Privacy Policy
Last updated: June 10, 2026
This Privacy Policy describes how ccMarvin ("we," "us," or "our") collects,
uses, and shares information when you use our email-based AI assistant service
(the "Service"). By using the Service, you agree to the collection and use of
information in accordance with this policy.
1. Information We Collect
When you use the Service by sending emails to or cc'ing our address, we
collect and process:
- Email content: The full content of emails you send to or
cc to the Service, including subject lines, body text, attachments, and
any links or media contained therein.
- Email metadata: Sender and recipient email addresses,
timestamps, message IDs, thread IDs, and email headers (including
authentication headers such as DMARC results).
- Conversation history: We retain conversation threads to
provide contextual, multi-turn responses within email threads.
- Usage data: Email counts, timestamps, billing tier
information, and subscription status.
- Payment information: If you subscribe to a paid plan,
payment processing is handled by Stripe. We store your Stripe customer ID
and subscription ID but do not store credit card numbers or bank account
details.
We collect and process this information only as needed to provide, secure,
bill for, and improve the Service as described below. You should not include
ccMarvin on threads or send attachments unless you have the right to share that
information with the Service.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service: Processing your emails, generating
AI responses, and delivering replies to your inbox.
- Improving the Service: Analyzing aggregate usage
patterns, reliability, latency, error rates, and user feedback to improve
product performance. We do not use your email content, attachments, or
AI-generated responses to train, fine-tune, benchmark, or develop AI or
machine learning models.
- Billing and account management: Processing payments,
managing subscriptions, and enforcing usage limits.
- Security and fraud prevention: Detecting and preventing
abuse, spam, and unauthorized access.
- Legal compliance: Complying with applicable laws,
regulations, and legal processes.
No AI training. We do not use the content of
your emails, your attachments, or AI-generated responses to train, fine-tune,
benchmark, or develop AI or machine learning models, and we do not grant any
third party the right to do so. Your content is sent to third-party AI providers
only to generate your responses, as described in the Data Sharing section
below.
3. Data Sharing
We may share your information with:
- Third-party AI providers: Email content is sent to
third-party AI model providers (such as OpenAI and Google) to generate
responses. We configure these providers not to use your content to train
their models where that option is available to us. These providers may
otherwise process your data according to their own privacy policies and
terms.
- Web search and news data providers: To answer questions,
run web searches, and build your news and portfolio digests, the Service
sends search queries — such as a topic or a company name from your
watchlist — to third-party web-search and news-data providers (such
as Keenable and xAI / Grok). These providers return results we use to
generate your response or newsletter and process queries under their own
privacy policies and terms. We send only the search terms needed for the
query, not your email address or message history.
- Email infrastructure: We use third-party email delivery
services to send and receive messages.
- Hosting, infrastructure, and logging providers: We use
third-party providers to host the Service and our database (such as
Render) and to manage operational logs and alerting (such as Better
Stack). These providers store data on our behalf — including
automated backups and system logs — and retain it according to
their own schedules.
- Payment processors: Stripe processes subscription
payments on our behalf.
- Legal requirements: We may disclose information if
required by law, regulation, or legal process, or if we believe
disclosure is necessary to protect our rights, your safety, or the
safety of others.
- Business transfers: In connection with a merger,
acquisition, or sale of assets, your information may be transferred
to the acquiring entity.
We do not sell your personal information, and we do not share your personal
information for cross-context behavioral advertising.
4. Data Retention
We automatically delete email threads and scrub conversation history from our
systems after 30 days of inactivity. Specifically:
- Email threads: Raw email threads (including all messages,
attachments, and metadata stored by our email infrastructure provider) are
permanently deleted after 30 days with no new activity on the thread.
- Conversation history: The stored conversation context used
to provide multi-turn responses is zeroed out after the same 30-day
inactivity period. The structural record that a conversation existed is
retained (without content) to prevent duplicate processing of old
messages.
- Threads with active scheduled tasks: If you have an active
recurring task (such as a newsletter) linked to a conversation thread, that
thread's history is retained only as long as needed to run the task. You
can cancel scheduled tasks at any time (by emailing the Service or via the
unsubscribe link in each newsletter) or request deletion by contacting
privacy@ccmarvin.com.
- Backups and operational logs: Deletion removes content
from our active systems. Residual copies may persist for a limited
additional period in routine database backups and operational logs
maintained by us and our infrastructure providers (such as Render and
Better Stack) until those backups and logs expire or rotate on their
schedules, which we cannot always control or accelerate. Our application
logs are designed to capture operational metadata (such as sender
addresses, subject lines, timestamps, and processing outcomes) rather
than the full contents of your emails or attachments. Residual backup
and log copies are not used for any other purpose and are overwritten or
deleted in the ordinary course.
Usage and billing data (email counts, subscription status) is retained for as
long as your account is active and for a reasonable period thereafter for legal
and business purposes. We may retain aggregated or de-identified operational
metrics — such as email counts, usage limits, latency, error rates, abuse
signals, and billing records — where those metrics do not reveal the
contents of your emails or attachments.
You may also request immediate deletion of your data at any time by contacting
privacy@ccmarvin.com.
5. Data Security
We implement commercially reasonable security measures to protect your
information, including encryption of data in transit and at rest. Access to
production systems is limited to authorized personnel and service providers who
need access to operate, secure, or support the Service, and we use access
controls, logging, and provider-level security features where available.
However, no method of electronic transmission or storage is 100% secure, and we
cannot guarantee absolute security.
6. Your Rights and Choices
- Stop using the Service: You may stop using the Service
at any time by ceasing to send emails to our address.
- Access, correction, export, and deletion: You may
request access to, correction of, export of, or deletion of your personal
information by emailing us at
privacy@ccmarvin.com.
We do not use your email content, attachments, or AI-generated responses
to train AI models. Some limited information may be retained where
required for legal, billing, security, fraud-prevention, backup, or
compliance purposes.
- Cancel subscription: You may cancel your paid
subscription at any time through Stripe.
7. California Privacy Rights
ccMarvin is based in California. If you are a California resident, you may
have rights under the California Consumer Privacy Act (CCPA) and related
California privacy laws. Whether or not those laws currently apply to ccMarvin,
we aim to honor reasonable access, deletion, and correction requests:
- Right to know: You may request access to the categories
and specific pieces of personal information we have collected about you.
- Right to delete: You may request deletion of your personal
information, subject to certain exceptions (such as data needed to complete
a transaction or comply with legal obligations).
- Right to correct: You may request correction of
inaccurate personal information.
- Right to non-discrimination: We will not discriminate
against you for exercising your CCPA rights.
- No sale of personal information: We do not sell or share
personal information for advertising or cross-context behavioral
advertising purposes.
To exercise any of these rights, contact us at
privacy@ccmarvin.com.
We will respond to verifiable requests within 45 days as required by law.
8. Children's Privacy
The Service is not intended for children under 13. We do not knowingly
collect personal information from children under 13. If we learn that we have
collected information from a child under 13, we will take steps to delete it.
9. International Users
ccMarvin is operated in the United States. If you access the service from
outside the United States, you understand that your information may be
transferred to and processed in the United States where privacy laws may differ
from those in your jurisdiction.
We rely on appropriate legal bases for processing personal information, such
as providing the Service, fulfilling our legitimate interests in securing and
improving the Service, complying with law, and obtaining consent where
required.
If you are located in the European Economic Area or the United Kingdom, you
may have rights under applicable data protection laws to request access to,
correction of, or deletion of your personal information by contacting
privacy@ccmarvin.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material
changes to how we collect, use, or share personal information, we will provide
reasonable notice — such as by posting the updated policy on this page
with a new "Last updated" date and, where appropriate, notifying users by email
or in-product notice. Your continued use of the Service after changes take
effect constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your
privacy rights, please contact us at
privacy@ccmarvin.com.
We will make reasonable efforts to respond to privacy requests within 30 days,
or within the time required by applicable law.