Privacy Policy

Last updated: 27 May 2026

1. Who we are

Globomate ("Globomate", "we", "us", "our") operates the AI customer-communication assistant available at globomate.eu. We are the data controller for the personal data processed through our service. For privacy matters contact privacy@globomate.eu.

2. Data we collect

  • Account data: name, email, password hash, business profile, language preference.
  • Connected mailbox data: when you connect Gmail or Outlook, we receive OAuth tokens and access the messages required to generate replies (sender, recipient, subject, body, timestamps, attachments metadata).
  • AI conversation data: prompts, generated drafts, edits and approvals you make to those drafts.
  • Billing data: processed by our payment provider (Stripe). We store the plan, status and last four digits โ€” never full card numbers.
  • Technical data: IP address, browser, device, logs, cookies strictly necessary for the service to function.

3. How AI processes your email

Globomate sends relevant email content to large-language-model providers (currently Google Gemini and OpenAI via the Lovable AI Gateway) to draft replies. Processing happens in transit; the providers act as our processors under contract and do not use your content to train their models.

Drafts are stored in your Globomate account so you can review, edit, approve or discard them. You can disconnect a mailbox at any time from the Inbox settings, which revokes our OAuth tokens and stops further processing.

4. Legal basis (GDPR Art. 6)

  • Contract: processing necessary to provide the service you signed up for.
  • Legitimate interest: securing the service, preventing abuse, product analytics in aggregated form.
  • Consent: connecting a mailbox, optional marketing emails โ€” you can withdraw at any time.
  • Legal obligation: tax, accounting and lawful requests from authorities.

5. Where data is stored

Application data is hosted in the European Union (Supabase EU regions). AI processing may transfer email content to providers located in the United States; such transfers are covered by Standard Contractual Clauses and the EU-US Data Privacy Framework.

6. Retention

Account and conversation data are retained while your account is active and for up to 90 days after deletion, after which they are permanently erased from primary systems. Backups are rotated within 35 days. Invoices are kept for 10 years to comply with EU tax law.

7. Your rights

Under GDPR you have the right to access, rectify, erase, restrict, port and object to processing of your personal data, and to lodge a complaint with your local supervisory authority. Email privacy@globomate.eu and we will respond within 30 days.

8. Sub-processors

  • Supabase (EU) โ€” database, authentication, storage
  • Cloudflare โ€” application hosting and CDN
  • Google LLC โ€” Gmail API, Gemini AI
  • Microsoft Corp. โ€” Outlook / Microsoft Graph API
  • OpenAI โ€” language model inference
  • Stripe โ€” payments

9. Security

We use TLS in transit, encryption at rest, role-based access, row-level security and short-lived OAuth tokens. We will notify you within 72 hours of becoming aware of any breach affecting your personal data.

10. Cookies

We use strictly necessary cookies as well as optional cookies that improve your experience. On your first visit a cookie banner lets you choose between "Accept all" and "Necessary only". Your choice is stored locally in your browser and can be revoked at any time by clearing your browser data.

11. Changes

We may update this policy from time to time. Material changes will be announced by email or in-app at least 14 days before they take effect.