Privacy Policy

Effective Date: 5th April 2026

Outmail (“Outmail”, “we”, “our”, or “us”) operates the website https://outmail.in and provides email outreach and campaign automation services (“Services”).

We respect your privacy and are committed to protecting your personal data in compliance with India’s Digital Personal Data Protection Act (DPDP, 2023), industry best practices, and applicable global standards. This Privacy Policy explains how we collect, use, store, and protect your data when you use Outmail.

1. Company Information

  • Service Name: Outmail (Outmail.in)
  • Contact Email: support@outmail.in
  • Jurisdiction: India
  • Target Audience: Individuals aged 18 and above, primarily Indian customers

2. Information We Collect

We collect and process the following categories of information:

a. Account Information

  • Name, email address, Gmail address
  • Login/authentication tokens (JWT)

b. Uploaded Data

  • Up to 3 resumes/attachments (stored in AWS S3)
  • Up to 3 email templates (stored securely in our systems)
  • CSV contact files (processed only for campaigns and deleted after campaigns conclude)

c. Gmail API Tokens

  • Access and refresh tokens provided by Google via OAuth
  • Stored in AWS Secrets Manager, encrypted at rest and in transit
  • Used only to send emails on your behalf during campaigns

d. Billing Information

  • Subscription plan, status, and invoice history
  • Payment processing is handled entirely by Stripe (PCI-DSS compliant)
  • Outmail does not store credit card or sensitive payment data

e. Automatically Collected Information

  • Device and browser type, IP address
  • Cookies/session tokens for authentication

3. How We Use Information

  • Provide and improve our Services
  • Authenticate and authorize access to your account
  • Automate email outreach campaigns via Gmail API
  • Store and manage your resumes, templates, and campaign history
  • Track campaign performance (opens, replies)
  • Manage billing, subscriptions, and invoices
  • Respond to support requests and protect against abuse

We do not sell or rent user data to advertisers or third parties.

4. Data Retention

  • Resumes & Templates: Stored until deleted by you, or auto-deleted if unused for >60 days.
  • CSV Contacts: Deleted automatically after campaigns conclude.
  • Billing Data: Retained as required by law for financial records.
  • Account Data: Deleted upon request.

5. Legal Basis for Processing

  • Consent: When you connect Gmail via OAuth.
  • Contractual Necessity: To deliver the Services you subscribed to.
  • Legitimate Interest: To prevent fraud and ensure security.

6. Sharing of Information

We share information only as necessary with:

  • Stripe: For payment processing.
  • Google APIs: For Gmail integration.
  • AWS: For storage, secrets management, and hosting.
  • Legal: If required by valid legal process.

7. Data Security

  • Encryption: All communication uses HTTPS/TLS. Data encrypted at rest in AWS S3 and Postgres.
  • Access Control: Restricted data access and role-based staff permissions.
  • Monitoring: Continuous system monitoring for unauthorized access.

8. User Rights

Under the DPDP, you have the:

  • Right to Access: Request a copy of your personal data.
  • Right to Deletion: Request complete deletion of your account and data.
  • Right to Stop Campaigns: Pause or stop campaigns at any time via dashboard.

Contact support@outmail.in to exercise these rights.

9. Cookies & Tracking

  • JWT/Cookies: Used solely for maintaining login sessions.
  • No Third-Party Tracking: We do not use Google Analytics, Hotjar, or similar tracking services on the app.

10. Children’s Privacy

Outmail is not intended for children under 18. We do not knowingly collect data from minors. Inadvertent data collection will be deleted immediately upon discovery.

11. International Data Transfers

Currently, user data is stored and processed in India-supported AWS regions and Neon.tech Postgres.

12. Payment Security

All payments are processed via Stripe (PCI-DSS compliant). Outmail does not handle or store cardholder data.

13. Changes to This Policy

We may update this policy. Significant changes will be notified via email or website notice. Effectivity is tracked by the date at the top of this page.

14. Contact Us