Privacy Policy

Last Updated: September 10, 2025

Effective Date: September 10, 2025

        Key Privacy Principles:
        Your email content is never permanently stored on our servers
AI analysis happens in real-time and data is immediately discarded
You maintain full control over your data with export/deletion options
We use privacy-focused analytics that don't track you across websites

    

1. Information We Collect

1.1 Account Information (Professional Plans)

Email address - For account creation and communication
Password - Encrypted and stored securely using bcrypt
Subscription plan - Pro or Business plan selection
Payment information - Processed securely through Stripe (we never store payment details)

1.2 Email Analysis Data

Email metadata - Sender, subject, timestamp (temporarily for analysis)
Email content - Analyzed in real-time by AI providers, then immediately discarded
Analysis results - Risk scores and explanations (stored locally on your device)

1.3 Technical Information

Chrome extension usage - Local storage of settings and analysis history
API usage statistics - For billing and service optimization
Security events - Login attempts, failed authentications (for account protection)

1.4 Website Analytics

Page views and interactions - Collected via privacy-focused Plausible Analytics
No personal tracking - No cookies, no cross-site tracking, no personal identification

2. Third-Party Service Providers

We use trusted service providers to deliver our service. Each provider has been carefully selected for their security and privacy practices:

Service Provider	Purpose	Data Processed	Location	Privacy Policy
Neon Database	User account & subscription data storage	Email, encrypted passwords, subscription info, security events	United States (AWS)	neon.tech/privacy
Vercel	API hosting & serverless functions	Temporary processing of API requests, no permanent data storage	United States	vercel.com/legal/privacy-policy
Stripe	Payment processing	Payment information, billing address (we never see payment details)	United States	stripe.com/privacy
Resend	Email delivery (verification & notifications)	Email addresses for delivery purposes only	United States	resend.com/legal/privacy-policy
Anthropic (Claude)	AI email analysis	Email content (real-time analysis, immediately discarded)	United States	anthropic.com/privacy
OpenAI	AI email analysis (optional)	Email content (real-time analysis, immediately discarded)	United States	openai.com/privacy
Google (Gemini)	AI email analysis (optional)	Email content (real-time analysis, immediately discarded)	United States	policies.google.com/privacy
Mistral AI	AI email analysis (optional)	Email content (real-time analysis, immediately discarded)	European Union	mistral.ai/terms
Plausible Analytics	Privacy-focused website analytics	Anonymous page views, no personal data	European Union	plausible.io/privacy

2.1 Data Processing Agreements

All service providers operate under strict data processing agreements and comply with:

GDPR - General Data Protection Regulation (EU)
CCPA - California Consumer Privacy Act (US)
SOC 2 Type II - Security and availability controls

3. How We Use Your Information

3.1 Service Delivery

Authenticate your access to the Professional plan features
Process email analysis requests through AI providers
Send account verification and important service emails
Provide customer support and technical assistance

3.2 Security & Fraud Prevention

Monitor for unauthorized access attempts
Detect and prevent fraudulent account activity
Maintain audit logs for security compliance
Rate limiting to prevent service abuse

3.3 Service Improvement

Analyze usage patterns to improve AI accuracy (anonymized data only)
Monitor service performance and reliability
Develop new features based on user needs

4. Data Retention

Data Type	Retention Period	Reason
Account Information	Until account deletion + 30 days	Service provision, legal compliance
Email Content	Never stored (real-time analysis only)	Privacy protection
Analysis Results	Stored locally on your device only	User control and privacy
Security Events	90 days	Security monitoring and compliance
Payment Records	7 years (via Stripe)	Tax and legal compliance
Website Analytics	25 months (Plausible default)	Service improvement

5. Your Rights (GDPR)

5.1 Access & Control

Access - Request a copy of your personal data
Rectification - Correct inaccurate information
Erasure - Delete your account and associated data
Portability - Export your data in a machine-readable format
Restriction - Limit how we process your data
Objection - Object to processing based on legitimate interests

5.2 Data Export

You can export all your analysis data directly from the Chrome extension at any time. This includes:

Email analysis history and results
Configuration settings and preferences
Usage statistics and patterns

5.3 Account Deletion

To delete your account:

Email us at hello@spamlikely.app
We'll confirm your identity and process the deletion within 30 days
All associated data will be permanently removed from our systems
Backups are automatically purged within 90 days

6. International Data Transfers

As we are based in Berlin, Germany, your data may be transferred to and processed in countries other than the EU, including:

United States - Primary hosting location (Neon, Vercel, Stripe, Resend, Anthropic, OpenAI)
European Union - Secondary processing (Plausible Analytics, Mistral AI)

All transfers are protected by:

Standard Contractual Clauses (SCCs) - EU-approved data transfer mechanisms
Adequacy Decisions - For transfers to countries with adequate protection
Article 49 derogations - Where necessary for service performance

7. Security Measures

7.1 Technical Safeguards

Encryption in transit - All data transmitted over HTTPS/TLS 1.3
Encryption at rest - Database and file storage encryption
Authentication - Secure password hashing and session management
Access controls - Role-based access with principle of least privilege
Rate limiting - Protection against brute force attacks

7.2 Operational Safeguards

Security monitoring - Automated intrusion detection
Incident response - Documented breach notification procedures
Regular updates - Security patches and system maintenance
Data minimization - Collect only necessary information

8. Children's Privacy

Spam Likely is not intended for use by children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it immediately.

9. Changes to This Policy

We may update this privacy policy periodically. When we do:

We'll post the updated policy on our website
We'll notify active users via email for material changes
The "Last Updated" date will reflect the revision date
Continued use of the service constitutes acceptance of changes

10. Contact Information

10.1 Data Controller

Service Provider:
Michael Bracklo
Linienstr. 154
10115 Berlin, Germany
Email: hello@spamlikely.app

10.2 Privacy Requests

For privacy-related questions or requests:

Email: hello@spamlikely.app
Subject: "Privacy Request" for faster processing
Response Time: Within 30 days (72 hours for urgent matters)

10.3 Supervisory Authority

As we are based in Germany, the competent supervisory authority is:

Berlin Commissioner for Data Protection and Freedom of Information
Website: datenschutz-berlin.de

You have the right to lodge a complaint with this authority if you believe we have not addressed your privacy concerns adequately.

🔒 Your Privacy Matters

We believe privacy is a fundamental right. This policy is designed to be transparent about our practices while protecting your personal information. If you have any questions or concerns, please don't hesitate to contact us at hello@spamlikely.app.

This privacy policy is effective as of September 10, 2025 and governs the collection, use, and disclosure of information by Spam Likely. By using our service, you acknowledge that you have read and understood this policy.