Privacy Policy
Your Privacy is Our Foundation
At Prospor, we believe privacy isn't just a feature—it's the bedrock of trust. We've built our AI-powered email platform with privacy-first principles, ensuring your sensitive data remains secure, encrypted, and under your control.
All your data is encrypted with AES-256-GCM before storage. Even our administrators cannot read your emails.
We can't access your content even if we wanted to. Your encryption keys are derived from your credentials.
We never read, analyze, or use your emails for advertising. Your data is for your productivity only.
Complete data isolation ensures no cross-user access. Your information stays exclusively yours.
We collect only the minimum data necessary to provide our AI-powered email services.
Email Data
Gmail messages, threads, labels, and metadata accessed via Google OAuth. All content encrypted immediately upon receipt.
Calendar Information
Google Calendar events, availability, and scheduling data for AI-powered meeting coordination and time management.
Task & Todo Data
Tasks, categories, deadlines, and priorities you create within our platform for productivity management.
WhatsApp Integration
Phone number for verification, conversation history, and notification preferences for WhatsApp-based interactions.
Chat & AI Interactions
Your conversations with our AI assistant to improve responses and maintain context across sessions.
Billing Information
Subscription status and Stripe customer ID. We never store credit card details — all payments processed securely by Stripe.
Authentication Data
We collect basic account information through Google OAuth including your email address, name, and profile picture. OAuth access and refresh tokens are encrypted with AES-256-GCM and stored securely.
Onboarding & Personalization
During onboarding, we collect professional information to personalize your experience:
- Job title, company name, industry, and team size
- Communication style preferences (formal, casual, direct, friendly)
- Email signature and primary use cases
- Timezone and country for scheduling coordination
- Department and role responsibilities for AI context
Usage Analytics
We collect anonymized usage patterns (feature interactions, performance metrics) to improve our service. This data cannot be linked to individual users or their content.
Encryption at Rest
All sensitive data including email content, calendar events, and personal information is encrypted using AES-256-GCM before database storage. Encryption keys are derived from your credentials and not accessible to our systems.
Secure Transmission
All data transmission uses HTTPS/TLS 1.3 encryption. OAuth tokens have additional security layers. Our APIs follow industry security best practices with rate limiting and DDoS protection.
Access Controls
Multi-tenant architecture with complete data isolation. Role-based access controls ensure users can only access their own data. Our administrators have no technical ability to decrypt user content.
Infrastructure Security
Hosted on Supabase with SOC 2 compliance. Regular security audits, automated backups, and 99.9% uptime SLA. File storage through DigitalOcean Spaces with encryption at rest.
Google Services
We integrate with Google Gmail API and Calendar API through OAuth 2.0. We request only the minimum necessary permissions. Google's privacy policy applies to their services. You can revoke access anytime through your Google account settings.
OpenAI Integration
AI features use OpenAI's GPT-4o and embedding models. We send only necessary context (never raw email content) for AI processing. OpenAI doesn't use our data for model training, and we don't share personal information.
WhatsApp via Twilio
WhatsApp notifications are delivered through Twilio's messaging platform. We share only your verified phone number and message content you explicitly send. Twilio's privacy policy applies to message delivery.
Stripe Payment Processing
All payments are processed securely by Stripe. We never store credit card information. We only receive subscription status updates and customer references from Stripe.
Data Access
View all your data through our dashboard. Export your information in standard formats. Request detailed reports of what data we have about you.
Data Portability
Download your emails, calendar events, tasks, and chat history in JSON format. Export your data to use with other services or for backup purposes.
Account Deletion
Delete your account and all associated data anytime. Complete data removal within 30 days. Automatic revocation of all third-party service access.
Access Revocation
Revoke Gmail or Calendar access through Google settings. Disable WhatsApp notifications anytime. Granular control over all integrations.
Retention Periods
- Email Data: Retained while your account is active and for 90 days after deletion request
- Chat History: Retained for 2 years to improve AI responses, deleted upon account closure
- Usage Analytics: Anonymized data retained for 3 years for service improvement
- Billing Records: Retained for 7 years as required by law
- WhatsApp Conversations: Retained for 1 year or until account deletion
Automatic Deletion
Inactive accounts (no login for 2 years) receive deletion warnings. Complete data removal occurs 3 years after last activity unless you respond to our notifications.
Global Operations
Prospor serves users globally. Your data may be transferred to and processed in countries where our service providers operate, including the United States and European Union.
Data Protection Standards
We ensure adequate protection through appropriate safeguards like Standard Contractual Clauses, adequacy decisions, and binding corporate rules with all data processors.
GDPR & Regional Compliance
European users have additional rights under GDPR including data portability, right to be forgotten, and data protection officer contact. We comply with applicable regional privacy laws.
We'll notify you of material privacy policy changes via email and in-app notifications. Continued use after updates constitutes acceptance.
Minor clarifications may be made without notice.
Contact our Data Protection Officer for privacy concerns, rights requests, or questions about this policy.
Email: privacy@getprospor.com
Response time: 48 hours
Prospor Privacy Commitment
This privacy policy reflects our commitment to protecting your personal information while delivering innovative AI-powered productivity tools. We believe privacy and innovation can coexist.