Your privacy is important to us. This Privacy Policy explains how Zudo (“Service”, “we”, “us”, or “our”) collects, uses, and protects your information.

1. Information We Collect

Account Info: Name, email, and password (or equivalent identity tokens) when you sign up.
Connected Accounts: If you connect Google, we may access your Google account email address, email threads, and related metadata as required to provide the Service you enable.
Usage Data: Analytics and diagnostic data (e.g., feature usage, performance, and error logs).
Cookies: Cookies and similar technologies for authentication and improving the Service.

2. How We Use Information

To provide, maintain, and improve the Service.
To communicate with you about your account or the Service.
To troubleshoot, secure, and analyze Service usage.

3. Google Scopes & Gmail Data Use

If you connect your Google account, we request only the minimum necessary scopes. As of the effective date, these include:

https://www.googleapis.com/auth/gmail.readonly — read access to email and labels to sync and display message content you explicitly enable in Zudo.
https://www.googleapis.com/auth/gmail.metadata — read metadata to improve performance and reduce data transfer.

We will only access, use, store, or share Gmail data to provide features you have explicitly enabled (e.g., syncing and displaying email threads). We do not sell Gmail data or share it with third parties for advertising.

4. Google API Services User Data Policy (“Limited Use”)

Zudo’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Gmail data for serving ads; we do not allow humans to read Gmail data unless required for security, compliance, or when you ask us to for support.

5. Data Sharing

We do not share your personal data with third parties except:

To comply with the law or lawful requests;
To operate the Service with subprocessors (e.g., cloud providers such as AWS, authentication/email providers such as Clerk/Google Workspace), under contract and bound by confidentiality;
In connection with a merger, acquisition, or sale of assets (we will notify you if that occurs).

6. Security

We implement administrative, technical, and physical safeguards to protect your data, including:

Encryption in transit (TLS) and encryption at rest.
Least-privilege access controls and audited production access.
Network segmentation, firewalling, and secret management.
Regular backups and monitoring for abuse or anomalous access.

7. Data Storage

Data is processed and stored on infrastructure operated by reputable providers (such as AWS). Access is restricted to personnel who need it to operate the Service and is logged.

8. Data Retention and Deletion

We retain data only as long as necessary to provide the Service and meet legal obligations. You can request deletion of your account and data at any time by emailing [email protected]. We will delete your data within 30 days of a verified request (backups may persist for an additional limited period per standard retention cycles).

9. Your Controls

You may request deletion of your account and data by emailing [email protected].
You may disconnect Google or other integrations from your account settings at any time.

10. Children

The Service is not intended for children under 16, and we do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via the Service or by email.

12. Contact

Questions or requests? Contact us at [email protected].