Privacy Policy - SendRiot

1. Introduction

SendRiot ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address
Name (from your OAuth provider)
Profile picture (from your OAuth provider)

2.2 Email Connection Data

When you connect your Gmail or Outlook account, we receive:

OAuth access tokens (for sending emails on your behalf)
Your email address
We do NOT access or store the contents of your inbox

2.3 Usage Data

We collect information about how you use SendRiot:

Emails sent through our platform (subject, body, recipient)
Campaigns joined
Feature usage patterns

3. OAuth Permissions & Scope Justification

SendRiot requests specific permissions from Google (Gmail) and Microsoft (Outlook) to provide our email sending service. Below is a detailed explanation of each permission we request and why it is necessary.

3.1 Google Gmail Permissions

When you connect your Gmail account, we request the following permissions:

gmail.send

Purpose: Send emails on your behalf when you click "Send" in SendRiot.

Why needed: This is our core functionality. When you compose an email to a public official or organization and click send, we use this permission to deliver your message from your Gmail account.

gmail.readonly

Purpose: Check if recipients have replied to your emails.

Why needed: We use this permission ONLY to check specific email threads that you sent through SendRiot to detect replies. This enables our response tracking feature.

What we DON'T do: We do NOT read your inbox, scan your emails, or access any messages not sent through SendRiot.

userinfo.email

Purpose: Identify which Gmail account you connected.

Why needed: We display your connected email address in the app and use it as the "From" address when sending emails.

3.2 Microsoft Outlook Permissions

When you connect your Outlook/Office 365 account, we request the following permissions:

Mail.Send

Purpose: Send emails on your behalf when you click "Send" in SendRiot.

Why needed: This is our core functionality for Outlook users.

Mail.Read

Purpose: Check if recipients have replied to emails you sent through SendRiot.

What we DON'T do: We do NOT read your inbox or access any messages not sent through SendRiot.

User.Read

Purpose: Identify which Outlook account you connected.

Why needed: We display your connected email address in the app.

offline_access

Purpose: Maintain your connection without requiring re-authentication.

Why needed: This allows us to refresh your access token so you don't have to reconnect your account every hour.

3.3 Revoking Access

You can revoke SendRiot's access to your email account at any time:

In SendRiot: Go to Settings → Email Connections → Disconnect
Gmail: Visit Google Account Permissions
Outlook: Visit Microsoft Account Permissions

4. How We Use Your Information

We use your information to:

Provide and maintain our service
Send emails on your behalf when you request
Generate AI-powered email drafts
Track your usage against subscription limits
Improve our service and user experience
Communicate with you about your account

5. Data Security

We implement industry-standard security measures:

All data is encrypted in transit (HTTPS/TLS)
OAuth tokens are encrypted at rest
We never store your email password
Access to user data is strictly limited

6. Third-Party Services

We use the following third-party services:

Google (Gmail API) - For sending emails via Gmail
Microsoft (Graph API) - For sending emails via Outlook
OpenAI - For generating email drafts
Stripe - For payment processing
Railway - For hosting and database

Each of these services has their own privacy policy governing how they handle your data.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete:

Your account information
Connected email accounts and OAuth tokens
Email history sent through our platform
Campaign participation records

Some anonymized, aggregated data may be retained for analytics purposes.

8. Your Rights

You have the right to:

Access your personal data
Correct inaccurate data
Delete your account and data
Export your data
Revoke OAuth access to your email accounts at any time

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies for advertising purposes.

10. Children's Privacy

SendRiot is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@sendriot.com