1. Who is responsible

The controller for personal data described in this policy is NeoMail. We are based in Belgium and process personal data in accordance with applicable Belgian law and, where relevant, European Union law (including the GDPR).

If you have any questions about this Privacy Policy, you can contact us at maximdekock@synchronised.be. You can also use the support or billing channels listed in the app, on the download page, or in purchase receipts.

2. Scope

This policy covers this website, checkout or account flows we operate, and information we receive in connection with the NeoMail application. It does not replace the privacy policies of Google, Microsoft, your IMAP host, or your payment card network; those policies govern your relationship with them. NeoMail does not offer a bring-your-own API key model for AI features.

3. Data we process

Website. When you visit our site we may process technical data such as IP address, browser type, approximate location derived from IP, and pages viewed. We use Google Analytics (see below) to understand aggregate traffic.

Purchases and accounts. If you subscribe, our payment processor receives and stores payment details; we typically receive your name, email, subscription status, and limited transaction metadata needed to provide access and support.

Support. If you email or message us, we process the content you send and your contact details to respond.

Application use. Mail sync uses standard provider connections from your device. For agents and other assisted features, relevant content is processed through NeoMail’s infrastructure. You are not permitted to supply your own API keys for LLMs or similar services in the app, and we do not collect such keys from you for that purpose. Connected integrations (for example CRM) receive only what you authorize an agent to send. We do not operate a separate “NeoMail cloud inbox” that replaces your provider mailbox. If we offer optional features that change how data is processed, we will describe them clearly and update this policy before they collect new categories of data.

4. Purposes and legal bases (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on:

• Contract: to deliver the software, process payments, and provide support you request.
• Legitimate interests: to secure our services, fix bugs, analyse aggregate website usage, and communicate important service information, balanced against your rights.
• Consent: where required for non-essential cookies or marketing (we do not rely on dark patterns; you can withdraw consent anytime).
• Legal obligation: where we must retain or disclose information for tax, accounting, or lawful requests.

5. Analytics

We use Google Analytics on this website to measure traffic and campaigns. Google may process data in the United States and other countries under its terms. You can use browser controls, industry opt-outs, or Google’s tools to limit analytics where available.

6. Sharing and processors

We share data with service providers who help us run the business, for example payment processors, hosting providers, email delivery for transactional messages, and analytics. They may only use data on our instructions and must protect it appropriately. We do not sell your personal data.

7. Retention

We keep billing and account records as long as needed to provide the service and meet legal, tax, and accounting requirements (often several years for invoices). Support correspondence is kept for a reasonable period to handle follow-up issues. Website logs and analytics are retained according to each tool’s settings, typically on a rolling basis.

8. Security

We use administrative, technical, and organisational measures appropriate to the nature of the service. No method of transmission or storage is completely secure; you should protect your device, accounts, and backups.

9. International transfers

If we transfer personal data outside the EEA or UK, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms where required.

10. Your rights

Depending on your location, you may have the right to access, rectify, erase, restrict, or port your personal data, and to object to certain processing. You may lodge a complaint with your local supervisory authority. To exercise rights, contact us through the channels above; we will respond within the timeframes required by law.

11. Children

NeoMail is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

12. Changes

We may update this policy from time to time. We will post the new version here and adjust the effective date. For material changes affecting how we use data, we will provide additional notice where required by law.

This policy is a general description and not legal advice for your specific situation.