The legal pages. Written to be read.

Privacy policy

This privacy policy explains what data imail.now (imail) collects from you, why, and what you can do about it. It applies to anyone who creates an account on imail.now or interacts with our website.

imail is operated by imail Technologies FZ-LLC, registered at Dubai, United Arab Emirates. For legal questions, contact [email protected].

What we collect

Account information. Your name, email address, password (hashed, never stored in plain text), workspace name, and billing details for paid plans.

Inbox connection data. When you connect an SMTP/IMAP mailbox, we store the server credentials (encrypted at rest with AES-256-GCM) and OAuth tokens where applicable. We need these to send and receive on your behalf.

Campaign content + leads. The email content you write, the lead lists you upload, the replies you receive. We process this to deliver the service.

Usage telemetry. Pages you visit in the app, errors you encounter, performance timings. Used to debug and improve the product. Anonymous after 30 days.

What we don't collect: we don't track you across other websites. We don't use Google Analytics, Facebook Pixel, or third-party advertising trackers. We don't read or store your replies for any purpose other than running the platform you signed up for.

How we use it

• To run the service. Sending email, receiving replies, displaying analytics, sending account notifications.
• To classify replies (with your permission, default-on). We pass replies to Anthropic's Claude API for classification. The content is not used to train any AI model. You can turn this off in workspace settings.
• To detect abuse. If a workspace is being used to send spam or phishing, we may inspect content to take action (see acceptable use).
• To send you product updates. Major changes, downtime notifications, billing reminders. You can opt out of non-essential emails any time.

Who we share data with

A short list of subprocessors that process your data on our behalf. Full list maintained at /legal#subprocessors below.

• Anthropic — Claude API for reply classification (can be disabled).
• Cloudflare — DNS, CDN, DDoS protection.
• Stripe — payment processing for paid plans.
• AWS (eu-west-1) — primary database and storage.
• Sentry (EU region) — error monitoring.

We do not sell your data. We do not share it with advertisers. We will only respond to lawful government requests after exhausting all legal challenges, and we will notify you unless we are legally prohibited from doing so.

Data retention

Active workspace data is retained as long as your account is active. When you cancel:

• 60 days — Account and data preserved. Easy reactivation.
• Day 61 — All workspace data deleted from primary database.
• Day 90 — All backups containing your data are rotated out.

For users in the EU/UK, you can request immediate deletion at any time and we'll process it within 30 days. See "your rights" below.

Your rights (GDPR, CCPA, UAE)

Regardless of where you live, you have these rights with imail:

• Access. Download a full export of your data as JSON. Self-serve via Settings → Privacy → Export.
• Deletion. Delete your workspace and all associated data. Self-serve via Settings → Privacy → Delete.
• Correction. Update any account or lead data via the app or the API.
• Portability. Export is JSON — readable by other tools, no proprietary format.
• Object. Opt out of any non-essential processing (iBrain classification, telemetry) in workspace settings.

To exercise these rights or appeal a decision, email [email protected]. We respond within 30 days. If you're unsatisfied, you can lodge a complaint with your local data protection authority.

Cookies

We use a small number of cookies, all strictly necessary or first-party:

• imail_session — auth session. Required.
• imail_workspace — last active workspace ID. Required for routing.
• imail_tweaks — your design preferences on this site. Used by the Tweaks panel.

That's it. No third-party trackers. No advertising cookies. No "consent manager" pop-up because there's nothing to consent to.

Security

• Inbox credentials and OAuth tokens encrypted at rest with AES-256-GCM. Keys rotated every 90 days.
• TLS 1.3 in transit. HSTS preloaded.
• JWT auth with rotation. 2FA available on all workspaces.
• End-to-end Sentry monitoring on production with PII scrubbing.
• SOC 2 Type II as of February 2026. Audit report available under NDA — email [email protected].
• Responsible disclosure: send vulnerability reports to [email protected]. We pay bounties.

Terms of service

These terms govern your use of imail.now ("imail", "us", "we"). By creating an account, you agree to them. They apply to free trials and paid plans alike.

Your account

You're responsible for the security of your password and any actions taken under your account. Don't share your credentials with people who shouldn't have them. Use 2FA — it's a checkbox.

If you're using imail on behalf of an organization, you confirm you have authority to bind that organization to these terms.

Acceptable use

imail is a cold email infrastructure tool for legitimate business outreach. The following is not allowed and will result in account suspension or termination:

• Phishing or fraud of any kind.
• Sending unsolicited mail to consumers (B2C cold email is largely illegal in most jurisdictions — we only support B2B).
• Sending without permission of the inbox owner you're connecting (you can only connect inboxes you control).
• Scraping inboxes for content you don't own.
• Attempting to overload, reverse-engineer, or compromise our infrastructure.
• Buying email lists from unverified sources and uploading them as leads. We will detect this and suspend.

We reserve the right to suspend accounts that violate these terms without prior notice if we believe the violation is causing immediate harm. In all other cases, we'll give you 7 days to correct the issue.

Payment + billing

Paid plans are billed monthly or annually in advance. Prices are listed at /pricing.

We accept credit/debit cards, bank transfer, and Ziina (UAE customers). All prices are in USD unless your invoice specifies otherwise. Taxes are added based on your billing address.

If a payment fails, we'll retry up to 3 times over 7 days. After that, the workspace is paused (data preserved). You can reactivate by updating your payment method.

Cancellation

Cancel any time from Settings → Billing. Cancellation takes effect at the end of the current billing period (monthly) or as configured (annual). No fees, no questions.

14-day money-back on first payment. If you're unhappy in your first 14 days of paid service, email us and we'll refund in full, no questions.

Annual plans: cancellation prorates to the day. You'll receive a refund for unused months within 10 business days.

Availability + SLA

We commit to 99.9% monthly uptime on Velocity and above tiers. Spark and Surge are best-effort but historically operate at the same levels (see /status for live data).

If we miss the SLA in a given month on a covered tier, you receive an automatic account credit:

• < 99.9% uptime → 10% credit on that month's bill.
• < 99.5% uptime → 25% credit.
• < 99.0% uptime → 50% credit.
• < 95.0% uptime → 100% credit + you may exit any contract without penalty.

Scheduled maintenance windows are announced 7 days in advance and don't count against the SLA.

Liability

We do our best to make imail reliable, but we can't guarantee it will be uninterrupted or error-free. To the maximum extent permitted by law, our total liability for any claims related to imail is capped at the amount you paid us in the 12 months preceding the claim.

imail is not liable for indirect, consequential, special, or punitive damages — including lost revenue or lost data due to deliverability issues.

You indemnify us against claims arising from your use of imail in violation of these terms or applicable law (e.g. sending unsolicited mail in a jurisdiction where it's prohibited).

Governing law

These terms are governed by the laws of the Dubai International Financial Centre (DIFC). Disputes are resolved in the DIFC Courts unless we mutually agree otherwise.

If any provision is found unenforceable, the rest remains in effect.

Data processing addendum

For customers requiring a DPA (GDPR Art. 28), our standard DPA is available at imail.now/legal/dpa.pdf. Countersignature: email [email protected] with your company details and we'll send a signed copy within 2 business days.

The DPA covers EU Standard Contractual Clauses (2021), data location, subprocessor management, and breach notification.

Subprocessors

The full list of third-party services that process customer data on our behalf. Updated when we add or remove a subprocessor — affected customers are notified 30 days in advance.

• AWS (eu-west-1, Ireland) — primary database, object storage, queues.
• Cloudflare — DNS, CDN, DDoS protection, edge workers.
• Anthropic — Claude API for iBrain classification + generation (workspace-toggleable).
• Stripe — payment processing (paid plans only).
• Sentry (EU region) — error monitoring with PII scrubbing.
• Postmark — transactional emails (account notifications, billing alerts).
• Linear — customer support ticket routing (when you email [email protected]).

Contact

• Privacy questions: [email protected]
• Legal + contracts: [email protected]
• Security disclosures: [email protected]
• Postal: imail Technologies FZ-LLC, Dubai Internet City, Dubai, United Arab Emirates