Privacy Policy

Effective date: March 15, 2026

Mailhogs ("we", "our", or "us") operates an AI-powered outbound email campaign platform. This Privacy Policy explains what information we collect, how we use it, and your rights in connection with that information. Please read it carefully.

If you have questions, contact us at privacy@mailhogs.com.

1. Information We Collect

Account Information

When you sign up, we collect your name, email address, and basic profile information from your Google account via OAuth. We use this to create and manage your Mailhogs account.

Google Account Data

If you connect a Gmail account, we receive OAuth tokens that allow Mailhogs to act on your behalf within the scopes you authorize. We store those tokens in encrypted form. The specific Google permissions and how we use them are described in detail in our Google Data Use page.

Campaign and Lead Data

You may upload contact lists and create email campaigns. We store information about your leads (names, email addresses, job titles, company details, and any other fields you provide), your campaign settings, and the emails we draft and send on your behalf.

Outbound Email Content

We store the subject lines and body text of emails Mailhogs drafts and sends through your connected Gmail account. This allows us to track campaign progress and display sent messages in your inbox view.

Inbound Reply Content

When a lead replies to a campaign email, we fetch that reply from your Gmail inbox, classify it using AI, and store the reply body and associated metadata (such as the Gmail message ID and timestamp) in our database. We do not store email attachments or raw message headers.

Calendar and Meeting Data

If you enable meeting scheduling, we access your Google Calendar to create events, add guests, and generate Google Meet links. We store the calendar event ID and Meet link for each booked meeting. We do not store your full calendar contents.

Usage and Log Data

We collect standard server logs, which may include IP addresses, browser type, pages visited, and timestamps. These logs are used for debugging, security, and service improvement.

2. Google User Data

Mailhogs' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only access Google user data to provide or improve the specific features described in this policy and shown to users within the product.
  • We do not use Google user data to serve advertising or for any advertising-related purpose.
  • We do not sell, rent, or transfer Google user data to third parties outside the scope of what is required to operate the service.
  • We do not use Google Workspace API data to develop, improve, or train generalized AI or machine learning models, unless you are explicitly informed and give consent.
  • We only request access to data that is necessary for the features you are actively using.

See our Google Data Use page for a plain-English breakdown of every Google scope we request and why.

3. How We Use Your Information

  • To create and manage your account.
  • To send emails on your behalf through your connected Gmail account.
  • To fetch and display replies from your Gmail inbox for leads in your campaigns.
  • To classify replies using AI so you can understand where leads stand.
  • To draft follow-up emails and auto-replies using AI, based on reply context and your campaign settings.
  • To extract preferred names and meeting times from replies using AI, so we can personalize messages and auto-book meetings when you enable that feature.
  • To create calendar events and Google Meet links on your behalf when a meeting is booked.
  • To provide analytics on campaign performance.
  • To operate, maintain, secure, and improve the Mailhogs service.
  • To respond to your support requests.
  • To comply with legal obligations.

4. AI Processing

Mailhogs uses OpenAI's API to power several features:

  • Drafting personalized outbound emails and follow-ups.
  • Classifying inbound replies as interested, objection, not interested, or unknown.
  • Extracting a lead's preferred first name from their reply text.
  • Extracting a suggested meeting time from a lead's reply.

When these features run, relevant content (such as a reply body or lead profile fields) is sent to OpenAI's API for processing. OpenAI processes this data according to their own privacy and API usage policies. We do not use AI processing to make legally significant automated decisions about individuals.

5. Data Storage and Security

Your data is stored in Supabase, a managed cloud database service. Google OAuth tokens are encrypted at rest using AES-256-GCM before being stored. Data is transmitted over HTTPS/TLS.

While we take reasonable steps to protect your information, no system is perfectly secure. We encourage you to use a strong password and to disconnect integrations you no longer need.

6. Service Providers

We share data with third-party service providers only as needed to operate the platform:

  • Supabase - database and authentication infrastructure.
  • Google - Gmail and Calendar API, OAuth.
  • OpenAI - AI processing for drafting and classification features.
  • Vercel - application hosting and edge network.
  • Inngest - background job processing for campaign sending.

We do not sell your personal information to third parties.

7. Data Retention

We retain your account data, campaign data, and associated email content for as long as your account is active. If you disconnect your Gmail connection, the OAuth credentials are removed, but historical campaign emails and reply data are not automatically deleted at this time.

If you would like your data deleted, please contact us at privacy@mailhogs.com and we will process your request.

8. Your Rights and Choices

Disconnecting Gmail

You can disconnect your Gmail account at any time from your project settings. This removes our access to your Gmail and Calendar going forward and deletes the stored OAuth credentials.

Requesting Deletion

To request deletion of your account or any stored data (including email content), contact us at privacy@mailhogs.com. We do not currently offer a self-service data export or deletion tool. We will respond to deletion requests within a reasonable timeframe.

Correcting Your Information

If you believe we hold inaccurate information about you, you can contact us at the email above to request a correction.

9. Children's Privacy

Mailhogs is not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe we have collected information from a child, please contact us and we will delete it.

10. International Users

Mailhogs is operated from the United States. If you are accessing the service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using Mailhogs, you acknowledge this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will make reasonable efforts to notify you (for example, by email or by a notice within the product). Your continued use of Mailhogs after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data, contact us at:

privacy@mailhogs.com