Privacy Policy

ReciteMail is built privacy first. Your email lives on your own computer, encrypted, and we designed the product so that we never collect your inbox. This policy explains, in plain language, exactly what happens to your data.

1. Who we are

ReciteMail is operated by Velora Prima Ltd ("ReciteMail", "we", "us"), a company registered in Ireland (company number 797589), with its registered office at Workhub, 51 Bracken Road, Sandyford, Dublin D18 CV48, Ireland. Velora Prima Ltd is the data controller for the account data described below. For any privacy question, or to exercise your rights, contact us at info@recitemail.io.

2. The data that stays on your device

ReciteMail is a desktop application for Windows. The following data is stored only on your own computer and is never sent to us:

• The emails you import, paste, or capture, along with any drafts ReciteMail writes for you.
• Your identity profile, suppliers, templates, banned words, and signature.
• Your app settings and preferences.

This data is held in an encrypted local database on your machine (AES-256 encryption). If you turn on the optional app lock, the database key is additionally protected by your passphrase. ReciteMail does not connect to your email account and does not download your mailbox in bulk. Importing is something you do, on your device, file by file or message by message.

3. What we send to the AI, and when

Nothing is sent for processing until you ask for it. When you use an AI feature (for example, drafting a reply, paraphrasing a passage, translating, transcribing dictation, researching a fact, or revising a draft), ReciteMail sends only the specific message and the context you have chosen for that action to Google's Gemini model, which generates the result and returns it to you.

• We send the minimum needed to complete the action you requested, not your wider mailbox.
• Google does not use content submitted through the paid Gemini API to train its models.
• For the research feature, the query derived from your request is also sent to Google Search so the model can ground its answer in current information.
• If you are on the built-in plan, these requests pass through ReciteMail's secure server (the "proxy") purely so we can authenticate your subscription and meter usage. The proxy forwards your request to Gemini and returns the result. We do not store the content of your messages or the drafts on our servers.

4. The data on our servers

To run accounts and subscriptions for the built-in plan, we keep a small amount of account data on our servers (hosted in the European Union):

• Your email address and a securely hashed password (we never store your password in readable form).
• Your subscription status and plan.
• Usage counts (for example, how many AI actions you have used in the current period) so we can apply fair-use limits and billing. These are counts, not content.
• Security and abuse-prevention records, such as timestamps of sign-in attempts.

We do not store your emails, your drafts, or the text you send to the AI on our servers.

5. Payments

Payments for the built-in plan are processed by Stripe. When you subscribe, your card details are handled directly by Stripe under their own privacy policy. ReciteMail never sees or stores your full card number. We receive only the information needed to manage your subscription, such as whether a payment succeeded and when your plan renews.

6. The website

This marketing website is a static site. It does not set advertising cookies and does not build a profile of you. If we add privacy-respecting analytics in future, we will update this policy first and keep any data collected to the minimum.

7. How long we keep data

Local data stays on your device until you delete it or uninstall the app. Account data on our servers is kept while your account is active. If you delete your account, we remove your account record and associated usage rows, except where we are required to keep limited billing records for legal and tax purposes.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. Because your email content lives on your device, you are already in direct control of it. For the account data we hold, you can:

• Request a copy of your account data (data export).
• Request deletion of your account (right to erasure).
• Ask us to correct inaccurate account details.

To make any of these requests, email info@recitemail.io from the address on your account. You also have the right to complain to your local data protection authority. As we are based in Ireland, our lead supervisory authority is the Irish Data Protection Commission (dataprotection.ie).

9. Security

We protect data in transit with TLS, encrypt account data at rest, hash passwords with a modern algorithm, and follow least-privilege access to our systems. No system is perfectly secure, but privacy and security are core design goals of ReciteMail, not afterthoughts.

10. Children

ReciteMail is intended for adults and is not directed at children. We do not knowingly collect personal data from anyone under the age required by law in their country.

11. Changes to this policy

If we make a material change, we will update the date at the top of this page and, where appropriate, notify you. Continued use of ReciteMail after a change means you accept the updated policy.

12. Contact

Questions about privacy? Email info@recitemail.io and we will help.