Privacy Policy
Last updated: 2026-04-20
Who we are
Mailroom (“the Service”, “we”, “us”) lets signed-in users send personalized bulk email from their own Google Gmail account. The operator can be contacted at aneeka@pmmalliance.com.
What we collect
- Your Google account email address and profile basics (returned by Google’s OpenID Connect userinfo endpoint when you sign in).
- A Google OAuth refresh token scoped strictly to
gmail.send. We use this only to send email on your behalf when you explicitly click Send. - CSVs you upload: recipient email addresses and any additional columns you choose to use as merge tags. These are stored in our database so you can re-send or track status.
- Email campaigns you create: project name, subject, body, and per-recipient send status.
What we don’t do
- We don’t read, list, or search the Gmail you connect. We only have
gmail.sendpermission. - We don’t share your data with any third party for marketing or advertising.
- We don’t use your data to train any machine-learning model.
- We don’t sell your data.
How your Google data is used
The
gmail.send scope is used solely to deliver email you have composed and approved, to the recipients in the CSV you uploaded. Google requires us to make this policy explicit: any use of Google user data is limited to the purpose described above. We do not transfer Google data to any other party, and we do not use it for serving advertisements.Storage and retention
Data is stored in Supabase (PostgreSQL). Row-level security scopes every query to the signed-in user, so other users cannot read your data. You can delete a project at any time, which removes its recipients and send history. To delete your entire account, email aneeka@pmmalliance.com.
Revoking access
You can revoke our access to your Gmail at any time at myaccount.google.com/permissions. Once revoked, we can no longer send on your behalf.
Contact
Questions about this policy or your data: email aneeka@pmmalliance.com.