Privacy Policy for Outmail

Effective Date: 30th September 2025

Outmail (“Outmail”, “we”, “our”, or “us”) operates the website https://outmail.in and provides email outreach and campaign automation services (“Services”). We respect your privacy and are committed to protecting your personal data in compliance with India’s Digital Personal Data Protection Act (DPDP, 2023), industry best practices, and applicable global standards. This Privacy Policy explains how we collect, use, store, and protect your data when you use Outmail.

1. Company Information

• Service Name: Outmail (Outmail.in)
  
  

• Contact Email: support@outmail.in
  
  

• Jurisdiction: India
  
  

• Target Audience: Individuals aged 18 and above, primarily Indian customers
  
  

2. Information We Collect

We collect and process the following categories of information:

a. Account Information

• Name, email address, Gmail address
  
  

• Login/authentication tokens (JWT)
  
  

b. Uploaded Data

• Up to 3 resumes/attachments (stored in AWS S3)
  
  

• Up to 3 email templates (stored securely in our systems)
  
  

• CSV contact files (processed only for campaigns and deleted after campaigns conclude)
  
  

c. Gmail API Tokens

• Access and refresh tokens provided by Google when you connect your Gmail account
  
  

• Stored in AWS Secrets Manager, encrypted at rest and in transit
  
  

• Used only to send emails on your behalf during campaigns
  
  

d. Billing Information

• Subscription plan, subscription status, subscription date
  
  

• Stripe customer ID and invoice history (for account management)
  
  

• No credit card or sensitive payment data is stored by Outmail; all payment processing is handled entirely by Stripe, which is PCI-DSS compliant
  
  

e. Automatically Collected Information

• Device and browser type
  
  

• IP address
  
  

• Cookies/session tokens for login and authentication
  
  

3. How We Use Information

We use your information to:

• Provide and improve our Services
  
  

• Authenticate and authorize access to your account
  
  

• Automate email outreach campaigns via Gmail API
  
  

• Store and manage your resumes, templates, and campaign history
  
  

• Track campaign performance (opens, replies)
  
  

• Manage billing, subscriptions, and invoices
  
  

• Respond to support requests and user inquiries
  
  

• Enforce compliance with our Terms of Service
  
  

• Protect against fraud, abuse, or unauthorized access
  
  

We do not sell or rent user data to advertisers or third parties.

4. Data Retention

• Resumes/Attachments & Templates: Stored until deleted by you, or auto-deleted if unused for more than 60 days.
  
  

• CSV Contacts: Deleted automatically after campaigns conclude. Not used to enrich our company database.
  
  

• Billing Data: Retained as long as your account is active and as required by law for financial records.
  
  

• Account Data: Deleted upon request (see Section 8).
  
  

5. Legal Basis for Processing (DPDP Compliance)

We process your data under the following legal bases:

• Consent: When you connect your Gmail account via OAuth and authorize Outmail to send emails.
  
  

• Contractual Necessity: To deliver the Services you subscribed to (free or paid).
  
  

• Legitimate Interest: To prevent fraud, improve our Services, and ensure security.
  
  

6. Sharing of Information

We share information only as necessary:

• Stripe: For payment processing and billing (credit card details are never stored by Outmail).
  
  

• Google APIs: For Gmail integration (sending emails on your behalf).
  
  

• Service Providers: AWS (storage, secrets management, hosting).
  
  

• Legal Requirements: If required by law, regulation, or valid legal process.
  
  

We do not sell or disclose personal data to advertisers or external marketers.

7. Data Security

We take industry-standard security measures:

• Encryption in Transit: All communication uses HTTPS/TLS.
  
  

• Encryption at Rest: Data in AWS S3, Neon.tech Postgres, and AWS Secrets Manager.
  
  

• Access Controls: Role-based access for staff, restricted data access.
  
  

• Monitoring: Systems monitored for unusual or unauthorized access attempts.
  
  

8. User Rights

Outmail provides users with explicit data rights under the DPDP:

• Right to Access: Request a copy of your personal data by contacting support@outmail.in.
  
  

• Right to Deletion: Request complete deletion of your account and associated data by emailing support@outmail.in.
  
  

• Right to Stop Campaigns: You may stop ongoing campaigns at any time through your dashboard.
  
  

We will respond to verified requests within a reasonable time frame, in compliance with DPDP.

9. Cookies & Tracking

• Authentication Cookies/JWT: Used to maintain login sessions.
  
  

• No Third-Party Tracking: We currently do not use Google Analytics, Hotjar, or similar services.
  
  

• Essential Cookies: Required for login and basic functionality.
  
  

10. Children’s Privacy

Outmail is not intended for children under 18 years of age. We do not knowingly collect personal data from individuals under 18. If we learn that we have inadvertently collected such data, we will delete it immediately.

11. International Data Transfers

Currently, Outmail serves Indian customers only. User data is stored and processed in AWS regions and Neon.tech Postgres (India-supported hosting). If international expansion occurs, this policy will be updated accordingly.

12. Payment Security

• All payments are processed via Stripe, which is PCI-DSS compliant.
  
  

• Outmail does not handle or store cardholder data.
  
  

• Minimal billing metadata (plan, subscription, Stripe customer ID, invoice history) is retained for account management.
  
  

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When updated, the effective date at the top will be revised. Significant changes will be notified via email or a notice on our website.

14. Contact Us

For questions, concerns, or to exercise your privacy rights:

• Email: support@outmail.in
  
  

• Website: https://outmail.in
  
  

Compliance Summary

• DPDP Act (India, 2023): Fully aligned
  
  

• Google API Services User Data Policy: Compliant
  
  

• Stripe PCI-DSS: Compliant
  
  

Outmail is committed to protecting your privacy, maintaining transparency, and ensuring compliance with all applicable laws and standards.