Privacy Policy

Last updated: February 23, 2026

Your Privacy is Our Priority

Simarahitam Technologies Pvt. Ltd. ("Compose", "we", "us") explains how it collects, uses, shares, and protects personal information for its AI-powered email intelligence service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email, name, via Google Sign-In
  • Content for Analysis: Email content submitted for AI triage, threat detection, and strategic analysis
  • Preferences: Daily Brief schedule, VIP senders, analysis mode, label settings
  • Payment Information: Processed through Razorpay; complete credit card details not stored
  • Support Communications: Messages sent to our support team

1.2 Gmail Integration Data

  • OAuth Tokens: Secure access tokens for Gmail API (stored encrypted)
  • Email Metadata: Subject, sender, recipients, timestamps for triage
  • Email Content: Body text analyzed during Daily Brief pipeline (redacted via PALADIN NER before AI processing)

1.3 Information Collected Automatically

  • Usage Data: Features used, briefs generated, actions taken
  • Device Information: Device type, operating system, browser type
  • Log Data: IP address, access times, error logs
  • Analytics Data: App performance and usage patterns (anonymized)

2. How We Use Your Information

2.1 To Provide Our Services

  • Create and manage accounts
  • Analyze emails using AI for priority triage, threat detection, and strategic review
  • Generate Daily Briefs with prioritized actions
  • Apply Gmail labels (Priority, Needs Review, Phishing, etc.)
  • Process payments and manage subscriptions
  • Provide customer support

2.2 AI Processing

Email content is processed by third-party LLM providers and internal algorithms. We do NOT train AI models on your personal data. Your content is only sent to AI providers during analysis and is used exclusively for generating your results.

PII Redaction: Before any email content is sent to AI providers, our PALADIN NER (Named Entity Recognition) system redacts personal information including names, phone numbers, addresses, financial data, and other sensitive identifiers.

Third-Party AI Data Responsibility

You are solely responsible for any data you provide that is transmitted to third-party AI models. Key points:

  • Compose does not control third-party AI provider data handling
  • No guarantees regarding third-party data retention or security
  • Data governance applies only to our secure database content, not AI provider transmissions
  • Using AI features constitutes consent to third-party data transmission

2.3 For Communication

  • Daily Brief delivery notifications
  • Subscription confirmations and receipts
  • Support inquiry responses
  • Service updates and security alerts

2.4 To Improve Our Services

  • Analyze usage patterns (anonymized data only)
  • Fix bugs and improve performance
  • Develop new features based on user needs

3. How We Share Your Information

3.1 Data Sales Policy

We will never sell your personal information or content to third parties.

3.2 Service Providers

Data shared with trusted third parties:

  • Third Party LLM: AI-powered email analysis (with PII redaction)
  • Payment Processors: Payment and transaction handling (Razorpay)
  • Email Services: Transactional email delivery
  • Cloud Infrastructure: Backend infrastructure, authentication, database, hosting

These providers are contractually obligated to protect data for service delivery only.

3.3 Legal Requirements

Information may be disclosed if required by law or in response to:

  • Valid legal processes (court orders, subpoenas)
  • Government or regulatory requests
  • Protection of rights, property, or safety
  • Prevention of fraud or illegal activity

4. Data Security

4.1 Security Measures

  • Encryption: Data in transit (HTTPS/TLS) and at rest in secure database
  • OAuth Token Security: Gmail tokens encrypted; instantly revocable
  • PII Redaction: PALADIN NER strips personal data before AI processing
  • Access Controls: Role-based access, least privilege principle
  • Monitoring: Security logging and intrusion detection

4.2 Your Responsibility

  • Keep passwords secure and confidential
  • Log out from shared devices
  • Report suspicious activity immediately
  • Review connected Gmail account permissions periodically

4.3 Data Breach Notification

In case of data breach involving personal data:

  • Notify Data Protection Board of India within 72 hours
  • Notify affected users within 24 hours via email
  • Include: breach nature, affected data, remedial actions, contact information

5. Your Rights (GDPR & DPDP Act)

You have the following rights regarding your personal data:

  • Access: Request a copy of your data
  • Correction: Update or correct inaccurate data
  • Deletion: Request data deletion (with legal retention exceptions)
  • Export: Download data in portable format
  • Disconnect Gmail: Revoke account connection anytime
  • Object: Object to processing for certain purposes
  • Cancel Subscription: Cancel anytime

Contact support@simacompose.com to exercise rights. Response time: 30 days.

6. Data Retention

6.1 Active Accounts

  • Daily Brief History: Retained while account is active
  • Email Analysis Records: Retained while active
  • Gmail OAuth Tokens: Retained until disconnected
  • Usage Logs: 90 days
  • Payment Records: 7 years (legal requirement)

6.2 Subscription Expiry

  • Immediate: Premium features disabled
  • 15 Days Post-Expiry: Data may be archived; Gmail connection auto-disconnected
  • Data in Archive: Recoverable upon subscription renewal within reasonable timeframe
  • Payment Records: Retained 7 years (legal requirement)

6.3 Account Deletion

  • Immediate: Gmail disconnected; OAuth tokens revoked
  • Soft Delete: 30-day recovery period
  • Permanent Deletion: After 30 days, all data deleted from active systems
  • No Recovery: Data cannot be recovered post-permanent deletion
  • Anonymized Analytics: May be retained (no personally identifiable information)

7. Children's Privacy

Compose is for users 13 years and older. We do not knowingly collect data from children under 13. Report suspected child data collection to support@simacompose.com immediately.

8. International Data Transfers

Compose operates from India. Data accessed from outside India may transfer to India and the United States. Safeguards include:

  • All transfers encrypted in transit (TLS/HTTPS)
  • GDPR & DPDP Act compliant handling
  • Contractual protections with service providers

9. Cookies and Tracking

We use essential cookies and similar technologies to maintain login sessions, remember preferences, analyze usage patterns (anonymized), and improve performance. We do not use third-party advertising cookies or tracking pixels.

10. Changes to This Policy

We may update this policy. Users will be notified through:

  • Updated policy posted on our website
  • Email notification
  • Updated "Last updated" date at policy top

Continued service use after changes constitutes acceptance of the updated policy.

11. Contact Us

  • Privacy Inquiries: support@simacompose.com
  • Company: Simarahitam Technologies Pvt. Ltd., Bangalore, Karnataka, India
  • Data Protection Officer: For GDPR and DPDP Act inquiries, contact support@simacompose.com

© 2026 Simarahitam Technologies Pvt. Ltd. All rights reserved.