Privacy Policy

Account & billing data: your name, email address, hashed password, organization details, tax identifiers (such as GSTIN where applicable), subscription plan, and payment records. We do not store full card numbers — payments are handled by our payment processor.

Connected mailbox data: when you connect Gmail or Outlook via OAuth, or a mailbox via SMTP/IMAP, we store the access/refresh tokens or credentials needed to send on your behalf and to sync replies. Credentials and tokens are encrypted at rest.

Leads & campaign content: prospect records you import (name, email, company, role, and custom fields), the email sequences and templates you create, and the AI prompts and generated copy associated with your campaigns.

Replies & inbox data: messages your prospects send in reply, which we sync into your unified inbox, classify, and analyze for meeting intent so the platform can help you book meetings.

Deliverability & usage data: sending logs, bounce and complaint signals, open/click tracking events, plus standard diagnostic data such as IP address, browser, and audit logs used to secure and operate your workspace.

To provide the Services: send your sequences, run automated follow-ups, sync replies into your unified inbox, detect meeting intent and book meetings, and manage your leads and campaigns.

AI personalization: we pass relevant prompt and web-research context to our AI providers (OpenAI and Anthropic) and our web-search provider (Tavily) to generate personalized email content. We use the model you select for each generation.

Deliverability: we use sending and reputation signals to support SPF/DKIM/DMARC setup, automated domain warm-up, and inbox-placement health, and to pause sending when we detect problems.

Billing, security & improvement: to process subscriptions and credits, prevent abuse and fraud, and improve the Services using aggregated, de-identified data that does not identify you or your prospects.

Where the GDPR applies (prospects or users in the EEA/UK), we process personal data under one or more of: performance of a contract (to deliver the Services), legitimate interests (to secure and improve the platform and prevent abuse), legal obligation (tax and compliance), and consent (where required, e.g. optional features).

We also operate in line with India's Digital Personal Data Protection Act, 2023 (DPDP). As the processor of your uploaded prospect data, you (the customer) are responsible for ensuring you have a valid lawful basis to contact those individuals.

We do not sell, rent, or trade your leads, campaign content, replies, or mailbox tokens. We never share your prospect lists with other customers. We only share data with vetted sub-processors needed to run the Services, under appropriate data-processing terms:

• Amazon Web Services (AWS) — cloud hosting, database storage, and authentication.

• Razorpay — payment processing and subscription billing (PCI-DSS compliant).

• OpenAI and Anthropic — AI models used to generate email content and detect meeting intent.

• Tavily — web search used to gather public context for AI personalization.

• Google (Gmail / Google Workspace) and Microsoft (Outlook / Microsoft 365) — OAuth mailbox access for sending and reply sync.

We protect data with industry-standard measures. Connected mailbox credentials and OAuth tokens are encrypted at rest, secrets are held in a managed secrets store rather than in source code, and all data in transit is protected with TLS.

Access to production systems is restricted on a least-privilege basis. We do not claim any formal certification (such as SOC 2) at this stage; we follow recognized security best practices and continue to strengthen our controls as we grow. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Our infrastructure runs on AWS and certain sub-processors operate outside India. Where personal data of EEA/UK individuals is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses. By using the Services, you understand that your data may be processed in countries other than your own.

We retain your data for as long as your account is active and as needed to provide the Services. When you delete leads or content, they are removed from active systems within a reasonable period.

On account termination, we delete or anonymize your workspace data within 30 days, except where we must retain limited records to meet legal, tax, or accounting obligations. OAuth tokens are revoked when you disconnect a mailbox or close your account.

Subject to applicable law, you may request to access, correct, export, or delete your personal data, and to restrict or object to certain processing. Much of this is available directly in your account settings (for example, exporting or deleting leads).

To exercise any right, email privacy@stynar.email from your registered account address. We respond within the timelines required by applicable law. If a prospect wishes to opt out, they can use the unsubscribe link in your emails, after which they are suppressed from future sends.

We use essential first-party cookies and local storage to keep you signed in, protect against CSRF, and remember your preferences. These are required for the app to function.

When you enable open or click tracking on a campaign, Stynar adds a tracking pixel or rewrites links so we can report opens and clicks. You can turn tracking off per campaign in your sending settings.

If you have questions or requests about this Privacy Policy or your data, contact us:

• Company: Webeeyo Softwers Pvt. Ltd. (operating Stynar)

• Location: Pune, Maharashtra, India

• Privacy: privacy@stynar.email

• General: hello@stynar.email