Privacy Policy

1. Introduction

Welcome to DigiMail. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using DigiMail, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

• Email address
• Username
• Password (stored securely using bcrypt hashing)
• User ID (automatically generated)

2.2 Authentication Data

If you choose to sign in with Google OAuth, we collect:

• Google account email
• Profile information (name, profile picture)
• OAuth tokens for authentication purposes

2.3 Mail and Document Data

When you use our scanning features, we collect and process:

• Images of physical mail, flyers, and coupons you scan
• Extracted text content from scanned documents
• Automatically generated metadata (category, sender, title, timestamps)
• Coupon codes and expiration dates
• Event information extracted from mail

2.4 Usage and Analytics Data

We use PostHog analytics to understand how users interact with our app. This includes:

• App usage patterns and screen views
• Mail scanning frequency and categories
• Search queries and filter preferences
• Coupon and calendar feature usage
• Login/logout events and authentication methods
• Feature interaction events
• Device information and app version

2.5 Error and Performance Data

We use Sentry for error tracking and performance monitoring, which collects:

• Error logs and crash reports
• Stack traces and debugging information
• App performance metrics
• Device and operating system information

2.6 Device Permissions

Our app requests the following permissions:

• Camera access - for scanning physical mail
• Photo library access - for selecting existing images
• Calendar access - for adding events from mail to your calendar
• Notification permissions - for reminders about coupons and events
• Storage access - for temporary image processing

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve DigiMail's core functionality
• AI Classification: To automatically categorize your scanned mail using vision-language models
• Feature Enhancement: To extract coupons, events, and other useful information from your mail
• Authentication: To verify your identity and maintain secure access to your account
• Analytics: To understand usage patterns and improve our service
• Error Detection: To identify and fix bugs, crashes, and performance issues
• Communication: To send notifications about coupons, events, and important updates
• Security: To detect and prevent fraudulent or malicious activity
• Legal Compliance: To comply with applicable laws and regulations

4. Privacy-First AI Processing

Local Processing: DigiMail uses a privacy-first approach to AI processing. Our vision-language model (Moondream) can run locally on your device or our servers, meaning your mail images are processed without being sent to third-party AI services.

Image classification results may be cached for up to 24 hours to improve performance and reduce processing costs. Cached results are stored securely and associated with your account.

5. Data Storage and Security

5.1 Storage Location

Your data is stored:

• On our secure servers hosted by Render.com (cloud infrastructure)
• In PostgreSQL databases with encryption at rest
• In Redis cache for temporary performance optimization (3-5 minute retention)
• Locally on your device using secure storage mechanisms

5.2 Security Measures

We implement industry-standard security practices:

• HTTPS/TLS encryption for all data transmission
• Bcrypt password hashing with salt
• JWT token-based authentication with 30-minute expiration
• Secure storage using flutter_secure_storage for sensitive data
• Rate limiting to prevent brute force attacks
• Security headers (HSTS, CSP, X-Frame-Options, etc.)
• File upload validation and sanitization
• Database connection pooling with security configurations
• Regular security audits and updates

5.3 Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your account and data at any time. Upon deletion:

• Your account information is permanently deleted within 30 days
• Scanned mail images and data are removed from our servers
• Analytics data is anonymized
• Backup copies are purged within 90 days

6. Third-Party Services

We use the following third-party services:

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: With third-party services listed above to operate our service
• Legal Requirements: When required by law, court order, or government request
• Security: To protect against fraud, abuse, or security threats
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Consent: When you explicitly authorize us to share information

8. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request access to your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and data
• Export: Request a copy of your data in a portable format
• Opt-out: Disable analytics tracking or marketing communications
• Withdraw Consent: Revoke previously granted permissions

To exercise these rights, please contact us at the email address provided below.

9. Children's Privacy

DigiMail is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using DigiMail, you consent to the transfer of your information to our facilities and service providers globally.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to access your personal information
• Right to delete personal information
• Right to equal service and price

Note: We do not sell personal information.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically. Continued use of DigiMail after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Acknowledgment

By using DigiMail, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.