Legal
Privacy Policy
Last updated: May 5, 2026
This policy explains how Epigeon handles data for mailbox sync, secure sending, Epigeon AI, campaign workflows, billing, and Google OAuth integrations.
Information We Collect
Epigeon collects account profile details, authentication session data, connected mailbox metadata, user-provided mailbox credentials or OAuth tokens, email content needed to display and operate mailbox features, campaign configuration, recipients, usage logs, and billing records. We only collect data required to provide the product features you enable.
How We Use Information
We use user data to authenticate accounts, sync mail, send messages, run campaign workflows, provide AI assistance at your request, maintain usage limits, process billing, protect against abuse, troubleshoot errors, and improve service reliability.
Google User Data
When you connect Gmail or Google Workspace, Epigeon uses Google OAuth access only to provide email functionality you request, including reading mailbox folders, displaying messages, sending email, syncing message state, and maintaining reauthorization when Google requires it. Epigeon complies with the Google API Services User Data Policy, including Limited Use requirements. We do not sell Google user data, use it for advertising, or use it to train generalized AI or ML models.
AI Processing
AI features process selected email, campaign, or prompt content only when you invoke AI functionality. If you configure the Ollama Adapter, supported AI requests can be routed to your own provider configuration instead of Epigeon-managed cloud AI flows.
Data Sharing
We share data only with service providers needed to operate Epigeon, such as hosting, database, payment, email provider, OAuth provider, and AI processing infrastructure. We do not sell personal information.
Security
Epigeon uses authenticated sessions, encrypted transport, access controls, provider token handling, TOTP support, remote image privacy controls, and operational logging to protect user data. No internet service can guarantee absolute security, but we design Epigeon to minimize unnecessary access and exposure.
Retention and Deletion
We retain user data while your account is active or as needed to provide the service, comply with legal requirements, resolve disputes, and enforce agreements. You may request account or connected mailbox deletion by contacting support. Disconnecting a provider revokes Epigeon access to future provider data.