Your Privacy, Our Priority

1. Introduction

SamMail ("we," "our," or "us") provides a secure, AI-powered personal email service. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data when you use SamMail's email platform and related services.

By using SamMail, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

2.1 Account Information

When you register for a SamMail account, we collect:

• Your full name and chosen email address
• Password (stored in encrypted form — we never store plain-text passwords)
• Phone number (optional, used for account recovery only)
• Account creation date and timezone

2.2 Email Content

Your emails, attachments, drafts, and sent messages are stored on our secure servers to provide the service. We want to be clear about how we handle your email content:

• We do not read your emails for advertising purposes.
• AI features process your emails within your session and are not stored for model training without your explicit consent.
• Email content is encrypted at rest and in transit using industry-standard TLS encryption.

2.3 Usage Data

We automatically collect limited technical data to operate and improve the service:

• IP address (anonymized after 30 days)
• Browser type and version
• Device type and operating system
• Pages visited and features used (aggregated, non-personal)
• Login timestamps and session duration

3. How We Use Your Information

We use the information we collect solely to:

• Deliver the service — to send, receive, and store your emails
• Authenticate you — to verify your identity and protect your account
• Provide AI features — to power smart email suggestions and summaries within your session
• Ensure security — to detect and prevent spam, phishing, and unauthorized access
• Improve the service — using anonymized, aggregated usage statistics
• Communicate with you — service updates, security alerts, and support replies

We do not sell your personal data, email content, or usage patterns to third parties — ever.

4. Email Privacy & Encryption

Email privacy is at the core of SamMail. We implement the following security measures:

5. AI Features & Your Data

SamMail includes optional AI-powered features such as smart compose, email summarization, and smart replies. Here is how these features interact with your data:

• AI features are processed within your active session and are not stored persistently for training purposes.
• You can disable all AI features at any time from your account settings.
• Email content sent to the AI processing layer is discarded immediately after the response is generated.
• We do not use your email content to train our AI models without your explicit, opt-in consent.

6. Sharing Your Information

We share your personal information only in the following limited circumstances:

• Service Providers: Trusted third-party providers bound by strict data processing agreements.
• Legal Obligations: If required by applicable law, court order, or governmental authority.
• Business Transfers: In the event of a merger or acquisition, subject to equivalent privacy protections.
• With Your Consent: In other circumstances with your explicit consent.

We will never sell, rent, or trade your personal information or email content to third parties for their own marketing or commercial purposes.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the service:

• Emails and drafts: Retained until you delete them or close your account
• Account information: Retained for the account lifetime, plus up to 30 days after deletion
• Usage logs: Retained for up to 12 months in anonymized form
• Support records: Retained for up to 3 years for quality assurance purposes

When you delete your account, we permanently delete all your personal data and email content within 30 days, unless retention is required by applicable law.

8. Your Rights

Depending on your location, you may have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Portability: Export your emails and data in a standard format
• Right to Object: Object to certain types of processing of your data
• Right to Withdraw Consent: Withdraw consent for optional features like AI processing

To exercise any of these rights, contact us at privacy@sammail.sa.

9. Cookies & Tracking

SamMail uses a minimal set of cookies strictly necessary to operate the service:

• Session cookies: To keep you logged in securely
• Preference cookies: To remember your language, theme, and display preferences
• Security cookies: To protect against CSRF attacks and session hijacking

We do not use third-party advertising cookies, social media tracking pixels, or behavioral tracking technologies.

10. Children's Privacy

SamMail is not intended for children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, contact us immediately at privacy@sammail.sa and we will delete the information promptly.

11. International Data Transfers

SamMail is headquartered in Saudi Arabia. If you access our services from outside Saudi Arabia, your data may be transferred to and processed in Saudi Arabia or other countries where our service providers operate. We ensure all transfers comply with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Sending a notification to your SamMail email address
• Displaying a prominent notice in the SamMail app
• Updating the "Last updated" date at the top of this page