Privacy Policy
Hey M.A.R.Y ("Mary", "we", or "the Service") is a Chrome extension that drafts emails from your saved templates and contacts and inserts them into the Gmail, Outlook, Naver, and Daum compose windows. This policy explains what information Mary handles and how it is protected.
- Mary never asks for your email password. It only fills a compose window you're already signed into.
- Email content is used only to generate the draft and is not stored on our servers.
- Templates, contacts, and settings are stored in your browser by default.
- We do not use your email content for advertising or sell it to third parties.
1. Information we process
| Item | What | Where stored |
|---|---|---|
| Templates, contacts, sender info | Entered by you | Browser local (synced to your account when signed in) |
| Account info | Email, name/company/job title (at sign-up), auth token | Supabase (auth/DB) |
| Email commands & drafts | Your instructions to Mary and the generated draft | Used transiently for processing — body not stored |
| Usage | Monthly generation count (plan/quota) | Supabase |
2. How we use it
- Provide email drafting and compose-window insertion
- Account authentication, quota and plan management
- Quality improvement and error handling
3. Sub-processors
The Service relies on the following processors:
- Supabase — authentication & data storage (policy)
- Anthropic (Claude) — the drafting AI. Requests are relayed via our server (Edge Function); the AI key is kept only on the server (policy)
- Lemon Squeezy — Merchant of Record for subscription payments. Card/billing data is handled by Lemon Squeezy; we do not receive it (policy)
- Vercel — hosting for this informational website
4. Why we request each permission
- Host access to mail sites (Gmail, Outlook, Naver, Daum) — to find the compose window and insert content. No data from other sites is collected.
- storage — to keep your settings and signed-in state on your device.
- sidePanel — to display Mary's UI in the browser side panel.
5. Retention & deletion
Local data is removed when you uninstall the extension or clear browser data. Account data is deleted within a reasonable period upon a deletion request. Email bodies are not retained after the draft is generated.
6. Your rights
You may request access, correction, deletion, export, or restriction of processing (including rights under GDPR, CCPA and similar laws). Please email us using the address below.
7. Security
AI and server keys are kept only in the server environment and are never exposed to the client or extension. Data access is limited to your own data via row-level security (RLS). Traffic is encrypted in transit with HTTPS.
8. Children
The Service is not directed to children under 14 (or the age set by your jurisdiction).
9. Changes
If this policy changes, we will post it on this page and provide separate notice for material changes.
10. Contact
Privacy inquiries: contact@praevi.io