. This Privacy Policy explains how we collect, use, store, and protect your data when you use Outmail.
1. Company Information
Service Name: Outmail (Outmail.in)
Contact Email: support@outmail.in
Jurisdiction: India
Target Audience: Individuals aged 18 and above, primarily Indian customers
2. Information We Collect
We collect and process the following categories of information:
a. Account Information
Name, email address, Gmail address
Login/authentication tokens (JWT)
b. Uploaded Data
Up to 3 resumes/attachments (stored in AWS S3)
Up to 3 email templates (stored securely in our systems)
CSV contact files (processed only for campaigns and deleted after campaigns conclude)
c. Gmail API Tokens
Access and refresh tokens provided by Google when you connect your Gmail account
Stored in AWS Secrets Manager, encrypted at rest and in transit
Used only to send emails on your behalf during campaigns
d. Billing Information
Subscription plan, subscription status, subscription date
Stripe customer ID and invoice history (for account management)
No credit card or sensitive payment data is stored by Outmail; all payment processing is handled entirely by Stripe, which is PCI-DSS compliant
e. Automatically Collected Information
Device and browser type
IP address
Cookies/session tokens for login and authentication
3. How We Use Information
We use your information to:
Provide and improve our Services
Authenticate and authorize access to your account
Automate email outreach campaigns via Gmail API
Store and manage your resumes, templates, and campaign history
Track campaign performance (opens, replies)
Manage billing, subscriptions, and invoices
Respond to support requests and user inquiries
Enforce compliance with our Terms of Service
Protect against fraud, abuse, or unauthorized access
We do not sell or rent user data to advertisers or third parties.
4. Data Retention
Resumes/Attachments & Templates: Stored until deleted by you, or auto-deleted if unused for more than 60 days.
CSV Contacts: Deleted automatically after campaigns conclude. Not used to enrich our company database.
Billing Data: Retained as long as your account is active and as required by law for financial records.
Account Data: Deleted upon request (see Section 8).
5. Legal Basis for Processing (DPDP Compliance)
We process your data under the following legal bases:
Consent: When you connect your Gmail account via OAuth and authorize Outmail to send emails.
Contractual Necessity: To deliver the Services you subscribed to (free or paid).
Legitimate Interest: To prevent fraud, improve our Services, and ensure security.
6. Sharing of Information
We share information only as necessary:
Stripe: For payment processing and billing (credit card details are never stored by Outmail).
Google APIs: For Gmail integration (sending emails on your behalf).
Service Providers: AWS (storage, secrets management, hosting).
Legal Requirements: If required by law, regulation, or valid legal process.
We do not sell or disclose personal data to advertisers or external marketers.
7. Data Security
We take industry-standard security measures:
Encryption in Transit: All communication uses HTTPS/TLS.
Encryption at Rest: Data in AWS S3, Neon.tech Postgres, and AWS Secrets Manager.
Access Controls: Role-based access for staff, restricted data access.
Monitoring: Systems monitored for unusual or unauthorized access attempts.
8. User Rights
Outmail provides users with explicit data rights under the DPDP:
Right to Access: Request a copy of your personal data by contacting support@outmail.in.
Right to Deletion: Request complete deletion of your account and associated data by emailing support@outmail.in.
Right to Stop Campaigns: You may stop ongoing campaigns at any time through your dashboard.
We will respond to verified requests within a reasonable time frame, in compliance with DPDP.
9. Cookies & Tracking
Authentication Cookies/JWT: Used to maintain login sessions.
No Third-Party Tracking: We currently do not use Google Analytics, Hotjar, or similar services.
Essential Cookies: Required for login and basic functionality.
10. Children’s Privacy
Outmail is not intended for children under 18 years of age. We do not knowingly collect personal data from individuals under 18. If we learn that we have inadvertently collected such data, we will delete it immediately.
11. International Data Transfers
Currently, Outmail serves Indian customers only. User data is stored and processed in AWS regions and Neon.tech Postgres (India-supported hosting). If international expansion occurs, this policy will be updated accordingly.
12. Payment Security
All payments are processed via Stripe, which is PCI-DSS compliant.
Outmail does not handle or store cardholder data.
Minimal billing metadata (plan, subscription, Stripe customer ID, invoice history) is retained for account management.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When updated, the effective date at the top will be revised. Significant changes will be notified via email or a notice on our website.
14. Contact Us
For questions, concerns, or to exercise your privacy rights:
Email: support@outmail.in
Website: https://outmail.in
Compliance Summary
DPDP Act (India, 2023): Fully aligned
Google API Services User Data Policy: Compliant
Stripe PCI-DSS: Compliant
Outmail is committed to protecting your privacy, maintaining transparency, and ensuring compliance with all applicable laws and standards.