Privacy Policy
Last updated: 2026-05-09
This Privacy Policy explains how we collect, use, and share information when you use ColdSnap AI (the “Service”), an AI-powered cold email generator. By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
- Account Information: When you sign up or sign in, we collect your email address and other basic profile data from your chosen identity provider (e.g., Google or GitHub) via OAuth. We use Supabase Authentication to manage sessions.
- Payment and Subscription Information: If you purchase a plan, billing is processed by Stripe. We do not store complete card details on our servers; Stripe processes and stores that data.
- Content You Provide: URLs and profile links you submit (e.g., LinkedIn profiles, company websites), product details, goals, and any inputs used to generate emails.
- Scraped/Public Data: To personalize emails, the Service may fetch public data from the URLs you provide (e.g., profile data, website content). Summaries of this data may be cached to improve performance.
- Generated Outputs and History: We may store generated subject lines and email bodies and associate them with your account to support features like history.
- Gmail Account Data (optional, only if you link Gmail): If you choose to link a Gmail account, we request the
https://www.googleapis.com/auth/gmail.modify scope along with openid and userinfo.email. We store your Google user ID, email address, and OAuth access/refresh tokens (encrypted at rest in Supabase) so the Service can: (a) send emails you have composed in the app from your own Gmail account; (b) detect and read replies only within email threads you initiated through ColdSnap, in order to track responses and show you reply statistics; and (c) when you turn on the optional AI reply feature for a conversation, create draft replies in that thread (or, on plans where you enable auto-send, send replies on your behalf). We store the content of those tracked threads (the message you sent and the replies received) so we can display the conversation and analytics to you. We do not read, index, or process messages or threads that you did not start through ColdSnap, and we do not access your wider mailbox, contacts, or unrelated labels. - Technical and Usage Data: We may collect logs related to requests, device/browser info, and general product analytics necessary to operate and improve the Service.
- Cookies/Local Storage: Used for session handling, preferences, and improving user experience.
2. How We Use Information
- Authenticate users and maintain secure sessions.
- Provide, operate, and improve the Service—e.g., generate personalized emails.
- Enforce usage limits, prevent abuse, and maintain reliability.
- Process payments, manage subscriptions, and provide invoices via Stripe.
- Offer customer support and communicate important updates about the Service.
- Comply with legal obligations and enforce our Terms and Conditions.
3. Legal Bases (EEA/UK Users)
- Performance of a contract (providing the Service you requested).
- Legitimate interests (e.g., improving the Service, preventing abuse).
- Consent (where required, e.g., certain cookies or marketing messages).
4. Sharing of Information
- Supabase: Authentication, database/storage, and serverless functions used to operate the Service.
- Stripe: Payment processing and subscription management. Stripe receives necessary billing data.
- OAuth Providers: Google and GitHub to sign you in and obtain your basic profile and email.
- Data Processing Pipeline: Services used to fetch and summarize publicly available content from URLs you submit (e.g., automation/orchestration services), solely to provide the functionality.
- Service Providers: Contractors and vendors who assist in operating the Service under appropriate confidentiality obligations.
- Legal/Compliance: If required by law, subpoena, or to protect rights, property, and safety.
5. Google API Services User Data Policy & Limited Use
ColdSnap AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, with respect to Gmail data obtained via the gmail.modify scope:
- We use Gmail data only to provide the user-facing features that let you send emails you composed in ColdSnap from your own Gmail account, track and read the replies to those specific emails, and—at your option—draft or send AI-assisted replies within those same threads.
- We do not use Gmail data to develop, train, or improve generalized or non-personalized AI/ML models.
- We do not sell Gmail data, and we do not use it for advertising purposes.
- We do not transfer Gmail data to third parties, except as necessary to provide and improve the user-facing feature you requested (for example, transmitting your composed message through Google's own Gmail API), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
- Humans do not read Gmail data unless we have your specific consent for a named individual, it is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized.
- You can disconnect your linked Gmail account at any time from the Account page. Disconnecting revokes our access at Google (via
https://oauth2.googleapis.com/revoke), deletes the stored OAuth tokens, and permanently deletes the tracked conversation data (sent messages and fetched replies) associated with that account. You can also revoke access directly at myaccount.google.com/permissions.
6. Data Retention
We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account or certain data, subject to legal and operational requirements.
7. International Data Transfers
We may transfer and store information with providers located in various countries. Where required, we rely on appropriate safeguards for such transfers.
8. Security
We implement reasonable technical and organizational measures designed to protect your information. However, no method of transmission or storage is 100% secure.
9. Your Rights
Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your data. You can also object to processing and request data portability.
To exercise these rights, contact us at: dev@saaz.site.
10. Children’s Privacy
The Service is not directed to children under the age of 16 (or as defined by local law).
11. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date.
Need the Terms & Conditions? See
Terms and Conditions.