Privacy Policy
How we protect your data
This Privacy Policy explains how Email2Chat ("we", "us", "our") collects, uses, and protects your information when you use our Service. Your privacy is important to us, and we are committed to transparency about our data practices.
Effective date: January 1, 2026
1. Information we collect
Account information:
- Email address (for authentication)
- Password (hashed with scrypt, we never store plaintext passwords)
- Telegram ID and WhatsApp number (if you link these messaging accounts)
OAuth tokens:
- Google OAuth access and refresh tokens (for Gmail monitoring)
- Microsoft Graph access and refresh tokens (for Outlook/Office 365 monitoring)
- These tokens are encrypted at rest and used only to access your email inbox with read-only permissions
Email metadata:
- Email UIDs (unique identifiers) and message IDs for deduplication
- Timestamps of last check and last notification sent
- Subject lines (temporarily, for notification display only)
- We do NOT store email bodies or attachments by default
Usage data:
- Feature toggles (summarization, translation, voice, classification settings)
- Monitoring session status and health metrics
- Log data (IP addresses, browser type, error messages) for debugging and security
2. How we use your information
- Email monitoring: We use OAuth tokens or IMAP credentials to periodically check your inbox for new emails
- Notifications: We send email summaries, translations, and alerts to your connected Telegram or WhatsApp account
- AI processing: If enabled, we use AI models (locally or via cloud APIs) to summarize, translate, classify emails, and generate voice messages
- Service improvement: We analyze usage patterns and error logs to improve reliability and add features
- Security: We monitor for suspicious activity, token refresh failures, and unauthorized access attempts
- Support: We use your contact information to respond to inquiries and provide customer service
3. Data storage and security
Security measures:
- All data is stored in a PostgreSQL database with encryption at rest
- OAuth tokens are encrypted using Fernet symmetric encryption
- Passwords are hashed using scrypt with per-user salts
- HTTPS/TLS encryption for all data in transit
- CSRF protection on all form submissions
- Rate limiting to prevent abuse
Data retention:
- Email content: Not stored - processed transiently and discarded immediately after notification is sent
- OAuth tokens: Stored until you revoke access or delete your account
- Account data: Stored until you delete your account
- Logs: Rotated and deleted after 30 days
- AI cache: Cleared after 7 days or when you disable AI features
Data location:
- Database hosted in Lebanon (CSB Group SARL infrastructure)
- Third-party services (Google, Microsoft, Telegram, WhatsApp) process data according to their own privacy policies
4. Third-party services
Email2Chat integrates with the following third-party services:
- Google (Gmail): OAuth authentication and email access via Gmail API. Google Privacy Policy
- Microsoft (Outlook/Office 365): OAuth authentication and email access via Microsoft Graph API. Microsoft Privacy Policy
- Azure AD B2C: Authentication and identity management. Microsoft Privacy Policy
- Telegram: Messaging platform for notifications. Telegram Privacy Policy
- WhatsApp (Meta): Messaging platform for notifications. WhatsApp Privacy Policy
- OpenAI (optional): AI models for summarization and translation. OpenAI Privacy Policy
We are not responsible for the privacy practices of these third parties. Please review their privacy policies before using Email2Chat.
5. Data sharing and disclosure
We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:
- With your consent: When you explicitly authorize data sharing
- Service providers: With trusted third parties who help us operate the Service (cloud hosting, email providers, messaging platforms)
- Legal requirements: When required by law, court order, or government request
- Security and fraud prevention: To protect against security threats, abuse, or illegal activity
- Business transfers: In the event of a merger, acquisition, or sale of assets (with notice to you)
6. Your rights and choices
You have the following rights regarding your personal data:
- Access: Request a copy of your personal data
- Correction: Update incorrect or incomplete information
- Deletion: Request deletion of your account and associated data
- Revocation: Revoke OAuth permissions from your Google/Microsoft account settings or disconnect from the Email2Chat dashboard
- Data portability: Request your data in a machine-readable format
- Opt-out: Disable AI features, notifications, or specific monitoring sessions
To exercise these rights, contact us at contact@csbacademy.com or use the settings in your dashboard.
7. Cookies and tracking
Email2Chat uses the following cookies and tracking technologies:
- Session cookies: Required for authentication and maintaining your login session (stored in filesystem, not browser cookies)
- Security tokens: CSRF tokens to prevent cross-site request forgery attacks
- Analytics: We do NOT use third-party analytics (Google Analytics, etc.) by default
We use minimal tracking to ensure the Service functions correctly. You can clear your session by logging out.
8. Children's privacy
Email2Chat is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.
9. International data transfers
Your data may be transferred to and processed in countries outside your jurisdiction, including Lebanon and countries where our third-party service providers operate. By using the Service, you consent to such transfers. We take appropriate safeguards to protect your data in accordance with this Privacy Policy.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised effective date. If we make material changes, we will provide additional notice (e.g., via email or dashboard notification).
11. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Owner: CSB Group SARL / CSB Academy
- Email: contact@csbacademy.com
- Address: Beirut, Lebanon
This Privacy Policy is effective as of the date indicated above. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.