Cybro Email Agent
Start free

Legal

Privacy Policy

Last updated: June 15, 2026

Cybro Email Agent (“CEA,” the “Service”) is a product of Cybromines (“Cybromines,” “we,” “us”), powered by our Cybroxio AI engine. This Privacy Policy explains how we access, use, store, share, and protect information when you connect an email account and use the Service. CEA reads your incoming mail, uses Cybroxio AI to detect leads and enquiries, and delivers the detected leads to a webhook endpoint that you configure. We do not sell your data.

1. Information we access and collect

  • Email content and metadata (via your connected mailbox). When you connect Gmail, Outlook / Microsoft 365, Zoho, or any IMAP account, you grant Cybro read-only access. We read incoming messages — including sender, subject, body text, and folder/label metadata — solely to detect leads and enquiries.
  • Account & authentication data. Your name and email address, provided through our authentication provider when you create an account or organization.
  • Connection credentials. OAuth tokens (Google, Microsoft) or IMAP credentials needed to access your mailbox. These are encrypted at rest.
  • Extracted lead data. Structured fields we derive from a message we classify as a lead (for example: sender name, company, intent summary, and a confidence score).
  • Operational data. Configuration (your webhook destination, chosen AI providers, folder selections) and delivery logs (timestamps, HTTP status of webhook deliveries).

2. How we use information

We use the information above only to provide and operate the Service, specifically to:

  • read incoming messages from the folders you select;
  • classify each message with AI to determine whether it is a lead or enquiry;
  • extract structured lead fields from messages identified as leads; and
  • deliver detected leads to the webhook endpoint you configure.

We do not use your email content for advertising, and we do not sell or rent your data to anyone.

3. Google user data — Limited Use

CEA’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

  • Cybromines only accesses and uses your Gmail data to provide and improve the user-facing lead-detection feature you have requested;
  • we do not transfer or sell Gmail data to third parties except (a) to providers that help us operate the user-facing feature (such as the AI provider you configure and infrastructure subprocessors listed below), (b) for security purposes, (c) to comply with applicable law, or (d) as part of a merger or acquisition with appropriate notice;
  • we do not use Gmail data for serving advertisements;
  • we do not allow humans to read your Gmail data unless we have your affirmative consent for specific messages, it is necessary for security or to comply with law, or the data is aggregated and anonymized for internal operations; and
  • we do not use your Gmail data to develop, improve, or train generalized or non-personalized AI and/or machine-learning models.

The same commitments apply to data we receive from Microsoft and other mail providers.

4. AI processing and third parties

To classify a message, Cybroxio AI sends the message content to the AI provider your organization configures (for example an OpenAI-compatible API, or a self-hosted model). These providers are instructed to use the content only to return a classification for that message, and not to train their models on your data. You choose which provider to use; if you run a self-hosted model (such as Ollama), the content does not leave your infrastructure.

Detected leads are delivered, as a signed request, to the webhook endpoint you configure — i.e., to your own systems. You are responsible for how that endpoint and the systems behind it handle the data.

5. Subprocessors

We rely on the following service providers to operate the Service:

  • Vercel — application hosting.
  • Neon — database (encrypted secrets and operational data).
  • Clerk — authentication and organization management.
  • Upstash — background job queue and scheduling.
  • Your configured AI provider — message classification.

6. Data storage and retention

  • Email bodies are processed transiently. We do not retain the full raw body of your emails after classification; we keep only the structured fields extracted from messages identified as leads.
  • Credentials are encrypted at rest (AES-256-GCM) and retained only while a mailbox remains connected. Disconnecting a mailbox deletes its stored credentials.
  • Extracted lead data and logs are retained until you delete them or close your account, after which they are removed within a reasonable period.

7. Security

We encrypt credentials and secrets at rest, transmit data over TLS, sign webhook deliveries, and protect outbound webhook delivery against server-side request forgery. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard measures.

8. Your choices and revoking access

  • Disconnect a mailbox at any time from the Mailboxes screen, which removes our stored credentials for that account.
  • Revoke Google access directly at myaccount.google.com/permissions (and the equivalent settings for Microsoft).
  • Delete your data by deleting your organization/account or by contacting us.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect their data.

10. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by additional notice.

11. Contact

Questions about this policy or your data? Email us at support@cybromines.com.