Privacy Policy & Data Transparency Report

1. Our Core Privacy Commitment

EmailsThreatScan is a forensic email analysis tool. By its nature, you entrust us with sensitive email data to analyse for threats. We take this responsibility seriously.

The Golden Rule. For manual analysis (drag-and-drop or paste), we do NOT store the full raw body or attachments of your emails in our persistent database. Once analysis is complete, the raw content is discarded. We only retain a cryptographic hash (SHA-256), the subject line, and the AI analysis result to provide you with a history log.

Connected Mailbox Monitoring. For users who connect a mailbox for automated monitoring, we store additional metadata as described in §2 and §3 below. This is necessary to provide continuous threat detection, automated actions, and historical reporting.

2. Data We Collect — Manual Analysis

When you manually analyse an email via drag-and-drop, file upload, or paste:

3. Data We Collect — Connected Mailbox Monitoring

When you connect a Microsoft 365 or Google Workspace mailbox for automated monitoring, we collect and persistently store additional data to provide continuous threat detection and automated actions.

Important: Unlike manual analysis, monitored mailbox data is NOT ephemeral. The following is stored for the duration of the retention period:

Privacy-First Deletion: Emails classified as “Safe” by our AI are automatically deleted from our database immediately after analysis. Only emails flagged as suspicious or malicious are retained for your review.

4. OAuth Permissions & Mailbox Access

When you connect a mailbox, we request the minimum OAuth scopes necessary to provide the Service. We require read and write access because features such as Ghost Quarantine (moving emails to a folder), Safety Banners (modifying email body), URL Rewriting, and Categorisation require the ability to modify messages in your mailbox.

Microsoft 365 Scopes: Mail.ReadWrite, User.Read, offline_access. These allow us to read your inbox, apply automated actions to flagged emails, and maintain a persistent connection without re-authentication.

Google Workspace Scopes: gmail.modify, userinfo.email, userinfo.profile. These allow us to read, label, and move messages in your Gmail account.

Revocation. You may disconnect your mailbox at any time from your Dashboard. Upon disconnection, we immediately invalidate your OAuth tokens and cease all automated processing. Stored analysis data is retained per our retention policy (§8) unless you request earlier deletion.

5. Legal Basis for Processing

We process your personal data under the following lawful bases (UK GDPR Article 6):

1. Consent (Art. 6(1)(a)): When you connect a mailbox via OAuth, you explicitly consent to our access. You may withdraw consent at any time by disconnecting.
2. Contract (Art. 6(1)(b)): Processing is necessary to fulfil your subscription and deliver the features you have paid for (e.g., automated monitoring, threat reports).
3. Legitimate Interest (Art. 6(1)(f)): For manual analysis, we process email headers and body content to provide the security analysis you have requested. For abuse prevention, we log IP addresses and enforce rate limits.

6. Third-Party Subprocessors

We do not sell your data to any third party. Data is shared only with the following providers as strictly necessary to operate the Service:

1. Enterprise AI Providers (Google Gemini, OpenAI). Email content is transmitted for semantic threat analysis. We enforce strict “Zero-Training” data policies with all AI providers via Commercial Enterprise API agreements, ensuring your data is never used to train public models.
2. Stripe. Handles all payment processing. We never see or store your credit card number. Stripe stores your payment method and billing details under its own privacy policy.
3. Microsoft Graph API / Google Gmail API. Used to access your connected mailbox on your behalf, using the OAuth tokens you have granted. Data remains within your provider’s infrastructure; we fetch only what is needed for analysis.

In the event a subprocessor materially changes its data handling policies, we will notify affected users within 30 days and provide the option to terminate.

7. Automated Decision-Making & Actions

Our Service uses automated processing to classify and act on emails. You should be aware of the following automated systems:

1. Custom Security Rules. User-defined allow/block lists that execute before AI analysis. Rule-matched emails are classified deterministically without consuming credits. Your rules (sender patterns, keywords) are stored in our database.
2. Batch AI Triage. Incoming emails from monitored mailboxes are screened in batches by AI to determine if they require further investigation.
3. Individual AI Analysis. Emails flagged during triage receive a full forensic deep-dive, producing a verdict, threat score, and detailed reason.
4. Ghost Quarantine. If enabled, emails classified as malicious or dangerous are automatically moved to a designated folder in your mailbox (e.g., “ETS Quarantine”) and you receive an email notification.
5. Safe Link Rewriting. URLs in flagged emails may be rewritten to route through our proxy server, allowing us to warn you before you visit a potentially malicious link. Click metadata (timestamp, your IP address) is logged for security purposes. Rewritten links expire after a set period.
6. Safety Banners. If enabled, a warning banner may be injected into the body of flagged emails in your mailbox to warn you of the detected threat.
7. Move to Junk. If enabled, emails classified as malicious may be automatically moved to your Junk/Spam folder.

Your Right to Contest. You may contest any automated decision by using the Forward-to-Revert feature (forwarding the email to our revert address) or contacting us directly. All automated actions can be individually enabled or disabled from your Dashboard settings.

8. Data Retention & Deletion

Analysis Logs. Analysis records (both manual and monitored) are retained for a minimum of 30 days. We reserve the right to adjust retention periods as part of service improvements or compliance requirements. You may manually delete individual records at any time from your Dashboard.

Safe Emails. Emails classified as “Safe” by our AI during mailbox monitoring are automatically and immediately deleted from our database after analysis. We place a temporary cache marker to prevent re-ingestion during the next sync cycle. This marker contains only a message identifier and cannot be used to reconstruct the email.

OAuth Tokens. Stored until you disconnect the mailbox. Upon disconnection, tokens are invalidated and deleted.

Account Data. Retained until you request deletion via your Dashboard or by emailing [email protected].

Content Hashes. When you delete a log, the cryptographic hash in our cache may remain anonymously for a short period to preserve caching efficiency, but it is stripped of all association with your user account.

9. Organisation & Team Data

Admin Consent. When an Organisation Administrator connects a Microsoft 365 or Google Workspace tenant, they grant consent on behalf of all mailboxes within that organisation. Individual mailbox users do not separately consent; the Administrator’s consent is binding for all connected accounts.

Shared Threat Feed. Within an organisation, the Administrator may view aggregated threat statistics and individual threat incidents for all connected mailboxes. Individual email body content is not shared — only metadata (sender, subject, verdict, score).

Member Data. We store the email addresses and role assignments of organisation members for access control purposes.

10. Your Rights (UK GDPR)

Under the UK General Data Protection Regulation, you have the following rights:

1. Right of Access (Art. 15): You may request a copy of all personal data we hold about you.
2. Right to Rectification (Art. 16): You may request correction of inaccurate personal data.
3. Right to Erasure (Art. 17): You may request deletion of your personal data. You can also delete individual analysis logs directly from your Dashboard.
4. Right to Data Portability (Art. 20): You may request your data in a structured, machine-readable format.
5. Right to Withdraw Consent: You may disconnect your mailbox at any time, revoking our OAuth access.
6. Right to Object (Art. 21): You may object to automated processing by disabling specific features (Ghost Quarantine, URL Rewriting, etc.) from your Dashboard.
7. Right to Lodge a Complaint: You may file a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any of these rights, contact our Data Protection Officer at [email protected].

11. Security Measures

We employ technical and organisational controls to protect your data:

1. Encryption in Transit: All connections are encrypted using industry-standard protocols.
2. Password Security: User passwords are salted and hashed using an adaptive one-way hashing algorithm designed to resist brute-force attacks.
3. Token Security: API tokens are hashed before storage. OAuth refresh tokens are encrypted at rest.
4. Rate Limiting: Strict per-IP and per-user rate limits prevent abuse and denial-of-service attacks.
5. Access Controls: Administrative access to production systems is restricted to authorised personnel only.

12. Cookies & Advertising

This site is supported by advertising. To serve relevant ads, we use third-party vendors and ad networks, including Google AdSense.

1. Third-party vendors, including Google, use cookies to serve ads based on your prior visits to this website or other websites.
2. Google’s use of advertising cookies enables it and its partners to serve ads based on your browsing history.
3. You may opt out of personalised advertising by visiting Google Ads Settings. Alternatively, you can opt out of third-party cookies for personalised advertising via www.aboutads.info.

Essential Cookies. We use session cookies for authentication and CSRF protection. These are strictly necessary for the Service to function and do not track you for advertising purposes.

13. Google API Services User Data Policy

EmailsThreatScan’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This means we strictly limit our use of your Google data to “providing or improving user-facing features that are prominent in the requesting application’s user interface.” We do not use your Google data for advertisements, creating generalised ML models, or selling to data brokers.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes that affect how we process your personal data, we will notify registered users via email at least 30 days before the changes take effect.

Continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree, you must discontinue use and request account deletion.