Privacy Policy

Vertext Digital ("we", "our", or "us") operates the Email Agent platform accessible at email-1nbh.onrender.com and sam.co.ke (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use immediately.

We collect information you provide directly, including your Google account email address obtained through OAuth 2.0 authorization. We also collect Gmail metadata such as sender addresses, email subjects, timestamps, and thread identifiers. We do not store the full body of your emails on our servers beyond what is necessary to generate AI-powered responses. Additionally, we collect usage data such as request logs, API call timestamps, and performance metrics.

Our Service uses Google OAuth 2.0 to request access to your Gmail account. Specifically, we request the following scopes: gmail.modify (read and modify emails), gmail.send (send emails on your behalf), and userinfo.email (identify your account). We use these permissions solely to read incoming emails, generate AI responses using your knowledge base, and send replies. You may revoke this access at any time via your Google Account security settings at myaccount.google.com/permissions.

We use the information we collect to: (a) operate and maintain the Service; (b) process incoming emails and generate contextually relevant AI-powered replies; (c) store and retrieve knowledge base documents you upload; (d) monitor system performance and prevent abuse; (e) communicate with you about service updates, security alerts, or policy changes; and (f) comply with legal obligations. We do not use your data for advertising or sell it to third parties.

Your encrypted Gmail OAuth refresh tokens are stored in our Supabase PostgreSQL database using AES-256-CBC encryption. Knowledge base documents you upload are vectorized and stored as embeddings in our database. Email metadata processed through the Service is retained in audit logs for up to 90 days, after which it is automatically purged. You may request deletion of your data at any time by contacting us at sammyseth260@gmail.com.

We implement industry-standard security measures to protect your information. OAuth refresh tokens are encrypted using AES-256-CBC with unique initialization vectors before storage. All data in transit is protected using TLS 1.2 or higher. Our Supabase backend enforces row-level security policies. Access to production systems is restricted to authorized personnel only. Despite these measures, no security system is impenetrable, and we cannot guarantee absolute security of your data.

Our Service integrates with the following third-party providers: Google LLC (Gmail API and OAuth — subject to Google's Privacy Policy); Supabase Inc. (database and authentication infrastructure); Groq Inc. (AI language model inference); and Render Inc. (cloud hosting). Each of these providers maintains their own privacy policies and security practices. We encourage you to review their respective policies. We are not responsible for the privacy practices of these third-party services.

Documents you upload to our knowledge base (PDF files) are processed to extract text, which is then vectorized and stored as numerical embeddings. The original document files are not permanently stored after vectorization. These embeddings are used exclusively to generate contextually accurate email replies within your account. Your knowledge base data is not shared with other users or used to train AI models. You retain full ownership of any content you upload.

Our Service uses cookies and browser local storage to maintain your authentication session and user preferences. Session cookies are used to identify your logged-in state and expire when you close your browser. We do not use tracking cookies or advertising cookies. Third-party services embedded in our platform (such as Supabase Auth) may set their own cookies necessary for authentication. You can configure your browser to refuse cookies, but this may impact Service functionality.

Depending on your jurisdiction, you may have the following rights regarding your personal data: (a) Access — request a copy of the data we hold about you; (b) Rectification — request correction of inaccurate data; (c) Erasure — request deletion of your personal data; (d) Restriction — request we limit processing of your data; (e) Portability — request your data in a machine-readable format; (f) Objection — object to certain types of processing. To exercise any of these rights, contact us at sammyseth260@gmail.com.

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at sammyseth260@gmail.com. Upon verification, we will promptly delete any such information from our systems.

Our Service is operated from Kenya and uses infrastructure provided by companies based in the United States (Google, Supabase, Groq, Render). By using our Service, you consent to the transfer of your information to countries outside your country of residence, including the United States, which may have different data protection laws than your jurisdiction. We ensure appropriate safeguards are in place for such transfers in accordance with applicable law.

In the event of a data breach that may compromise your personal information, we will notify affected users within 72 hours of becoming aware of the breach, to the extent reasonably practicable. Notification will be sent to the email address associated with your account and/or posted prominently on our platform. The notification will include the nature of the breach, data affected, steps we have taken to mitigate harm, and recommended actions for you to protect yourself.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by email. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: sammyseth260@gmail.com | Website: https://sam.co.ke | Service URL: https://email-1nbh.onrender.com. We are committed to resolving any privacy concerns promptly and transparently. For complaints that we are unable to resolve directly, you may have the right to lodge a complaint with your local data protection authority.