Privacy

Privacy statement

This page explains how Mailbot processes personal data. It is written with GDPR in mind and focuses on the MVP behavior of the service.

Controller & contact

Controller: Simplificator AG, Zürich (Switzerland).
Contact (inquiries): info@simplificator.com

What data is processed

Email metadata: sender/recipient addresses, subject, and timestamps.
Email content: message body including forwarded/quoted thread text.
Attachments: currently PDFs are processed by extracting text (image OCR is not performed).
Technical logs: minimal diagnostics (e.g. request IDs, errors) for reliability and abuse prevention.

Purpose & legal basis

Purpose: to generate the email reply you requested (summaries, drafts, extraction of action items, etc.).
Legal basis: typically GDPR Art. 6(1)(b) (service requested) and/or Art. 6(1)(f) (legitimate interest in operating and securing the service).

Retention (service side)

Mailbot is designed to minimize retention. In normal operation, content is processed and then discarded. Some short-lived storage can occur to reliably deliver the service (e.g. queueing and retries).

Queue: inbound jobs are queued during processing and may be retried. Queue entries are cleaned up automatically after processing (time-limited).
Attachments: stored temporarily to parse PDFs and deleted after successful processing (if processing fails/retries, they may remain until a later successful run).
Optional debugging: operators can enable inbound payload storage for troubleshooting via configuration.

Note: your email provider and our upstream providers may retain data according to their own policies.

Processors (third parties)

Email delivery & inbound webhooks: Mailgun (Sinch). See: Mailgun Privacy Policy and Mailgun GDPR information.
AI inference: Anthropic (Claude API). See Anthropic’s data handling/retention: Data Handling & Retention and Retention FAQ.
Hosting: the service runs on infrastructure operated by the service provider.

International transfers

Depending on providers and configuration, data may be processed outside your country. We aim to select EU/CH-friendly regions where available, but processors may operate globally. See the linked processor policies for details.

Your rights

Under GDPR you may have rights including access, rectification, deletion, restriction, objection, and data portability, subject to legal requirements. Contact us at info@simplificator.com.

Security

We use transport encryption (TLS) and standard security practices. As an MVP, absolute security cannot be guaranteed; please avoid sending highly sensitive data.