Privacy Policy

At SupportSeal, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered customer support platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

1. Information We Collect

1.1 Account Information

When you create a SupportSeal account, we collect:

• Full name and email address
• Organization name and details
• Password (encrypted and never stored in plain text)
• Profile information you choose to provide
• Account preferences and settings

1.2 Email Integration Data

When you connect your email accounts (Gmail, Microsoft Outlook) to SupportSeal, we collect:

• Email Metadata: Subject lines, sender/recipient email addresses, timestamps, message IDs, thread IDs, labels, and folder information
• Email Content: The full body of emails (both HTML and plain text) that you choose to sync with our service
• Attachments: Files attached to emails you send or receive through our platform
• OAuth Tokens: Access and refresh tokens for your connected email accounts (encrypted at rest)
• Sync History: Information about when emails were synced and processed

Important: We use OAuth 2.0 for authentication with email providers. We never store your email provider passwords. You can revoke our access at any time through your email provider’s security settings.

1.3 Customer Support Data

As part of our customer support management features, we process and store:

• Support ticket information and conversation threads
• Customer email addresses and communication history
• Support ticket status, priority, and assignment information
• Customer profiles including interaction history and preferences
• Response times and resolution metrics
• File attachments sent or received in support conversations

1.4 AI Analysis Data

Our AI-powered features generate and store:

• Email classification categories (support request, bug report, billing inquiry, etc.)
• Sentiment analysis results (positive, neutral, negative, frustrated)
• Urgency scores and priority assessments
• Language detection results
• AI-generated suggested replies
• Confidence scores for AI predictions
• Extracted keywords and topics

1.5 Knowledge Base Content

When you use our knowledge base features, we collect and process:

• Documents, articles, and FAQs you upload
• URLs to documentation and help pages you provide
• Document content and metadata (titles, tags, categories)
• Vector embeddings generated from your documents for semantic search
• Usage statistics showing which articles are most relevant

1.6 Project and Organization Data

• Project names, descriptions, and settings
• Industry and business context information
• Product features, pricing information, and use cases you provide
• Team member information and roles
• Communication style preferences and tone settings
• Custom email templates and signatures

1.7 Usage and Technical Data

• IP addresses and device information
• Browser type and version
• Operating system and device type
• Pages visited and features used
• Time spent on pages and interaction patterns
• Error logs and diagnostic data
• API usage statistics

1.8 Billing and Payment Information

When you subscribe to our paid plans:

• Billing name and address
• Payment method information (processed securely through our payment processor)
• Subscription plan and billing cycle
• Usage metrics for billing purposes (number of emails processed, projects created, etc.)
• Invoice and payment history

Note: We do not store full credit card numbers. All payment processing is handled by our PCI-compliant payment processor.

1.9 Communications

• Communications you have with us (support emails, feedback, surveys)
• Preferences for marketing communications
• Responses to surveys and feedback forms

2. How We Use Your Information

2.1 To Provide and Maintain Our Service

• Process and manage your customer support emails
• Sync emails from your connected accounts
• Display email threads and conversations
• Manage support tickets and their statuses
• Store and retrieve file attachments
• Enable team collaboration features
• Provide search and filtering capabilities

2.2 To Enable AI-Powered Features

• Automatically classify and categorize incoming emails
• Analyze sentiment and urgency of customer messages
• Generate suggested replies based on email content and context
• Provide relevant knowledge base articles for customer inquiries
• Create customer profiles and interaction histories
• Detect language and translate content when needed
• Identify patterns and insights in support data

2.3 To Improve Our Service

• Analyze usage patterns to understand how customers use our platform
• Identify and fix bugs and technical issues
• Develop new features and improvements
• Train and improve our AI models (using aggregated, anonymized data)
• Optimize performance and user experience

2.4 For Security and Fraud Prevention

• Monitor for suspicious activity and unauthorized access
• Verify account ownership and authenticate users
• Maintain audit logs of system access and changes
• Investigate security incidents
• Enforce our Terms of Service

2.5 For Billing and Account Management

• Process subscription payments and manage billing
• Track usage against subscription limits
• Send invoices and payment receipts
• Manage trial periods and subscription renewals
• Handle refunds and billing disputes

2.6 For Communication

• Send transactional emails (account notifications, password resets, billing updates)
• Provide customer support and respond to inquiries
• Send important service announcements and updates
• Request feedback and conduct surveys (with your consent)
• Send marketing communications (only with your explicit consent, which you can withdraw at any time)

2.7 For Legal Compliance

• Comply with legal obligations and regulatory requirements
• Respond to legal requests and prevent illegal activities
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service

3. AI Processing and Machine Learning

3.1 How We Use AI

SupportSeal uses artificial intelligence and machine learning to analyze emails and provide intelligent automation. Our AI features include:

• Email Classification: Automatically categorizing emails (FAQ, technical issue, billing, feature request, etc.)
• Sentiment Analysis: Detecting the emotional tone of customer messages
• Priority Detection: Assessing urgency and suggesting priority levels
• Response Generation: Creating suggested replies based on email content and your knowledge base
• Knowledge Retrieval: Using semantic search to find relevant documentation
• Language Detection: Identifying the language of customer messages

3.2 AI Models and Data Processing

We use third-party AI services (such as Google Gemini and OpenAI) to power our AI features. When we process your data with these services:

• Data is transmitted securely over encrypted connections
• We use enterprise agreements that prohibit the use of your data for training their models
• Email content is processed on a per-request basis and not stored by AI providers
• We maintain control over which data is sent to AI services

3.3 Vector Embeddings and Semantic Search

To enable intelligent search and document retrieval, we create mathematical representations (embeddings) of your knowledge base content. These embeddings are stored in our database and used to match relevant information to customer inquiries. Embeddings do not contain the original text and cannot be reverse-engineered to reveal content.

3.4 Human-in-the-Loop

SupportSeal is designed with a human-in-the-loop approach. AI suggestions are never sent automatically without human review. You always have full control over:

• Whether to use AI-suggested replies or write your own
• Editing and modifying AI-generated content before sending
• Approving or rejecting AI classifications and priorities
• Disabling AI features for specific projects or entirely

3.5 Model Training and Improvement

We may use aggregated, anonymized data to improve our AI models. This data:

• Is completely stripped of personally identifiable information
• Cannot be traced back to specific users or organizations
• Is used only for improving model accuracy and performance
• Is never shared with third parties for their model training

If you do not want your data (even in anonymized form) used for model improvement, please contact us at tim@supportseal.com.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

4.1 With Your Team Members

Information you process through SupportSeal is accessible to other members of your organization who have been granted access. You control who can access your organization’s data through our team management features.

4.2 With Service Providers

We share data with trusted third-party service providers who help us operate our service, including:

• Cloud Hosting: For infrastructure and data storage
• AI/ML Services: For natural language processing and machine learning (Google Gemini, OpenAI)
• Payment Processors: For handling subscription payments
• Email Providers: Google and Microsoft for OAuth authentication and email access
• Analytics Services: For understanding service usage and performance
• Customer Support Tools: For providing support to you

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

• Valid legal requests from law enforcement or government authorities
• Court orders or subpoenas
• Requests to protect our rights, property, or safety
• Suspected illegal activities or violations of our Terms of Service

We will notify you of legal requests for your data unless prohibited by law.

4.4 Business Transfers

If SupportSeal is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for any other purposes with your explicit consent.

4.6 Aggregated Data

We may share aggregated, anonymized data that cannot identify you or your organization. This includes statistics about platform usage, industry trends, and feature adoption.

5. Data Security

We implement comprehensive security measures to protect your data:

5.1 Technical Security Measures

• Encryption in Transit: All data transmitted to and from our servers uses TLS 1.3 encryption
• Encryption at Rest: Sensitive data, including OAuth tokens and passwords, is encrypted in our databases
• Secure Authentication: We use industry-standard OAuth 2.0 for email provider authentication
• Password Security: Passwords are hashed using bcrypt with salt
• Access Controls: Role-based access control (RBAC) limits data access to authorized users
• Network Security: Firewalls, intrusion detection systems, and network monitoring

5.2 Organizational Security Measures

• Limited employee access to customer data on a need-to-know basis
• Background checks for employees with data access
• Regular security training for all staff
• Incident response plan for security breaches
• Regular security audits and penetration testing

5.3 Application Security

• Regular security updates and patches
• Vulnerability scanning and remediation
• Secure coding practices and code reviews
• SQL injection and XSS protection
• CSRF token protection

5.4 Audit and Monitoring

• Comprehensive audit logging of system access and changes
• Real-time monitoring for suspicious activities
• Automated alerts for security events
• Regular review of access logs

5.5 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by applicable law. We will provide information about the breach, the data affected, and steps we’re taking to address it.

Important: While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide you with our services.

6.2 Account Deletion

When you delete your account or request data deletion:

• Immediate: Your account is deactivated immediately and you lose access to the service
• 30 Days: Your data enters a 30-day grace period during which it can be recovered if you change your mind
• After 30 Days: All your data is permanently deleted from our systems, including:
  • Email content and metadata
  • Support tickets and conversations
  • Knowledge base documents
  • Customer profiles
  • File attachments
  • AI analysis data

6.3 Backup Retention

Deleted data may persist in our backup systems for up to 90 days after deletion. Backup data is encrypted and not accessible for operational purposes.

6.4 Legal Retention

We may retain certain data longer if required by law or to:

• Comply with legal obligations (tax, accounting, or audit requirements)
• Resolve disputes or enforce agreements
• Prevent fraud and abuse

In such cases, we retain only the minimum necessary information and keep it securely isolated.

6.5 Aggregated Data

Aggregated, anonymized data that cannot identify you or your organization may be retained indefinitely for analytics and service improvement purposes.

6.6 Data Portability

Before deleting your account, you can request an export of your data in a machine-readable format. We will provide the export within 30 days of your request.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Right to Access

You have the right to request access to the personal information we hold about you. You can view most of your data directly within your SupportSeal account dashboard.

7.2 Right to Rectification

You can update or correct your personal information at any time through your account settings. If you cannot update certain information yourself, contact us for assistance.

7.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your account and all associated data at any time. We will comply with deletion requests within 30 days, subject to legal retention requirements.

7.4 Right to Data Portability

You can request an export of your data in a structured, machine-readable format (JSON or CSV). This allows you to transfer your data to another service provider.

7.5 Right to Restriction of Processing

You can request that we limit how we use your data. For example, you can disable AI processing features while continuing to use basic email management features.

7.6 Right to Object

You can object to certain types of data processing, such as:

• Marketing communications (opt-out at any time)
• AI analysis and automated decision-making
• Use of anonymized data for model training

7.7 Right to Withdraw Consent

Where we process data based on your consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before you withdrew consent.

7.8 Right to Lodge a Complaint

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with your local data protection authority.

7.9 Exercising Your Rights

To exercise any of these rights, please:

• Email us at tim@supportseal.com
• Use the data management tools in your account settings
• Contact our support team through the platform

We will respond to your request within 30 days. We may need to verify your identity before processing certain requests.

7.10 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have additional rights under the GDPR, including:

• The right to receive detailed information about how we process your data
• The right to have incorrect data corrected without undue delay
• The right to restrict processing in certain circumstances
• The right to data portability in a structured format

7.11 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect and how we use it
• The right to delete personal information we hold about you
• The right to opt-out of the “sale” of personal information (note: we do not sell your data)
• The right to non-discrimination for exercising your CCPA rights

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies to provide, improve, and secure our service.

8.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the website to function and cannot be disabled:

• Authentication: Session cookies to keep you logged in
• Security: CSRF tokens to prevent cross-site request forgery
• Load Balancing: To route your requests to the correct server

Functional Cookies (Optional)

These cookies enhance functionality but are not strictly necessary:

• Preferences: Remember your settings, theme, and language preferences
• UI State: Remember panel sizes, collapsed/expanded states

Analytics Cookies (Optional)

These cookies help us understand how you use our service:

• Usage Analytics: Page views, feature usage, and navigation patterns
• Performance Monitoring: Load times and error tracking

8.3 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse or delete cookies
• Cookie Preferences: Use our cookie preference center (if available)
• Opt-Out Tools: Use browser extensions or privacy tools

Note: Disabling essential cookies may prevent you from using certain features of our service.

8.4 Third-Party Cookies

We may use third-party services that set their own cookies, including:

• Google Analytics (for usage analytics)
• Payment processors (for secure payment processing)

These third parties have their own privacy policies governing their use of your data.

8.5 Do Not Track Signals

We respect Do Not Track (DNT) browser signals. When DNT is enabled, we will not track your browsing behavior for analytics purposes, though essential cookies may still be necessary for the service to function.

9. Third-Party Services and Integrations

9.1 Email Providers

Google (Gmail)

• Used for OAuth authentication and email access
• Subject to Google’s Privacy Policy
• We request only necessary scopes (read email, send email, profile information)
• You can revoke access at any time through your Google Account settings

Microsoft (Outlook/Office 365)

• Used for OAuth authentication and email access
• Subject to Microsoft’s Privacy Policy
• We request only necessary scopes (read email, send email, profile information)
• You can revoke access at any time through your Microsoft Account settings

9.2 AI/ML Services

Google Gemini

• Used for natural language processing and AI analysis
• Data is sent for processing but not used for training Google’s models
• Enterprise agreement ensures data privacy and security

OpenAI

• May be used for certain AI features
• Data sent via API is not used to train OpenAI’s models (per enterprise agreement)
• Subject to OpenAI’s API data usage policies

9.3 Infrastructure Providers

• Cloud Hosting: Your data is stored on secure cloud infrastructure
• Database Services: PostgreSQL for structured data, vector databases for embeddings
• CDN: Content delivery networks for fast, secure content delivery

9.4 Payment Processing

• We use PCI-DSS compliant payment processors for subscription billing
• We do not store full credit card numbers
• Payment data is encrypted and tokenized
• Subject to the payment processor’s privacy policy

9.5 Analytics and Monitoring

• Usage analytics to understand feature adoption and performance
• Error tracking to identify and fix bugs
• Performance monitoring to ensure service reliability

9.6 Our Responsibility

While we carefully vet our third-party service providers and require them to protect your data, we are not responsible for their privacy practices. We encourage you to review their privacy policies.

10. International Data Transfers

10.1 Where We Store Data

SupportSeal operates globally, and your data may be stored and processed in data centers located in various countries. We ensure that all data centers meet strict security and privacy standards.

10.2 EU-US Data Transfers

For users in the European Union and European Economic Area, we transfer data to the United States and other countries in compliance with GDPR requirements, using:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Additional safeguards such as encryption and access controls

10.3 Data Processing Agreements

Upon request, we can provide a Data Processing Agreement (DPA) for enterprise customers that outlines our commitments regarding data protection and privacy.

10.4 Data Localization

For enterprise customers with specific data residency requirements, we may offer options to keep data within specific geographic regions. Contact our sales team for more information.

11. Children’s Privacy

SupportSeal is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at tim@supportseal.com, and we will delete such information from our systems.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as quickly as possible.

12. Billing and Subscription Information

12.1 Subscription Plans

SupportSeal offers various subscription plans with different features and usage limits. When you subscribe:

• We collect billing information (name, address, payment method)
• We track usage metrics to enforce subscription limits (emails processed, projects created, etc.)
• We generate invoices and receipts for your records
• We may send billing-related notifications (payment confirmations, failed payments, usage alerts)

12.2 Free Trials

We may offer free trials to new customers. During a trial:

• You can use the service with limited features or capacity
• Your trial usage data is tracked
• We may send notifications about trial expiration
• Payment information may be required to prevent abuse (but not charged until trial ends)

12.3 Usage Tracking

To enforce subscription limits and calculate overages, we track:

• Number of emails processed per billing period
• Number of projects and email accounts created
• Number of team members added
• API usage and custom integration executions

This usage data is used solely for billing purposes and service management.

12.4 Payment Security

All payment processing is handled by PCI-DSS compliant payment processors. We do not store full credit card numbers or other sensitive payment information on our servers.

12.5 Refunds and Cancellations

When you cancel your subscription:

• You can continue using the service until the end of your current billing period
• Your data is retained for 30 days after cancellation
• Refunds are handled according to our refund policy in the Terms of Service
• Billing information is retained as required by law for tax and accounting purposes

12.6 Tax Information

Depending on your location, we may collect additional information for tax compliance purposes, such as VAT numbers or business registration details.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

13.1 How We Notify You

When we make changes, we will:

• Update the “Last updated” date at the top of this policy
• Notify you via email if the changes are significant
• Display a prominent notice in the application
• Give you at least 30 days’ notice before significant changes take effect

13.2 Material Changes

For material changes that affect your rights or how we use your data, we will seek your consent where required by law. If you do not agree to the changes, you may delete your account before the changes take effect.

13.3 Continued Use

Your continued use of SupportSeal after changes to this Privacy Policy constitutes your acceptance of the updated terms.

13.4 Version History

You can request previous versions of this Privacy Policy by contacting us at tim@supportseal.com.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14.1 Response Time

We will respond to privacy-related inquiries within 30 days. For urgent matters, please indicate “URGENT” in your subject line.

14.2 Privacy Rights Requests

To exercise your privacy rights (access, deletion, portability, etc.), please:

• Use the subject line: “Privacy Rights Request - [Your Name]”
• Include your account email address
• Specify which right you’re exercising
• Provide any additional information to help us verify your identity

14.3 EU Representative

For users in the European Union, our EU representative for GDPR matters can be contacted at:

[Contact details to be provided if SupportSeal operates in the EU]