Privacy Policy

Last updated: 2026-04-20

Who we are

Mailroom (“the Service”, “we”, “us”) lets signed-in users send personalized bulk email from their own Google Gmail account. The operator can be contacted at aneeka@pmmalliance.com.

What we collect

Your Google account email address and profile basics (returned by Google’s OpenID Connect userinfo endpoint when you sign in).
A Google OAuth refresh token scoped strictly to gmail.send. We use this only to send email on your behalf when you explicitly click Send.
CSVs you upload: recipient email addresses and any additional columns you choose to use as merge tags. These are stored in our database so you can re-send or track status.
Email campaigns you create: project name, subject, body, and per-recipient send status.

What we don’t do

We don’t read, list, or search the Gmail you connect. We only have gmail.send permission.
We don’t share your data with any third party for marketing or advertising.
We don’t use your data to train any machine-learning model.
We don’t sell your data.

How your Google data is used

The gmail.send scope is used solely to deliver email you have composed and approved, to the recipients in the CSV you uploaded. Google requires us to make this policy explicit: any use of Google user data is limited to the purpose described above. We do not transfer Google data to any other party, and we do not use it for serving advertisements.

Storage and retention

Data is stored in Supabase (PostgreSQL). Row-level security scopes every query to the signed-in user, so other users cannot read your data. You can delete a project at any time, which removes its recipients and send history. To delete your entire account, email aneeka@pmmalliance.com.

Revoking access

You can revoke our access to your Gmail at any time at myaccount.google.com/permissions. Once revoked, we can no longer send on your behalf.

Contact

Questions about this policy or your data: email aneeka@pmmalliance.com.