Privacy Policy

MailSignatures.io (“we,” “our,” or “us”) is a Gmail signature management service for Google Workspace teams. This policy explains what information we collect, how we use it, and your rights regarding your data.

By connecting your Google Workspace account or using our service, you agree to the practices described here.

From Google Workspace (via OAuth)

When you connect your workspace, we receive and store:

• Directory data — names, email addresses, job titles, phone numbers, and profile photos for users in your Google Workspace directory.
• OAuth tokens — an encrypted refresh token and short-lived access token used to read your directory and write Gmail signatures on your behalf.
• Domain information — your primary Google Workspace domain and the email address of the admin who connected the account.

From you directly

• Signature settings — company name, accent color, logo, social profile links, and any customizations you enter in the signature builder.
• Contact information — if you contact support, we receive your name, email address, and the contents of your message.

Automatically collected

• Usage data — pages visited, features used, and error events. We use PostHog for anonymous product analytics. No personally identifiable information is attached to analytics events.
• Log data — server logs including IP address, browser type, and timestamps, retained for up to 30 days.

• To sync Gmail signatures to mailboxes in your domain
• To display and manage your team directory within the app
• To authenticate your Google Workspace account securely
• To respond to support requests and communicate service updates
• To improve the product through aggregated, anonymized usage analytics

We do not sell your data. We do not use your data to train AI models. We do not share your data with third parties for marketing purposes.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically: data obtained via Google APIs is used only to provide and improve the MailSignatures.io service. It is not used for serving advertisements, shared with third parties for their independent use, or used for any purpose unrelated to signature management.

• Data is stored in a PostgreSQL database hosted on Neon (serverless Postgres), provisioned on AWS infrastructure in the United States.
• The application runs on Vercel serverless infrastructure.
• OAuth tokens are encrypted at rest using AES-256 before being stored in the database.
• All data is transmitted over HTTPS/TLS.

We retain your workspace data for as long as your account is active. If you disconnect your workspace or request deletion, we remove your directory data, OAuth tokens, and signature settings within 30 days. Server logs are purged after 30 days.

Depending on your location you may have rights including: access to your data, correction of inaccurate data, deletion of your data, and portability of your data. To exercise any of these rights, contact us at support@mailsignatures.io.

We use a single session cookie (“mailsignatures_workspace_id”) to keep your workspace session active. We do not use third-party advertising cookies. PostHog analytics may set a cookie for session continuity; you can opt out via your browser’s cookie settings.

MailSignatures.io is not directed at children under 13. We do not knowingly collect personal information from children.

We may update this policy from time to time. Material changes will be communicated via email to the admin who connected your workspace. Continued use of the service after changes constitutes acceptance of the updated policy.

Questions about this policy or your data? Reach us at: