Privacy Policy
Privacy Policy for Karma Mail
This Privacy Policy explains how Compiler Inc. ("Compiler," "we," "our," "us") collects, uses, and protects information when you use Karma Mail, our karma-ranked email client that prioritizes real humans over bots, cold outreach, and AI-generated spam through a sophisticated reputation system.
What Data Karma Mail Collects
We collect only what we need to deliver and improve the service. Most fields are optional.
| Category | Examples | Why We Need It |
|---|---|---|
| Account Basics | Email address (required); Apple ID if you sign in with Apple | Authenticate you and send essential notices |
| Profile Details | LinkedIn URL you provide & public profile data | Build a private profile so Karma Mail understands your network and preferences for karma scoring |
| Email Content | Headers, sender information, labels, metadata (content processed transiently for karma scoring) | Calculate sender karma scores, detect spam patterns, organize emails into Signal/Triage/Noise buckets |
| Contacts | Names, email addresses, interaction history | Build personal karma scores for your network and trusted senders |
| Interaction Data | Email actions (archive, reply, mark as spam), response times, sender ratings | Learn your preferences and improve karma scoring accuracy |
| Global Reputation | Anonymized sender domains and spam patterns across users | Build community-wide karma scores to protect all users from spam |
| Device & Usage | App version, device UUID, crash logs, timestamps | Maintain reliability, debug problems, improve performance |
Email Data Processing
We process email metadata for karma scoring. When you connect your email account to Karma Mail, we analyze sender information, email headers, and interaction patterns to calculate karma scores. Email content may be processed transiently to detect spam patterns and improve filtering accuracy, but is not stored permanently.
We store sender karma scores, your interaction history, and email routing decisions to continuously improve the service. Your personal email content is processed only to deliver the karma-based filtering and organization features. All processing is performed solely to provide personalized email management services to you as the individual user.
Google APIs Limited Use Compliance
Karma Mail's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Limited Use Restrictions: We strictly comply with Google's Limited Use requirements, which means:
- We do not use, transfer, or sell user data received from Google Workspace APIs to create, train, or improve any foundational machine learning or AI models
- This prohibition applies to both raw user data and any aggregated, anonymized, or derived data from Google API scopes
- All Gmail and Google Calendar data accessed through Google APIs is used exclusively to provide personalized email management services to you as the individual user
- Your Google data is processed only for the specific purpose of delivering Karma Mail's email management functionality and is never used to benefit other users or improve general AI capabilities
We access your Gmail data through Google's official APIs solely to enable Karma Mail's core functionality: helping you organize your inbox through karma-based filtering, sender reputation scoring, and intelligent email categorization — all tailored specifically to your individual needs and preferences.
How We Protect Your Data
All traffic is encrypted in transit with HTTPS/TLS. Data at rest is encrypted in a Supabase Postgres database located in the United States. Production access is limited to authorised personnel under strict least-privilege rules. We conduct regular security reviews and penetration tests.
What Karma Mail Does Not Do
- We never sell or rent your personal data.
- We do not use your data for third-party advertising or marketing.
- We do not use your Gmail data to train general-purpose AI models — your data serves only your individual email management and karma scoring needs.
- We share data only with subprocessors essential to deliver the service (see below).
Service Providers We Rely On
Each provider below is bound by strong privacy and security obligations:
- Apple — Sign-in with Apple (policy)
- Google — Email & calendar APIs (policy)
- Slack — Message delivery (policy)
- OpenAI — Natural-language processing (policy) — data deleted ≤ 30 days, not used to train public models
- Supabase — Encrypted database & storage (policy)
- Cloudflare — Edge infrastructure & DDoS protection (policy)
- Amplitude — Product analytics (policy)
Your Rights and Control
You may access, correct, export, or delete your personal data at any time in the app settings or by contacting us at hello@karmamail.app. Verified deletion requests are fulfilled within 30 days except where retention is required by law. Under GDPR, CCPA, and similar laws, you may also object to processing or lodge a complaint with a supervisory authority.
Children's Privacy
Karma Mail is not directed to children under 16, and we do not knowingly collect their data. If you believe we have done so, contact us for deletion.
International Users and Data Transfers
Karma Mail operates from the United States. By using the app from outside the U.S., you consent to the transfer of your information to the U.S. or other jurisdictions whose data-protection laws may differ.
Changes to This Policy
We will notify you in-app or via email before making material changes to how we use your data.
- June 02 2025: Initial version for Karma Mail.
Contact Us
For privacy questions or concerns, email hello@karmamail.app.