We read your most private conversations. That comes with serious responsibility.
Here's exactly how we protect your data, what security measures we've implemented, and why you can trust us with your inbox.
Try BadAtMailAll data is encrypted in transit using TLS 1.3. All data at rest is encrypted using AES-256. Your email content, OAuth tokens, settings, and personalized AI models are stored on encrypted servers in Ireland (EU-West). We never store data unencrypted.
We never access, download, store, or process email attachments. Not PDFs, not images, not anything. We only see attachment metadata (filename and size) so we can show you that an attachment exists. The actual file content is completely off-limits.
Your data is logically separated and never mixed with other users. Your emails, your AI model, your settings - completely isolated. We use separate database files per user to guarantee isolation at the filesystem level.
The tokens that let us access your Gmail are encrypted with AES-256 and stored separately from your email data. If someone somehow accessed our servers, they couldn't use your tokens without the encryption keys.
We backup your data for disaster recovery. Those backups are encrypted and automatically deleted after 90 days. If you delete your account, backups are overwritten within that window.
All connections use HTTPS. HTTP requests are automatically redirected. We use HSTS (HTTP Strict Transport Security) to tell your browser to never attempt HTTP connections. This prevents man-in-the-middle attacks.
Cross-Site Request Forgery attacks are blocked with token-based validation. Every state-changing request requires a CSRF token that attackers can't forge. This prevents malicious sites from performing actions on your behalf.
We implement comprehensive security headers: X-Content-Type-Options prevents MIME sniffing attacks. X-Frame-Options prevents clickjacking. Content-Security-Policy prevents XSS attacks by restricting what resources can load. Permissions-Policy disables unnecessary browser features.
Sessions use secure, httponly cookies with SameSite protection. Session secrets are cryptographically random. Session tokens are validated on every request. Old sessions expire automatically.
We train a personalized AI model for each user to learn your writing style and improve suggestions. Your emails only train your model. Never shared, never combined with other users, never used for general model training.
We use OpenAI's API for AI processing. Data sent to their API is not used to train their models - that's their API policy. We only send the text of your emails, never attachments, and only to generate responses and analysis.
When you delete your account, we delete everything: stored emails, your personalized AI model, all training artifacts, rules, settings, and OAuth tokens. Gone immediately, with backups overwritten within 90 days.
Don't want us to train a model on your writing style? You can opt out. We'll stop using your email text for fine-tuning. You'll still get AI-generated drafts, just not personalized to sound like you.
Never. Not to advertisers, not to data brokers, not to anyone. We make money from subscriptions, not from exploiting your privacy. Your email content is yours, not a product we sell.
Only AI processes your email content. No humans at BadAtMail read your messages. Ever. Not for training, not for debugging, not for support. The only exception: if you explicitly send us an email as part of a support request.
We only request read and draft permissions from Gmail. We can't delete emails, archive them, or modify your inbox. The only Gmail action we perform is creating draft replies when you request them. Your actual inbox stays untouched.
Beyond OpenAI for AI processing and Twilio for optional voice notifications, we don't share your data. No analytics companies, no marketing partners, no data aggregators. Just the services required to make the product work.
You can export all your data as a SQLite database. Everything we've stored: emails, summaries, rules, drafts, settings. Take it with you, audit it, delete your account. Full GDPR portability compliance.
You can revoke BadAtMail's Gmail access at any time through your Google Account settings. The moment you revoke, we can't read new emails. We'll delete stored data if you request it.
Account deletion is permanent and immediate. All emails, AI models, settings, and tokens are deleted. Backups are overwritten within 90 days. No soft deletes, no data retention.
We're GDPR compliant. Servers in Ireland. Standard Contractual Clauses for any data leaving the EU. Right to access, correction, deletion, portability, and objection. You can file complaints with your data protection authority.
This page exists because we want you to know exactly how we handle your data. No vague privacy policies with hidden clauses. Clear, specific information about what we collect, why, and how we protect it.
We regularly review our security practices and update them. We document improvements publicly. We take security researchers seriously. If you find a vulnerability, contact security@badatmail.com.
We're not perfect. We use third parties like OpenAI, which means data leaves our infrastructure. We can't guarantee absolute security - no one can. But we're transparent about the risks and mitigations.