Privacy Policy
Last updated: 2025-01-24
The privacy of your data—and it is your data, not ours!—is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We promise we never sell your data: never have, never will.
This policy applies to TenguMail and all related services. Please also read our Terms of Service, Security Overview, and Cookie Policy.
What we collect and why
Our guiding principle is to collect only what we need. Here's what that means in practice:
Identity and access
When you sign up for TenguMail, we ask for your email address and password. That's so you can log into your account and we can send you important product updates. Your password is hashed using bcrypt—we never store it in plain text and cannot read it.
Email credentials
To process your emails, you provide your IMAP and SMTP credentials (server addresses, usernames, passwords). These are encrypted using AES-256-GCM with per-user encryption keys. We need these to connect to your email accounts and process incoming messages through your configured pipelines.
LLM API keys
You can connect your own AI provider accounts by providing API keys for LLM providers (OpenAI, Anthropic, Google, Mistral, OpenRouter, or Ollama). These keys are encrypted the same way as your email credentials—AES-256-GCM encryption. We use these keys to send your email content to the AI providers you've configured for processing.
Conversation history
When you use the chat feature, we store your conversation history in our database. This lets you continue conversations and review past interactions with your AI assistants. Conversations are tied to your account and deleted when you delete your account.
Pipeline execution logs
We keep logs of pipeline executions—what ran, when, and whether it succeeded or failed. This helps you debug issues and understand how your email processing is working. These logs include email metadata but not full email content.
System activity logs (audit trail)
For security, service quality, and compliance purposes, we maintain audit logs of significant system activities:
- Login and logout events
- Configuration changes (agents, pipelines, credentials created/modified/deleted)
- Email sending actions
- Account settings modifications
- Admin actions on your account (if any)
These logs help us detect unauthorized access, investigate security incidents, and provide you with a complete record of activity on your account. You can access your audit logs through the GDPR data export.
Security data
For security and fraud prevention, we collect:
- Browser fingerprints (SHA256 hashed)—to detect suspicious login patterns
- IP addresses (hashed)—to prevent brute force attacks and identify unauthorized access
We don't store your actual IP address or browser fingerprint in readable form.
Billing information
If you upgrade to a paid plan, payment is handled entirely by LemonSqueezy, our payment processor. Credit card information never touches our servers. We only store a reference to your subscription for managing your plan.
Cookies
We use essential first-party cookies for authentication and session management. We do not use tracking cookies or third-party analytics. For more details, see our Cookie Policy.
Who we share it with
We share your data only with services necessary to provide TenguMail. We never sell your data.
| Service | Purpose | Data shared |
|---|---|---|
| OpenAI | AI processing | Email content you submit for processing |
| Anthropic | AI processing | Email content you submit for processing |
| Google (Gemini) | AI processing | Email content you submit for processing |
| Mistral | AI processing | Email content you submit for processing |
| OpenRouter | AI processing | Email content you submit for processing |
| Ollama | Self-hosted AI (your infrastructure) | Email content (stays on your servers) |
| LemonSqueezy | Payment processing | Email address, billing information |
| Cloud hosting provider | Infrastructure | All application data |
Important: We do not use your email content to train AI models. When you use third-party LLM providers, your data is processed according to their privacy policies. You control which provider processes your data through your pipeline configuration.
When we access your information
To provide the service you requested. Our systems automatically process your emails and execute pipelines. This is the core function of TenguMail.
To help you troubleshoot. If you contact support about an issue, we may need to look at your execution logs or configuration. We'll always ask for permission first before accessing your account data.
To investigate abuse. If we suspect violation of our Terms of Service, we may access account data as a last resort. We prioritize protecting both your privacy and the safety of others.
When required by law. If we receive a valid legal request (court order, warrant, subpoena), we may be compelled to disclose data. We will notify you before disclosure unless legally prohibited from doing so.
Data retention
| Data type | Retention period | Purpose |
|---|---|---|
| Account data | Until account deletion | Account management |
| Email/LLM/storage credentials | Until account deletion | Service operation |
| Conversation history | 90 days | Chat continuity |
| Pipeline execution logs | 90 days | Debugging, troubleshooting |
| System activity logs (audit) | 1 year | Security, compliance |
| Subscription records | 7 years after cancellation | Legal/tax requirements |
Account deletion
When you delete your account, we initiate a 14-day grace period. During this time, you can change your mind and restore your account. After 14 days, we permanently delete your data through a cascade delete—your account, all credentials, pipelines, conversations, and logs are removed from our systems.
Your rights
We apply the same data rights to all users, regardless of location. Here's what you can do:
- Right to Know. You have the right to know what personal information we collect. This policy explains it all.
- Right of Access. You can export all your data at any time. Go to Settings > Account, or use our GDPR export endpoint at
/api/auth/gdpr-export. - Right to Correction. You can update your information through your account settings.
- Right to Erasure. You can delete your account at any time. After the 14-day grace period, all your data is permanently removed.
- Right to Portability. Our GDPR export gives you all your data in a machine-readable format.
- Right to Object. You can object to certain types of processing by contacting us.
- Right to Complain. You can lodge a complaint with your local data protection authority.
To exercise any of these rights, visit your account settings or email us at privacy@treetank.net.
How we secure your data
- All data transmitted via HTTPS/TLS encryption
- Sensitive credentials (passwords, API keys) encrypted with AES-256-GCM
- Per-user encryption keys derived from user-specific salts
- Passwords hashed with bcrypt
- Browser fingerprints and IP addresses stored as SHA256 hashes
- Database backups encrypted
For more details, see our Security Overview.
Children's privacy
TenguMail is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
Changes and questions
We may update this policy to reflect new practices or legal requirements. When we make significant changes, we'll update the date at the top of this page and notify you via email or in-app notification.
Have questions about this policy or your data? Email us at privacy@treetank.net—we're happy to help.
Adapted from Basecamp's open-source policies, used under CC BY 4.0.