TL;DR โ We collect only what we need to run Emaily. We never sell your data. We never train AI models on your emails without your explicit consent. You can delete everything at any time.
1. Who We Are
The Email Shop ("Emaily", "we", "us", "our") is a company registered in England and Wales. We operate the Emaily email client available at emaily.uk and app.emaily.uk.
Our registered address is: The Email Shop, 8 Brookdale Drive, Littleover, DE23 3YY, Derby, UNITED KINGDOM.
For all privacy-related enquiries, contact our Data Protection Officer at contact@emaily.uk.
2. What Data We Collect
Account data
When you create an account we collect:
- Your name and email address
- Password (stored as a bcrypt hash โ never in plaintext)
- Payment information (processed by Stripe โ we never store card numbers)
- Company name and billing address (for invoicing)
Email account credentials
To connect your email accounts, we collect and securely store:
- Gmail OAuth tokens (stored encrypted, never your password)
- IMAP/SMTP credentials (encrypted at rest using AES-256)
- Email metadata: sender, recipient, subject line, timestamps, folder labels
Email content
We access your email bodies only to display them within the Emaily interface and to power AI features you explicitly enable. Email content is:
- Transmitted over TLS 1.3 encryption
- Never stored on our servers beyond a short cache for performance
- Never shared with third parties
- Never used to train our shared AI models without your explicit opt-in
Voice DNA training data
If you use our Voice DNA feature, the email samples you provide for training are stored encrypted and associated only with your account. This data is used solely to generate your personalised writing model and is never shared or used for any other purpose.
Usage and analytics data
- Pages visited, features used, clicks and session duration
- IP address and approximate location (country/city level only)
- Browser type, operating system, device type
- Error logs and crash reports
This data helps us improve Emaily. We use privacy-respecting analytics (no cross-site tracking).
3. How We Use Your Data
- To provide and operate the Emaily service
- To authenticate you and keep your account secure
- To generate AI-powered email drafts using your Voice DNA
- To send transactional emails (receipts, password resets, security alerts)
- To send product updates and newsletters (you can unsubscribe at any time)
- To prevent fraud, abuse, and violations of our Terms of Service
- To comply with legal obligations
4. Legal Basis for Processing (GDPR)
For users in the UK and EEA, we process your data under the following lawful bases:
| Processing activity | Legal basis |
|---|---|
| Providing the Emaily service | Contract performance |
| Sending transactional emails | Contract performance |
| Marketing communications | Legitimate interest / Consent |
| Analytics and product improvement | Legitimate interest |
| AI Voice DNA training | Explicit consent |
| Legal compliance | Legal obligation |
5. Data Sharing
We never sell your data. We share data only with:
- Stripe โ payment processing
- AWS โ cloud infrastructure and encrypted storage
- OpenAI / Anthropic โ AI model inference (email content sent for generation is not stored by these providers per our Data Processing Agreements)
- Postmark โ transactional email delivery
- Legal authorities โ only when required by law and to the minimum extent necessary
6. Data Retention
- Account data: retained for the duration of your account, then deleted within 30 days of account closure
- Email cache: cleared within 24 hours
- Voice DNA profiles: retained until you delete them or close your account
- Billing records: retained for 7 years as required by UK tax law
- Security logs: retained for 90 days
7. Your Rights
Under UK GDPR and applicable data protection laws, you have the right to:
- Access โ request a copy of all personal data we hold about you
- Rectification โ correct inaccurate or incomplete data
- Erasure โ request deletion of your data ("right to be forgotten")
- Portability โ receive your data in a machine-readable format
- Restriction โ ask us to limit how we process your data
- Objection โ object to processing based on legitimate interest
- Withdraw consent โ at any time, for consent-based processing
To exercise any of these rights, email contact@emaily.uk. We'll respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Security
We take security seriously. Our measures include:
- AES-256 encryption for all data at rest
- TLS 1.3 for all data in transit
- Zero-knowledge architecture for email credentials
- Regular third-party security audits
- SOC 2 Type II compliance (in progress)
- Bug bounty programme โ report issues to contact@emaily.uk
See our Security page for full details.
9. International Transfers
Emaily is based in the United Kingdom. If you access our service from outside the UK or EEA, your data may be transferred to and processed in the UK. We rely on UK adequacy decisions and Standard Contractual Clauses for any transfers to countries without equivalent protection.
10. Children's Privacy
Emaily is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact contact@emaily.uk.
11. Changes to This Policy
We may update this policy from time to time. We'll notify you of material changes by email or in-app notification at least 14 days before they take effect. The date at the top of this page always reflects the most recent update.
12. Contact Us
For any privacy questions or to exercise your rights, contact us at:
๐ง contact@emaily.uk
๐ฌ The Email Shop, 8 Brookdale Drive, Littleover, DE23 3YY, Derby, UNITED KINGDOM