Privacy Policy

Last updated: March 4, 2026

This Privacy Policy describes how Mile High Surveillance LLC ("Company," "we," "us," or "our") collects, uses, and protects your information when you use SiftInbox. We are committed to protecting your email privacy.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and company name. Passwords are hashed with bcrypt and never stored in plaintext.

Email Content

When you connect your email account via OAuth, we access your incoming emails to classify them and generate draft replies. Email content is processed in real-time and stored in encrypted form (AES-256) for service operation. We never access your email password — OAuth provides a secure, revocable access token.

Usage Data

We track the number of emails classified, drafts generated, and service usage metrics to operate the service and monitor costs.

2. How We Use Your Information

• Email classification and draft generation — Your email content is processed by AI to categorize emails and generate reply drafts.
• Voice learning — Your sent emails and draft corrections are analyzed to learn your writing style.
• Service operation — Account management, billing, support, and service improvement.

We do not sell your data. We do not use your email content for advertising. We do not share your data between users or accounts.

3. Third-Party Processors

We use the following third-party services to operate SiftInbox:

• Stripe — Payment processing. Stripe receives your billing information but not your email content.
• OpenAI / Anthropic — AI processing. Email content is sent to these providers for classification and draft generation. These providers process data according to their own privacy policies and data processing agreements.
• Fly.io — Infrastructure hosting.

4. Data Security

• Database encrypted at rest with AES-256 (SQLCipher)
• OAuth tokens encrypted with a separate Fernet encryption key
• Email bodies and drafts encrypted at the field level
• Complete data isolation between user accounts
• All connections encrypted in transit (HTTPS/TLS)

5. Data Retention

Your data is retained for as long as your account is active. When you cancel your subscription, your data is deleted and OAuth access to your email is revoked. We do not retain your email content after account deletion.

6. Your Rights

You have the right to:

• Access — Request a copy of the data we hold about you
• Delete — Request deletion of your account and all associated data
• Revoke — Disconnect your email account and revoke OAuth access at any time
• Export — Request an export of your data in a portable format

7. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

8. European Residents (GDPR)

If you are located in the European Economic Area (EEA), our lawful basis for processing your data is contract performance (providing the SiftInbox service you subscribed to). You have additional rights including:

• Right to erasure (right to be forgotten)
• Right to data portability
• Right to restrict processing
• Right to lodge a complaint with your local data protection authority

9. Children

SiftInbox is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the service.

11. Contact

For privacy-related requests or questions, contact us at privacy@siftinbox.com.