Madoo AI
← Madoo

Privacy Policy

Last updated: 2026-06-24

This Privacy Policy explains what personal data Madoo (“Madoo”, “we”, “us”) collects when you use our AI email‑template builder, why we collect it, who we share it with, and the rights you have over it. By using Madoo you agree to the practices described here.

1. Data we collect

We collect only the data needed to run the product. This falls into the following categories:

  • Account & identity: your email address, display name, profile picture, the locale you use, and your sign‑in method. If you sign in with Google, GitHub or Apple, we store the provider account ID returned by that provider. If you sign up with a password, we store only a salted hash — never the password itself.
  • Connected email accounts: if you connect Gmail or Outlook, we store encrypted access and refresh tokens and the connected account address so we can send or export emails on your behalf. You can disconnect at any time.
  • Content you create: the prompts you type, tone/length/audience settings, email titles, generated HTML and code, preview images, chat messages with the AI assistant, images you upload, and any feedback you give.
  • Billing data: when you subscribe, our payment processor (Stripe) handles your card details. We store only your Stripe customer and subscription identifiers, plan, status and trial dates. We never see or store full card numbers.
  • Feedback you send us: when you submit feedback from within the app, we store your message together with your account so our team can read it, respond, and improve the product.
  • Usage & technical data: basic analytics about how the product is used (page views, device/approximate location derived from IP), authentication cookies, login timestamps, and operational logs including AI request metadata (token counts, latency, errors).

2. How we use your data

  • Provide and operate the service — generate, store and export your email templates.
  • Authenticate you and keep your account secure.
  • Process payments and manage subscriptions and trials.
  • Respond to support requests.
  • Improve and debug the product using aggregated or operational data.
  • Send essential service emails (we do not send marketing without consent).

3. AI processing

To generate your emails, the prompts and related content you provide are sent to our AI provider, Anthropic (Claude), acting as a processor on our behalf. We do not sell this content, and we do not use it to train third‑party models beyond what is required to return a result to you.

4. Who we share data with (sub‑processors)

We share data only with service providers that help us run Madoo, under contract and only as needed:

  • Anthropic — AI generation of email content.
  • Stripe — payment processing.
  • Google / Microsoft — sign‑in and, if connected, sending email on your behalf.
  • Vercel — hosting and product analytics.
  • Our database and infrastructure providers — secure storage of your data.

We do not sell your personal data. We may disclose data if required by law or to protect our rights and users.

5. Data retention

We keep your data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain certain records (for example billing records) to comply with the law.

6. Your rights

Depending on where you live, you may have the right to access, correct, export, restrict or delete your personal data, to object to certain processing, and to withdraw consent. Under the GDPR (EU/EEA/UK) these rights apply to all residents; under the CCPA/CPRA, California residents may also request the categories of data we collect and opt out of any “sale” or “sharing” of personal information — note that we do not sell personal data.

To exercise any right, email us at asponceg@gmail.com. We will respond within the timeframe required by applicable law. You also have the right to complain to your local data protection authority.

7. Security

We protect your data with encryption in transit, encryption of sensitive tokens at rest, hashed passwords and access controls. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify you of significant incidents as required by law.

8. International transfers

Your data may be processed in countries other than your own, including the United States, where our providers operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

9. Children

Madoo is not intended for anyone under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the “Last updated” date above and, where appropriate, notify you.

11. Contact

Questions about this policy or your data? Email us at asponceg@gmail.com.