Privacy Policy

Last updated: April 27, 2026

1. Who we are

Automails (“we”, “our”) is a CRM and email-generation tool used by independent financial advisors to manage their client pipeline. This page explains what personal data we collect, why, and how long we keep it.

2. What we collect

  • Account identity. Your Google-account email address, display name, and profile picture, obtained when you sign in with Google.
  • CRM records you create. Contact details and pipeline data for the prospects you add to the app (names, phone numbers, email addresses, meeting dates, internal notes, enumerated statuses).
  • Subscription metadata. Stripe customer ID, plan, and renewal date, if you subscribe to a paid plan.
  • Operational logs. Minimal server logs (request path, timestamp, coarse error information) used to operate and debug the service. No request bodies are logged.
  • Optional Google Drive access for the import flow. When you click “Choisir un fichier dans Google Drive” in the CRM import dialog, we request the narrowest Drive scope (drive.file) and use it strictly to read the spreadsheet you pick. We never store the access token, never see any other file in your Drive, and the grant can be revoked at any time at Google Account Permissions.

3. Where your data lives

  • Supabase (hosted in the EU region) — stores your CRM records and account identity. Database access is protected by row-level security so users cannot read each other's data.
  • Stripe — handles billing if you have a paid plan. We never see or store your card details.
  • Netlify / Vercel — hosts the web application. They see request metadata (IP, timestamp) as any web host does.

4. How long we keep it

  • CRM records & account data: kept while your account is active.
  • Operational logs: rotated after 30 days.
  • On account deletion: all of the above are removed within 30 days, except where legal obligations require longer retention (e.g. invoicing).

5. Your rights

Under GDPR and equivalent laws, you have the right to access, correct, export, and delete your personal data. Contact us at the address below to exercise any of these rights.

6. Security

All traffic is encrypted in transit (HTTPS). Access to production infrastructure is limited to the project owner.

7. Changes to this policy

We may update this policy as the product evolves. The “last updated” date at the top reflects the most recent change. Material changes will be surfaced inside the app before they take effect.

8. Contact

Questions, data-rights requests, or security reports: sebastiaan.mertens98@gmail.com.