Data you provide directly

• Account data: name, email address, authentication credentials, and organization details when you create an account.
• Billing data: payment method, billing address, and transaction history processed through Stripe. We do not store full card numbers.
• Support data: messages, attachments, and context you provide when contacting us or participating in pilots.

Data collected automatically

• Website analytics: page views, referral source, approximate location (country / region), device type, and browser. We use Vercel Analytics for this purpose. No cross-site tracking cookies are used.
• Product telemetry: crash reports and error diagnostics that you opt in to share from the desktop application. These do not contain email content.
• Server logs: IP address, request timestamps, and endpoint accessed, retained for security and debugging.

The following data never leaves your device unless you take explicit action:

• Email content, threads, and attachments
• AI memory, rules, and personalization context
• Drafts, summaries, and generated replies
• Local configuration and preferences

If you enable cloud-backed AI features, the specific prompts and context required to fulfill that request are transmitted over TLS to the AI provider. We transmit the minimum data needed and do not retain copies on our servers. The AI provider's own data handling is governed by their privacy policy, which we review before integrating any provider.

If we introduce sync, backup, or other cloud storage features in the future, we will update this policy and notify you before those features are enabled.

• To provide the service: account creation, authentication, downloads, entitlements, updates, and support.
• To process payments: billing, invoicing, refunds, and license management through Stripe.
• To communicate with you: responding to inquiries, sending service updates, and security notices. We do not send marketing email without your consent.
• To improve and protect the service: monitoring reliability, fixing bugs, preventing abuse, and analyzing aggregate usage patterns.
• To comply with law: meeting legal obligations, responding to lawful requests, and enforcing our terms.

We do not use your email content, drafts, or local data for advertising, model training, or any purpose unrelated to delivering the features you requested.

We share data with the following categories of providers:

We may also share data with professional advisors or authorities when required by law, to prevent fraud, or in connection with a merger, acquisition, or asset sale.

We do not sell, rent, or trade your personal information.

The stantal.ai website uses essential cookies for authentication and session management. We use Vercel Analytics for privacy-friendly, aggregate website analytics that does not use cross-site tracking cookies or fingerprinting.

We do not use third-party advertising trackers, retargeting pixels, or social media tracking scripts.

• Account data: retained while your account is active and for up to 30 days after deletion to allow recovery.
• Billing records: retained as required by tax and financial regulations (typically 7 years).
• Server logs: retained for up to 90 days.
• Support correspondence: retained for as long as needed to resolve the issue and maintain service quality.
• Local data: stored on your device and under your control. We have no access to delete or modify it remotely.

We use TLS encryption for all data in transit, enforce access controls on infrastructure, and follow security best practices for credential storage and service configuration. No system is completely secure. You are responsible for keeping your device, credentials, and local data protected.

In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities within 72 hours of confirmation, as required by applicable law.

Depending on your jurisdiction, you have some or all of the following rights:

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to correct inaccurate data.
• Deletion: request deletion of your account and associated data.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdrawal of consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email john.z.b.924@gmail.com or use the contact page. We will respond within 30 days.

For California residents (CCPA)

You have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a request, email john.z.b.924@gmail.com. We will not discriminate against you for exercising these rights.

For EEA and UK residents (GDPR)

Our legal bases for processing are: performance of a contract (providing the service), legitimate interest (security, analytics, product improvement), and consent (where you opt in to optional features). You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

Our infrastructure and sub-processors are primarily located in the United States. If you access the service from outside the US, your data may be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection.

Operon is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, contact john.z.b.924@gmail.com.

This policy is governed by the laws of the State of Missouri, United States, without regard to conflict of law principles. This does not limit any rights you may have under the mandatory consumer protection laws of your jurisdiction.

We may update this policy as the product and company evolve. Material changes will be communicated via email to account holders and posted on this page with an updated effective date. Continued use of the service after changes take effect constitutes acceptance.

For privacy-related questions, data requests, or complaints:

• Email: john.z.b.924@gmail.com
• Web: stantal.ai/contact