Privacy Policy

Last updated: April 9, 2026

1. Overview

ArcMail ("we", "us", "our") operates a sales and client management portal at arcmail-portal.vercel.app. This Privacy Policy explains how we collect, use, and protect information when you use our platform.

2. Information We Collect

When you sign in with Google, we request access to the following data:

  • Basic profile information — your name, email address, and profile picture, used to identify your account within the portal.
  • Gmail (read & send) — we read emails to surface relevant client communications inside the CRM, and send emails on your behalf when you compose messages within the portal. We do not store email content beyond what is displayed in the session.
  • Google Calendar events — we read and create calendar events to display your schedule and allow you to book meetings directly from the portal. We do not modify or delete existing events without your explicit action.

3. How We Use Your Information

  • Authenticate your identity and grant access to the portal
  • Display your emails and calendar events within the CRM interface
  • Send emails on your behalf when you use the portal's email composer
  • Create calendar events when you schedule meetings through the portal

We do not sell, share, or use your Google data for advertising or any purpose beyond the core functionality described above.

4. Data Storage & Retention

OAuth access tokens are stored securely in encrypted session cookies and are never written to our database. Email and calendar content is fetched on demand and displayed in-session only — it is not cached or stored on our servers. CRM data (deals, contacts, notes) is stored in Supabase, a SOC 2 compliant database provider.

5. Third-Party Services

Our platform integrates with the following third-party services:

  • Google (OAuth, Gmail API, Google Calendar API)
  • Supabase (database and file storage)
  • Vercel (hosting)
  • Slack (internal notifications)

6. Data Security

All data is transmitted over HTTPS. OAuth tokens are stored in HTTP-only, secure cookies and are not accessible to client-side scripts. We follow industry-standard practices for securing credentials and API keys.

7. Your Rights

You can revoke ArcMail's access to your Google account at any time by visiting myaccount.google.com/permissions. Revoking access will sign you out of the portal and remove all OAuth tokens.

8. Contact

For any privacy-related questions, contact us at info@arcmail.ai.