SpamAnalyzer ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at spamanalyzer.hpsend.com and our email analysis services (collectively, the "Service").
1. Information We Collect
Account Information: When you create an account, we collect your name, email address, and password (stored as a bcrypt hash). If you use Google or GitHub OAuth, we receive your name, email, and provider-specific user ID. We do not store your OAuth access tokens.
Email Content for Analysis: When you submit an email for spam analysis, we process the subject line and body content. This content is sent to Anthropic's Claude API for analysis and is not stored by us beyond the analysis session. We log metadata (timestamps, spam scores, token counts) but do not retain the email content itself.
Billing Information: Payment processing is handled by Stripe. We store your Stripe customer ID and subscription ID for account management. We do not store credit card numbers, CVVs, or other payment card details on our servers.
Usage Data: We collect information about how you use the Service, including API request counts, analysis frequency, and timestamps. This data is used for usage metering, billing, and service improvement.
Technical Data: Our server logs may record your IP address, browser type, and request headers. This information is used for security, rate limiting, and debugging purposes.
2. How We Use Your Information
- Provide the Service: Process email analyses, manage your account, and track usage against your plan limits.
- Billing: Process payments, manage subscriptions, and handle overage billing through Stripe.
- Security: Detect and prevent abuse, enforce rate limits, and protect against unauthorized access.
- Communication: Send transactional emails such as magic link login tokens and account notifications. We do not send marketing emails unless you explicitly opt in.
- Improvement: Analyze aggregate usage patterns to improve the Service. We do not use your email content for training AI models.
3. Third-Party Services
We use the following third-party services to operate SpamAnalyzer:
- Anthropic (Claude API): Email content is sent to Anthropic's API for spam analysis. Anthropic's use of this data is governed by their privacy policy. Anthropic does not use API inputs to train their models.
- Stripe: Handles payment processing and subscription management. Stripe's use of your data is governed by the Stripe Privacy Policy.
- SendGrid: Used to send transactional emails (e.g., magic link login tokens). SendGrid's use of your data is governed by the Twilio Privacy Policy.
4. Data Storage and Security
Your account data is stored in an encrypted SQLite database on our servers. Passwords are hashed with bcrypt. API keys are stored as SHA-256 hashes; the plaintext key is shown once at creation and never stored. Session tokens are signed with HMAC-SHA256.
We use HTTPS (TLS) for all communications between your browser and our servers. Access to our servers is restricted to authorized personnel only.
5. Data Retention
- Account data: Retained as long as your account is active. You may request deletion at any time.
- Email content: Not stored. Content is processed in memory and discarded after the analysis response is returned.
- Analysis metadata: Retained for billing, usage tracking, and service improvement. Includes timestamps, spam scores, and token counts — not email content.
- Sessions: Expire after 30 days of inactivity.
- Magic link tokens: Expire after 15 minutes.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Update your name, email, or password through your dashboard settings.
- Deletion: Request deletion of your account and associated data by contacting us.
- Data Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing of your data in certain circumstances.
To exercise any of these rights, contact us at the email address listed below.
7. Cookies
We use a single HTTP-only session cookie to maintain your login session. This cookie is essential for the Service to function and cannot be disabled while using the dashboard. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Children's Privacy
The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
9. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: privacy@spamanalyzer.hpsend.com