ccMarvin.
Blog Privacy Terms Try it free

Privacy Policy

Last updated: June 10, 2026

This Privacy Policy describes how ccMarvin ("we," "us," or "our") collects, uses, and shares information when you use our email-based AI assistant service (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

When you use the Service by sending emails to or cc'ing our address, we collect and process:

  • Email content: The full content of emails you send to or cc to the Service, including subject lines, body text, attachments, and any links or media contained therein.
  • Email metadata: Sender and recipient email addresses, timestamps, message IDs, thread IDs, and email headers (including authentication headers such as DMARC results).
  • Conversation history: We retain conversation threads to provide contextual, multi-turn responses within email threads.
  • Usage data: Email counts, timestamps, billing tier information, and subscription status.
  • Payment information: If you subscribe to a paid plan, payment processing is handled by Stripe. We store your Stripe customer ID and subscription ID but do not store credit card numbers or bank account details.

We collect and process this information only as needed to provide, secure, bill for, and improve the Service as described below. You should not include ccMarvin on threads or send attachments unless you have the right to share that information with the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Processing your emails, generating AI responses, and delivering replies to your inbox.
  • Improving the Service: Analyzing aggregate usage patterns, reliability, latency, error rates, and user feedback to improve product performance. We do not use your email content, attachments, or AI-generated responses to train, fine-tune, benchmark, or develop AI or machine learning models.
  • Billing and account management: Processing payments, managing subscriptions, and enforcing usage limits.
  • Security and fraud prevention: Detecting and preventing abuse, spam, and unauthorized access.
  • Legal compliance: Complying with applicable laws, regulations, and legal processes.

No AI training. We do not use the content of your emails, your attachments, or AI-generated responses to train, fine-tune, benchmark, or develop AI or machine learning models, and we do not grant any third party the right to do so. Your content is sent to third-party AI providers only to generate your responses, as described in the Data Sharing section below.

3. Data Sharing

We may share your information with:

  • Third-party AI providers: Email content is sent to third-party AI model providers (such as OpenAI and Google) to generate responses. We configure these providers not to use your content to train their models where that option is available to us. These providers may otherwise process your data according to their own privacy policies and terms.
  • Web search and news data providers: To answer questions, run web searches, and build your news and portfolio digests, the Service sends search queries — such as a topic or a company name from your watchlist — to third-party web-search and news-data providers (such as Keenable and xAI / Grok). These providers return results we use to generate your response or newsletter and process queries under their own privacy policies and terms. We send only the search terms needed for the query, not your email address or message history.
  • Email infrastructure: We use third-party email delivery services to send and receive messages.
  • Hosting, infrastructure, and logging providers: We use third-party providers to host the Service and our database (such as Render) and to manage operational logs and alerting (such as Better Stack). These providers store data on our behalf — including automated backups and system logs — and retain it according to their own schedules.
  • Payment processors: Stripe processes subscription payments on our behalf.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising.

4. Data Retention

We automatically delete email threads and scrub conversation history from our systems after 30 days of inactivity. Specifically:

  • Email threads: Raw email threads (including all messages, attachments, and metadata stored by our email infrastructure provider) are permanently deleted after 30 days with no new activity on the thread.
  • Conversation history: The stored conversation context used to provide multi-turn responses is zeroed out after the same 30-day inactivity period. The structural record that a conversation existed is retained (without content) to prevent duplicate processing of old messages.
  • Threads with active scheduled tasks: If you have an active recurring task (such as a newsletter) linked to a conversation thread, that thread's history is retained only as long as needed to run the task. You can cancel scheduled tasks at any time (by emailing the Service or via the unsubscribe link in each newsletter) or request deletion by contacting privacy@ccmarvin.com.
  • Backups and operational logs: Deletion removes content from our active systems. Residual copies may persist for a limited additional period in routine database backups and operational logs maintained by us and our infrastructure providers (such as Render and Better Stack) until those backups and logs expire or rotate on their schedules, which we cannot always control or accelerate. Our application logs are designed to capture operational metadata (such as sender addresses, subject lines, timestamps, and processing outcomes) rather than the full contents of your emails or attachments. Residual backup and log copies are not used for any other purpose and are overwritten or deleted in the ordinary course.

Usage and billing data (email counts, subscription status) is retained for as long as your account is active and for a reasonable period thereafter for legal and business purposes. We may retain aggregated or de-identified operational metrics — such as email counts, usage limits, latency, error rates, abuse signals, and billing records — where those metrics do not reveal the contents of your emails or attachments.

You may also request immediate deletion of your data at any time by contacting privacy@ccmarvin.com.

5. Data Security

We implement commercially reasonable security measures to protect your information, including encryption of data in transit and at rest. Access to production systems is limited to authorized personnel and service providers who need access to operate, secure, or support the Service, and we use access controls, logging, and provider-level security features where available. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights and Choices

  • Stop using the Service: You may stop using the Service at any time by ceasing to send emails to our address.
  • Access, correction, export, and deletion: You may request access to, correction of, export of, or deletion of your personal information by emailing us at privacy@ccmarvin.com. We do not use your email content, attachments, or AI-generated responses to train AI models. Some limited information may be retained where required for legal, billing, security, fraud-prevention, backup, or compliance purposes.
  • Cancel subscription: You may cancel your paid subscription at any time through Stripe.

7. California Privacy Rights

ccMarvin is based in California. If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) and related California privacy laws. Whether or not those laws currently apply to ccMarvin, we aim to honor reasonable access, deletion, and correction requests:

  • Right to know: You may request access to the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions (such as data needed to complete a transaction or comply with legal obligations).
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • No sale of personal information: We do not sell or share personal information for advertising or cross-context behavioral advertising purposes.

To exercise any of these rights, contact us at privacy@ccmarvin.com. We will respond to verifiable requests within 45 days as required by law.

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will take steps to delete it.

9. International Users

ccMarvin is operated in the United States. If you access the service from outside the United States, you understand that your information may be transferred to and processed in the United States where privacy laws may differ from those in your jurisdiction.

We rely on appropriate legal bases for processing personal information, such as providing the Service, fulfilling our legitimate interests in securing and improving the Service, complying with law, and obtaining consent where required.

If you are located in the European Economic Area or the United Kingdom, you may have rights under applicable data protection laws to request access to, correction of, or deletion of your personal information by contacting privacy@ccmarvin.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes to how we collect, use, or share personal information, we will provide reasonable notice — such as by posting the updated policy on this page with a new "Last updated" date and, where appropriate, notifying users by email or in-product notice. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at privacy@ccmarvin.com. We will make reasonable efforts to respond to privacy requests within 30 days, or within the time required by applicable law.

ccMarvin © 2026 ccMarvin. All rights reserved.
Ask Marvin Newsletters Portfolio X Digest CC Marvin Privacy Policy Terms of Service Contact