Privacy Policy

Last updated: April 24, 2026

This Privacy Policy describes how ccMarvin ("we," "us," or "our") collects, uses, and shares information when you use our email-based AI assistant service (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

When you use the Service by sending emails to or cc'ing our address, we collect and process:

• Email content: The full content of emails you send to or cc to the Service, including subject lines, body text, attachments, and any links or media contained therein.
• Email metadata: Sender and recipient email addresses, timestamps, message IDs, thread IDs, and email headers (including authentication headers such as DMARC results).
• Conversation history: We retain conversation threads to provide contextual, multi-turn responses within email threads.
• Usage data: Email counts, timestamps, billing tier information, and subscription status.
• Payment information: If you subscribe to a paid plan, payment processing is handled by Stripe. We store your Stripe customer ID and subscription ID but do not store credit card numbers or bank account details.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Processing your emails, generating AI responses, and delivering replies to your inbox.
• Improving the Service: Analyzing usage patterns, response quality, and system performance to enhance our product.
• Training and developing AI models: We may use the content of emails sent to the Service, including message text, attachments, and AI-generated responses, to train, fine-tune, evaluate, and improve our proprietary AI models and algorithms. This includes creating derivative datasets for machine learning purposes. By using the Service, you grant us a perpetual, irrevocable, worldwide, royalty-free license to use your content for these purposes.
• Billing and account management: Processing payments, managing subscriptions, and enforcing usage limits.
• Security and fraud prevention: Detecting and preventing abuse, spam, and unauthorized access.
• Legal compliance: Complying with applicable laws, regulations, and legal processes.

3. Data Sharing

We may share your information with:

• Third-party AI providers: Email content is sent to third-party AI model providers (such as OpenAI and Google) to generate responses. These providers may process your data according to their own privacy policies and terms.
• Email infrastructure: We use third-party email delivery services to send and receive messages.
• Payment processors: Stripe processes subscription payments on our behalf.
• Legal requirements: We may disclose information if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Retention

We automatically delete email threads and scrub conversation history from our systems after 30 days of inactivity. Specifically:

• Email threads: Raw email threads (including all messages, attachments, and metadata stored by our email infrastructure provider) are permanently deleted after 30 days with no new activity on the thread.
• Conversation history: The stored conversation context used to provide multi-turn responses is zeroed out after the same 30-day inactivity period. The structural record that a conversation existed is retained (without content) to prevent duplicate processing of old messages.
• Threads with active scheduled tasks: If you have an active recurring task (such as a newsletter) linked to a conversation thread, that thread's history is retained until the task is cancelled or completed.

Usage and billing data (email counts, subscription status) is retained for as long as your account is active and for a reasonable period thereafter for legal and business purposes. Derivative data used for AI model training may be retained even after deletion of source data.

You may also request immediate deletion of your data at any time by contacting privacy@ccmarvin.com.

5. Data Security

We implement commercially reasonable security measures to protect your information, including encryption of data in transit and at rest. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights and Choices

• Stop using the Service: You may stop using the Service at any time by ceasing to send emails to our address.
• Request deletion: You may request deletion of your personal data by emailing us at privacy@ccmarvin.com. Note that data already incorporated into AI training datasets or derivative works may not be deletable.
• Cancel subscription: You may cancel your paid subscription at any time through Stripe.

7. California Privacy Rights

ccMarvin is based in California. If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to know: You may request access to the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions (such as data needed to complete a transaction or comply with legal obligations).
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
• No sale of personal information: We do not sell or share personal information for advertising or cross-context behavioral advertising purposes.

To exercise any of these rights, contact us at privacy@ccmarvin.com. We will respond to verifiable requests within 45 days as required by law.

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will take steps to delete it.

9. International Users

ccMarvin is operated in the United States. If you access the service from outside the United States, you understand that your information may be transferred to and processed in the United States where privacy laws may differ from those in your jurisdiction.

If you are located in the European Economic Area or the United Kingdom, you may have rights under applicable data protection laws to request access to, correction of, or deletion of your personal information by contacting privacy@ccmarvin.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at privacy@ccmarvin.com.