Your Privacy Promise

Here's the straight truth about what info gets collected. Nothing sneaky, no hidden gotchas.

The bare minimum needed to make this work:

• Your account basics: Name, email, where you work (so you can sign in and get your files back)
• Your email files: The .eml/.msg files you upload (but here's the thing - these get wiped clean after processing)
• Anonymous usage data: Like "someone converted 5 files today" - but zero personal details
• Payment info: Handled completely by Stripe (the same folks who process payments for millions of businesses). Your card info never touches our servers.
• Security logs: Who accessed what and when (deleted after 90 days, because who needs clutter?)

This isn't just marketing talk. Files actually vanish on schedule:

• Regular users: Everything gets wiped after 1 hour. No exceptions, no "oops we forgot."
• Heavy-Duty users: Keep files up to 30 days for those complex cases, then automatic deletion kicks in
• Processing leftovers: Temporary files get deleted the second conversion finishes
• Your PDFs: Follow the same vanishing schedule as the original files
• Backup systems: No sneaky copies hiding in backup servers beyond the main schedule
• Secure deletion: Multiple-pass wiping so deleted files can't be recovered by anyone (including us)

Multiple layers of protection because one lock isn't enough for sensitive data:

• Everything encrypted: AES-256 encryption (military-grade) for all data moving around and stored
• Zero-knowledge processing: Files get processed without anyone on this end being able to peek inside
• Bulletproof infrastructure: SOC 2 Type II compliant cloud setup (the gold standard for security)
• Access controls: Multi-factor authentication and strict role-based access
• Network security: TLS 1.3, HSTS, and certificate pinning (the technical stuff that keeps hackers out)
• 24/7 monitoring: Round-the-clock security monitoring and threat detection
• Regular checkups: Third-party security audits to make sure everything stays locked down

Compliance isn't just about checking boxes. It's about making sure you don't lose sleep over privacy violations:

Under GDPR, CCPA, and other privacy laws, you've got real rights. Here's what you can actually do:

• See everything: Request copies of all personal data held about you
• Fix mistakes: Correct any wrong personal information
• Delete everything: Request immediate deletion of your data
• Take it with you: Export your data in a format you can use elsewhere
• Limit processing: Restrict how your data gets processed
• Stop marketing: Object to any direct marketing (though there isn't any)
• Keep privilege intact: Maintain confidentiality of sensitive communications

Multiple ways to make sure your data actually disappears:

• Automatic deletion: Files vanish automatically per the retention schedule
• Manual deletion: Delete stuff immediately through your dashboard
• Account deletion: Nuke your entire account and all associated data
• Secure wiping: Multi-pass deletion that prevents data recovery
• Backup cleanup: Coordinated deletion across all backup systems
• Deletion certificates: Documentation for your records if needed

For international users, compliant data handling across borders:

• EU-US Data Privacy Framework participation
• Standard Contractual Clauses for EU transfers
• Adequacy decision compliance where available
• Regional data residency options for enterprise clients

In the unlikely event of a security incident (knock on wood):

• Immediate containment and investigation procedures kick in
• You get notified within 72 hours
• Regulators get notified as required by law
• Detailed incident reports for your compliance needs
• Security improvements based on what happened