Privacy Policy

1. Our Privacy Commitment

At Twoblade, we prioritize the privacy and security of your email communications. Our platform uses the SHARP protocol and is designed to provide secure, efficient email management while protecting your data. This policy outlines how we collect, use, and protect your information.

2. Information We Collect

We collect various types of information to provide and improve our services:

3. How We Use Your Information

We use the collected information for the following purposes:

• Providing Email Services: Delivering emails locally and to remote SHARP servers, storing emails and attachments, managing contacts and drafts.
• Security and Authentication: Verifying your identity, protecting against unauthorized access, detecting and preventing spam using Hashcash analysis and Outpoot Nullmark™ technology.
• Service Improvement: Analyzing usage patterns (in aggregate, non-identifiable ways) to enhance features and performance.
• Feature Provision: Enabling features like scheduled sending, email expiration, self-destruct, snoozing, notifications, and vocabulary checks based on IQ.
• Email Classification: Automatically categorizing emails based on keywords and structure (see Section 4).
• Enforcing Limits: Managing storage quotas and attachment size limits.
• Troubleshooting: Diagnosing and resolving technical issues.

We do not sell your personal data to third parties.

4. AI Features and Data Processing

We use automated systems (including keyword analysis and HTML structure analysis) for email classification (e.g., Promotions, Updates). Currently, this does not involve external AI providers.

• Email content is processed securely within our system for classification.
• No personal data from your emails is used to train external AI models, except for Twoblade's own proprietary AI models that may be used to improve our services.
• Classification primarily helps organize your inbox based on predefined rules.
• Any AI features developed by Twoblade process your data internally and securely.

5. Data Sharing and Third Parties

We limit data sharing but may share information in specific circumstances:

• Other SHARP Servers: When you send an email to an address on a different SHARP server, we transmit the necessary email data (sender, recipient, subject, body, attachments) via the SHARP protocol.
• Legal Requirements: We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security

We implement technical and organizational measures to protect your data:

• Password Hashing: Storing user passwords securely using strong hashing algorithms.
• Access Controls: Limiting access to data based on roles and responsibilities.
• Encryption: While the SHARP protocol itself is basic TCP, we encourage secure connections for API access (HTTPS). Data at rest in the database and object storage is protected by provider security measures.
• Spam Mitigation: Utilizing Hashcash proof-of-work to reduce spam.
• Regular Audits: Periodically reviewing security practices (though specific measures like end-to-end encryption are not currently implemented for all data).
• Attachment Limits: Enforcing size limits on attachments.

7. Your Rights and Choices

You have control over your data:

• Access and Rectification: You can access and update most of your account information and settings through the platform.
• Data Export: You can request an export of your data (including emails, settings, contacts, and attachment metadata) via the Settings page. Exports are typically available as a JSON file.
• Account Deletion: You can request to delete your account via the Settings page. Please see Section 8 for details on data retention after deletion.
• Opt-out of Features: While core email functionality is required, you implicitly opt-out of features like notifications by not enabling them.

8. Data Retention and Deletion

• Email Expiration: Emails may be automatically deleted if they have an `expires_at` timestamp set, or if the `self_destruct` flag is enabled (details on self-destruct trigger TBD).
• Account Deletion: When you delete your account:
  • Your account is marked as deleted (`deleted_at` timestamp is set), effectively deactivating it.
  • Personal data like settings, drafts, and contacts are permanently deleted.
  • Your username is reserved to prevent impersonation.
  • Emails you participated in (sent or received) are generally preserved for other users involved in those conversations unless they also expire.
• Logs: Technical logs (like IP/User Agent) may be retained for a limited period for security and auditing purposes.
• Failed/Stale Data: Emails that fail to send after a certain period may be marked as 'failed'. Attachments associated with failed operations may be cleaned up.

9. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on our website or through other communication channels. Your continued use of Twoblade after changes constitutes acceptance of the updated policy.