Skip to content
MailWeaver
🔒 Privacy

Privacy Policy

This policy explains what information MailWeaver collects, how we use it, and your choices. We designed MailWeaver to access only the minimum data necessary to send campaigns you initiate.

Data We Collect

Account Information

Your Google email and basic profile when you sign in.

Google Tokens

Refresh/access tokens required to send email on your behalf (stored encrypted at rest).

Campaign Content

Templates and campaign content that you create.

Recipient Data

CSV data you upload (e.g., email, first_name).

Google Access

We use Google OAuth solely to allow you to send email using your own account. We request the following scopes:

Required Scopes

https://www.googleapis.com/auth/gmail.send(send email)
openid(sign-in)
email(sign-in)
profile(sign-in)

Use of Google user data adheres to the Google API Services User Data Policy, including the Limited Use requirements.

No Reading

No reading of message content from your mailbox; we only send messages you create.

No Selling

No selling or transferring Google user data to third parties, and no use for advertising.

Limited Access

No human access to Google user data except as required for security, compliance, or to service a specific request.

How We Use Data

To authenticate your account and operate MailWeaver features.

To render templates with your uploaded variables and send your campaigns.

To provide delivery status, logs, and basic analytics.

Retention and Deletion

You can disconnect Google at any time in Google Account settings; we will no longer be able to send on your behalf.

You may delete templates, uploads, contacts, and campaigns from within the app; associated data is removed from our primary systems.

Backups and logs are retained for a limited period for reliability and security, after which they are purged.

Security

Google refresh tokens are encrypted using industry-standard encryption at rest.

Transport security (HTTPS) is enforced for all network communication.

Access is least-privilege and audited.

Data Sharing

We do not sell your data. Limited sharing occurs with infrastructure providers strictly to operate the service:

Cloud Hosting

Secure cloud infrastructure for hosting and building the service.

Database

Managed PostgreSQL database for storing your data securely.

Storage

Managed object storage for CSV files and attachments.

Key-Value Store

Managed key-value store for caching and rate limiting.

Our subprocessors are bound by security and privacy commitments appropriate to their services.

Your Choices

Revoke Google access at any time from your Google Account permissions.

Delete uploads, contacts, campaigns, and templates in the app.

Contact us to request account deletion.

Last updated: December 2025