Legal Center

Policies and Terms

Read the terms that govern your use of Zoēs and learn how we protect your data.

Privacy Policy

Effective Date: December 11, 2024

Last Updated: December 11, 2024

Introduction

Welcome to Zoēs AI Email Security ("Zoēs," "we," "us," or "our"). We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.

This Privacy Policy explains our data practices for the Zoēs platform, including our website at zoes.one ("Website"), our browser extension ("Extension"), and our backend API services ("Services"). By using Zoēs, you agree to the collection and use of information in accordance with this policy.

Your privacy is our priority. We only collect the minimum data necessary to provide email security analysis and we never sell your data to third parties.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your email address, name (optional), and password (securely hashed).
  • OAuth Authentication: When you sign in with Google, we receive your Google account email, name, and profile picture from Google. We do not receive your Google password.
  • Payment Information: Billing is processed securely through Stripe. We do not store your credit card details - they are handled entirely by Stripe, a PCI DSS Level 1 certified payment processor.
  • Support Communications: When you contact our support team, we collect your email address and the content of your messages.

1.2 Email Metadata We Analyze

Important: We analyze email metadata for security purposes only. We do NOT store full email content.

When you scan an email, we temporarily process:

  • Sender email address and display name
  • Subject line
  • Link URLs found in the email
  • Attachment filenames, types, and sizes (not file contents)
  • Email headers (for authentication analysis)
  • Email body text (for threat pattern detection)
  • Email date and time

Data Retention: Email metadata is hashed and stored only as anonymized scan results for your scan history. The storage period depends on your plan:

  • Free Plan: 1 day
  • Paid Plans: 5-7 days
  • Plus Plans: Up to 90 days

1.3 Gmail API Access

Our Extension requires read-only access to Gmail to analyze emails. We access the following Gmail data through Google's official Gmail API:

  • Email message metadata (sender, subject, date)
  • Email message content (body text and HTML)
  • Links and attachment information
  • Email headers for authentication checks
  • Your Gmail account email address

Zoēs' use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

We use Gmail data exclusively for security analysis and threat detection. We do NOT:

  • Store full email content permanently
  • Share emails with third parties for advertising
  • Use emails to train AI models for other purposes
  • Sell or rent your Gmail data

1.4 Automatically Collected Information

  • Device Information: Browser type, operating system, device type, and browser extension version.
  • Usage Data: Pages visited, features used, scan counts, button clicks, and time spent in the application.
  • IP Address: Collected for rate limiting, fraud prevention, and security purposes. Hashed and anonymized for threat intelligence.
  • Cookies: We use essential cookies for authentication and session management. See our Cookie Policy below.

1.5 Analytics and Error Tracking

We use the following third-party services to improve our product:

  • Sentry: Error tracking and performance monitoring. Collects error logs, stack traces, and anonymized user context (user ID, plan type). Does NOT include email content.
  • Amplitude: Product analytics. Tracks page views, feature usage, and user flows. Collects anonymized user ID and behavioral data.
  • PostHog: Product analytics and session replay. Tracks page views, clicks, and user journeys. Session replays are anonymized and do not capture sensitive data.

2. How We Use Your Information

We use collected information for the following purposes:

  • 1
    Email Security Analysis: Analyze email metadata to detect phishing, malware, and other threats using rule-based systems, AI models, and threat intelligence databases.
  • 2
    Account Management: Create and manage your account, authenticate users, and sync settings across devices.
  • 3
    Billing and Subscriptions: Process payments, manage subscriptions, and handle billing inquiries through our payment processor, Stripe.
  • 4
    Product Improvement: Analyze usage patterns to improve threat detection accuracy, develop new features, and enhance user experience.
  • 5
    Security and Fraud Prevention: Detect and prevent unauthorized access, abuse, and fraudulent activity.

3. Data Sharing and Disclosure

We do not sell Google user data. We only share or disclose data in the limited circumstances below:

  • Service Providers: We use vendors for infrastructure, analytics, and billing (for example: hosting, error monitoring, and Stripe for payments). These providers process data on our behalf under confidentiality and data protection obligations.
  • Legal Requirements: We may disclose data to comply with applicable laws, lawful requests, or to protect the security and integrity of our users and services.
  • Business Transfers: If we are involved in a merger, acquisition, or asset sale, we may transfer data as part of that transaction, subject to confidentiality protections.

4. Data Protection and Security

We apply administrative, technical, and organizational safeguards designed to protect sensitive data, including Google user data. Our protections include:

  • Encryption in Transit: All data is transmitted over HTTPS/TLS.
  • Encryption at Rest: Sensitive data is encrypted at rest where stored.
  • Access Controls: Access is restricted to authorized personnel on a need-to-know basis with least-privilege permissions.
  • Monitoring and Logging: We monitor for abuse and maintain audit logs to help detect suspicious activity.
  • Credential Protection: We use secure secrets management and rotate credentials where applicable.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@zoes.one

Website: https://zoes.one/support

© 2025 Zoēs, Inc. All rights reserved.

Made with Zoēs in Canada