Skip to main contentSkip to navigation
ThawMail logo - Envelope melting with sun shining behind itThawMail

Privacy Policy

Your privacy matters. We're transparent about how we collect, use, and protect your data.

Last updated: November 4, 2025

1. Introduction

ThawMail ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We do not sell, trade, or share your personal information with third parties for their marketing purposes.

Google API Services Compliance: ThawMail's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. Information We Collect

Account Information

Email address and basic profile information (via Clerk authentication or OAuth providers)
Business information you provide (company, title, services, contact details)
Subscription and billing information
Usage preferences and settings

Service Usage Data

Websites you analyze (URLs and extracted content)
Generated emails and edits
Pricing configurations and templates
Usage statistics (analyses performed, emails generated)

Technical Information

IP address and device information
Browser type and version
Pages visited and time spent on the service
Error logs and performance data

2.5. Third-Party Authentication (OAuth)

ThawMail offers the option to create an account and sign in using third-party authentication services (also known as OAuth or "social login"). This section explains what data we collect, how we use it, and your rights when using these services.

Sign in with Google

What We Collect from Google

When you choose "Sign in with Google," we request access to the following information from your Google account:

Email address - To create and identify your ThawMail account
Basic profile information - Your name and profile photo (optional display)
Google account ID - A unique identifier to link your Google account to ThawMail

How We Use Google Data

We use your Google account information only to:

  • Create and authenticate your ThawMail account
  • Personalize your profile display (if you choose)
  • Send you service-related communications to your email
  • Provide customer support

Google Limited Use Compliance

We do NOT use your Google data for advertising, credit scoring, data brokering, or any purpose not explicitly disclosed here. We comply with Google's API Services User Data Policy, including Limited Use requirements.

Sign in with LinkedIn

What We Collect from LinkedIn

When you choose "Sign in with LinkedIn," we request access to the following information from your LinkedIn profile:

Email address - To create and identify your ThawMail account
Basic profile information - Your name, profile photo, and headline (optional display)
LinkedIn member ID - A unique identifier to link your LinkedIn account to ThawMail

How We Use LinkedIn Data

We use your LinkedIn account information only to:

  • Create and authenticate your ThawMail account
  • Personalize your profile display (if you choose)
  • Pre-populate your business information for email generation (with your permission)
  • Send you service-related communications to your email

LinkedIn Data Storage Consent

By clicking "Sign in with LinkedIn," you consent to ThawMail storing your LinkedIn profile information as described above. You may withdraw this consent and request deletion of your data at any time by deleting your account or contacting us at thawmail@corvianlabs.com.

LinkedIn Privacy Compliance

We comply with LinkedIn's API Terms of Use and maintain privacy and security standards at least as stringent as LinkedIn's own policies.

OAuth Token Storage & Security

When you authenticate with Google or LinkedIn, we securely store an access token that allows us to verify your identity on future visits.

Token Storage

OAuth access tokens are encrypted and stored securely in our database. Tokens are used only for authentication purposes.

Token Security

Tokens are encrypted at rest and transmitted only over secure HTTPS connections. We never share tokens with third parties.

Token Expiration

If a token expires or is revoked, you'll be prompted to re-authenticate. We do not refresh tokens without your explicit action.

No Profile Refreshing

We do not automatically fetch updated profile data from Google or LinkedIn. Your data is collected only at initial sign-in.

Revoking OAuth Access & Deleting Your Data

You have full control over your OAuth connections and data. You can revoke access at any time:

1Revoke from ThawMail

Delete your ThawMail account by clicking your profile picture in the top right corner of the navigation bar and selecting account settings. This will immediately delete all your data, including OAuth connections.

2Revoke from Google

Visit your Google Account Permissions page and remove ThawMail from your connected apps.

3Revoke from LinkedIn

Visit your LinkedIn Settings & Privacy page, go to "Data Privacy," and remove ThawMail from "Permitted services."

Immediate Deletion Guarantee: When you delete your ThawMail account or request data deletion, all OAuth tokens and associated profile data are permanently deleted from our servers within 30 days (most data is deleted immediately).

3. How We Use Your Information

We use your information to:

Provide and maintain our service
Authenticate your account via OAuth or Clerk
Process website analyses and generate personalized emails
Manage your account and subscription
Process payments and billing
Improve our service and develop new features
Provide customer support
Send important service announcements
Ensure security and prevent fraud

4. Information Sharing and Disclosure

We Do NOT Share Your Data For Marketing

We do not sell, rent, or share your personal information with third parties for their marketing purposes.Your business data, generated emails, analyses, and OAuth profile information remain private to your account.

Limited Sharing

We may share information only in these specific circumstances:

Service Providers
Trusted partners who help us operate the service (Clerk for auth, MongoDB for data storage, OpenAI for AI processing, Polar for payments, Google/LinkedIn for OAuth)
Legal Requirements
When required by law, legal process, or to protect our rights
Business Transfers
In case of merger, acquisition, or sale of assets (with notice)
Safety
To protect the safety of our users or the public

5. Third-Party Services

ThawMail integrates with several third-party services. Each has their own privacy policies:

Clerk
User authentication and management
Google OAuth
Third-party authentication (Sign in with Google)
LinkedIn OAuth
Third-party authentication (Sign in with LinkedIn)
OpenAI
AI-powered analysis and email generation
MongoDB Atlas
Secure data storage
Polar
Payment processing and subscription management
Vercel
Hosting and deployment infrastructure

We carefully select partners who maintain high privacy and security standards. Your data is only shared with these services to the extent necessary to provide our functionality.

6. Data Security

We implement industry-standard security measures to protect your information:

Encryption in transit: All data transmitted using HTTPS/TLS (including OAuth tokens)
Encryption at rest: All database contents encrypted (including OAuth tokens and profile data)
Secure authentication via Clerk and OAuth providers
Regular security audits and monitoring
Limited access controls for our team
Secure payment processing through Polar

Security Incident Reporting

We maintain written vulnerability response processes. In the event of a security incident that affects or may affect your data:

  • We will report incidents to LinkedIn within 24 hours at security@linkedin.com
  • We will report incidents to Google as required by their policies
  • We will notify affected users promptly via email

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

Account Data
Retained while your account is active (including OAuth profile data and tokens)
Usage History
Varies by subscription tier (Free: 30 days, Starter: 90 days, Professional: 365 days)
Billing Records
Retained for 7 years for tax and legal compliance
Deleted Accounts
All data (including OAuth tokens and profile data) is permanently deleted within 30 days of account deletion

8. Your Rights and Choices

You have the right to:

Access: Request a copy of your personal data (including OAuth profile data)
Correction: Update or correct your information
Deletion: Request immediate deletion of your account and all associated data
Portability: Export your data in a machine-readable format (text export available for all users, PDF export for Starter and Professional plans)
Revoke OAuth Access: Disconnect Google or LinkedIn authentication at any time
Opt-out: Unsubscribe from newsletter and marketing communications at corvianlabs.com/unsubscribe
Restrict Processing: Limit how we process your data
Withdraw Consent: Revoke consent for LinkedIn data storage

To exercise these rights, contact us at thawmail@corvianlabs.com. We will respond within 30 days. For immediate account deletion or OAuth disconnection, click your profile picture in the top right corner of the navigation bar to access your account settings.

9. Cookies and Tracking

Essential Cookies (Always Active)

Required for authentication (Clerk, OAuth session management) and core service functionality. These cannot be disabled as the service won't work without them.

Analytics Cookies (Optional)

Google Analytics helps us understand how users interact with ThawMail to improve the service. We don't use this data for advertising or tracking across websites.

Loading preferences...

No Advertising Cookies: We do not use tracking cookies for advertising purposes. Our analytics are privacy-focused and do not track individual users across the web.

10. Children's Privacy

ThawMail is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will delete such information immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws (including GDPR) and that your data receives adequate protection. OAuth data from Google and LinkedIn is handled in accordance with their respective data transfer policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes (including changes to OAuth data usage), we will provide additional notice via email.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Contact
thawmail@corvianlabs.com
Support
thawmail@corvianlabs.com
Website
thawmail.com
We are committed to resolving any privacy concerns you may have and will respond to your inquiries promptly.
Back to Home