mailbud.app

Privacy Policy

How we handle your data when you use mailbud.

Last updated: 29 May 2026

This Privacy Policy explains how Nahayat.io (“we”, “us”), the company behind mailbud, processes personal data when you use the mailbud service. We are the data controller for your account data and a data processor for the email content we classify on your behalf.

Data we process

  • Account data: your name, email address and Microsoft 365 identity, used to create and secure your account.
  • Mailbox access tokens: OAuth tokens issued by Microsoft, stored encrypted at rest with AES-256-GCM. We never see or store your password.
  • Email content: the subject, sender and body of incoming messages, read through the Microsoft Graph API to classify and file them into your folders.
  • Your categories and corrections: the folder descriptions you write and the corrections you make, used to improve filing accuracy for your account only.
  • Billing data: handled by our billing provider; we store only what we need to manage your subscription.

How we use it

We process your email solely to classify it and file it into the folders you describe. Your mail is never used to train any shared or public AI model, and your corrections stay private to your account. mailbud only reads and moves mail — it cannot send, reply to, or forward messages on your behalf.

Legal basis

We process your data to perform our contract with you (providing the service) and on the basis of your consent when you connect your Microsoft 365 mailbox. You can withdraw access at any time from your Microsoft account.

Sub-processors

We rely on a small set of trusted sub-processors, including Microsoft (mailbox access), our EU hosting provider, the AI provider that performs classification, and our billing provider. All processing of mailbox content takes place on EU infrastructure.

Retention

We keep account data for as long as your account is active. Email content is processed transiently for classification and is not retained beyond what is needed to file the message and show you the result. When you delete your account, we delete your account data and revoke stored tokens.

Your rights

Under the GDPR you have the right to access, correct, export and delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, email us at hello@mailbud.app.

Contact

Nahayat.io — hello@mailbud.app. For details on how we process mailbox content as your processor, see our Data Processing Agreement.