Privacy Policy

Last updated: November 9, 2025

Overview

At WarmOpener, your privacy is our top priority. This policy explains how we collect, use, protect, and share your information when you use our email personalization platform.

Data Controller vs Processor Roles

Data Controller: For your account, billing, and platform usage data, WarmOpener acts as a data controller, determining how and why we process this information.

Data Processor: For personal data you upload or send through the Service (e.g., contacts, email sequences, replies), WarmOpener acts as your data processor, processing this information on your instructions to provide the Service.

Legal Bases for Processing (GDPR)

Where GDPR applies, we process personal data based on:

  • Contract performance - providing the Service as agreed
  • Legitimate interests - improving and securing the Service
  • Consent - where required for certain features like marketing
  • Legal obligations - compliance with applicable laws

Google Limited Use Compliance

Our use and transfer of information received from Google APIs adheres to theGoogle API Services User Data Policy, including the Limited Use requirements.

Information We Collect

Account Information

  • Email address and name
  • Authentication credentials (managed by Clerk)
  • Billing and payment information (processed securely via Stripe)

Gmail Integration Data

When you connect your Gmail account to WarmOpener, we request limited access to your Gmail account through Google OAuth 2.0. We never store your Gmail password.

Google OAuth Scopes We Request:

  • userinfo.email - To identify your Google Account and display your email address in our platform
  • userinfo.profile - To display your name and profile information in our platform
  • gmail.send - To send personalized emails on your behalf through your Gmail account. This is the ONLY Gmail-specific scope we request.

What we access: We only access Gmail to send emails you create. We do NOT read your Gmail inbox, access your existing emails, or perform any actions beyond sending your campaigns.

Reply tracking: We track replies to your campaigns using Amazon SES inbound email processing with custom Reply-To headers. This means we do NOT need to access your Gmail inbox to detect replies. When recipients reply to your emails, the reply goes to our Amazon SES endpoint which logs it and automatically pauses follow-up sequences for that contact.

How we store tokens: Gmail access tokens and refresh tokens are encrypted using PostgreSQL's pgcrypto extension with AES-256 encryption before being stored in our database. Your Gmail credentials are never stored in plaintext.

SMTP Email Account Data (Alternative to Gmail)

If you connect email accounts via SMTP (Yahoo, Outlook, Zoho, or custom domains), we collect:

  • SMTP server details (host, port, username)
  • SMTP password (encrypted using pgcrypto with AES-256 before storage)
  • Email address and display name

Contact Data

  • Contact lists you upload or create (names, emails, companies, custom fields)
  • Custom fields and AI-generated content for personalization
  • Website data we fetch for contacts (company websites, product information, news)
  • Email sequences and templates you create

Usage Data

  • Campaign performance metrics (sent, scheduled, failed)
  • Reply detection status
  • Email sending logs (timestamps, recipients, status)
  • Platform usage analytics (feature usage, page views)

Cookies and Analytics

Google Analytics

We use Google Analytics to understand how visitors interact with our website. This includes:

  • Page views, session duration, and bounce rates
  • Geographic location (country/city level)
  • Device and browser information
  • Traffic sources and referral information

Google Analytics uses cookies and similar technologies. The data is processed by Google and may be transferred to Google servers, including in the United States.

Cookie Control: You can control cookies through your browser settings. You can also opt out of Google Analytics tracking by installing theGoogle Analytics Opt-out Browser Add-on.

Cookie Policy: For detailed information about cookies we use and how to manage them, please see our Cookie Policy.

How We Protect Your Data

Security Measures

  • Encryption in Transit: All data is encrypted using TLS/SSL during transmission
  • Encryption at Rest: Sensitive credentials (Gmail tokens, SMTP passwords, API keys) are encrypted using PostgreSQL pgcrypto with AES-256 encryption
  • Row-Level Security: Database-level isolation ensures users can only access their own data
  • OAuth 2.0 Authentication: Secure Gmail integration via Google OAuth - we never store your Gmail password
  • Automatic Token Refresh: Gmail access tokens are automatically refreshed and re-encrypted to maintain secure access
  • Secure Infrastructure: Hosted on Supabase (PostgreSQL) with enterprise-grade security

We use industry-standard security practices including Supabase for secure database management and Clerk for enterprise-grade authentication.

How We Use Your Information

We use your information to:

  • Provide and maintain our email personalization service
  • Process your email campaigns and sequences
  • Generate AI-powered personalized content using OpenAI (with your API key)
  • Send emails via your connected Gmail or SMTP account - only emails you explicitly create and schedule
  • Detect replies to your campaigns - using Amazon SES inbound email processing to automatically pause follow-up sequences when recipients respond
  • Enrich contact data by fetching public website information (if you enable this feature)
  • Track campaign performance (sent, delivered, replied)
  • Provide customer support
  • Improve our platform and develop new features
  • Send important service updates and security alerts
  • Process billing and payments via Stripe

Specifically for Google OAuth Access:

  • We use userinfo.email and userinfo.profile to identify you and personalize your experience
  • We use gmail.send scope ONLY to send emails you create through our platform
  • We do NOT request gmail.readonly, gmail.modify, or any other Gmail inbox access scopes
  • We do NOT read your Gmail inbox or access any of your existing emails
  • We do NOT access, modify, or delete existing emails in your Gmail account
  • Reply tracking is handled separately via Amazon SES - we never need to access your Gmail inbox
  • You maintain full control - you can revoke access anytime from your Google Account settings

We Never:

  • Sell your data to third parties
  • Use your contacts for our own marketing
  • Share your email content with anyone (except as required by law)
  • Train AI models on your data or email content
  • Read your Gmail inbox or access any of your existing Gmail emails
  • Store your Gmail password (we only use OAuth tokens)
  • Request gmail.readonly or any inbox access permissions

Third-Party Services

We use the following trusted third-party services:

Clerk

Authentication and user management

Supabase (PostgreSQL)

Secure database hosting with encryption and row-level security

Vercel

Website hosting and edge delivery (site and API routing)

OpenAI

AI content generation (using your own API key - we encrypt and store your key)

Google Gmail API

Email sending via OAuth 2.0 (gmail.send scope only - we do NOT request inbox access)

Amazon SES (Simple Email Service)

Reply tracking via inbound email processing - tracks replies without accessing your Gmail inbox

Stripe

Secure payment processing - we never store your credit card details

Google Analytics

Website analytics and usage tracking (see Cookies and Analytics section above)

Each of these services has their own privacy policies which govern their handling of your data. We recommend reviewing their policies for complete transparency.

Your Rights and Control

You have the right to:

  • Access: Request a copy of your data at any time
  • Export: Download all your contacts, campaigns, and email templates
  • Delete: Request deletion of your account and all associated data
  • Correct: Update or correct your information through your account settings
  • Revoke Gmail Access: Disconnect your Gmail account and revoke WarmOpener's access at any time
  • Opt-out: Unsubscribe from marketing emails (service emails will continue)

How to Revoke Gmail Access

You can revoke WarmOpener's access to your Gmail account at any time:

  1. Visit your Google Account Permissions page
  2. Find "WarmOpener" in the list of connected apps
  3. Click "Remove Access"
  4. Alternatively, disconnect from within your WarmOpener account settings

After revoking access, we will no longer be able to send emails or check for replies on your behalf. Your account data will remain available unless you request deletion.

To exercise these rights, contact us at support@warmopener.com

Additional Rights (GDPR/CCPA)

Depending on your location, you may have additional rights under GDPR, CCPA, and other privacy laws:

GDPR Rights (EU/UK residents):

  • Right to access - Request details about personal data we hold
  • Right to rectification - Correct inaccurate or incomplete data
  • Right to erasure - Request deletion ("right to be forgotten")
  • Right to restrict processing - Limit how we use your data
  • Right to data portability - Receive your data in machine-readable format
  • Right to object - Object to processing based on legitimate interests
  • Right to lodge a complaint - Contact your local supervisory authority

CCPA Rights (California residents):

  • Right to know - What personal information we collect and how it's used
  • Right to delete - Request deletion of your personal information
  • Right to opt-out - Opt out of "sale" or "sharing" of personal information
  • Right to non-discrimination - Equal service regardless of privacy choices

Note: We do not sell or share personal information as defined by CCPA/CPRA.

Data Retention

We retain your data for as long as your account is active. If you cancel your account, we will delete your data within 30 days, except where we are legally required to retain it.

International Data Transfers

We may process your data outside your country of residence. Our infrastructure spans multiple regions to provide optimal service performance and reliability.

Cross-Border Data Protection

Where personal data is transferred from the EEA/UK to countries without an adequacy decision, we rely on appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Additional technical and organizational security measures
  • Vendor contractual commitments to data protection standards
  • Regular review and assessment of transfer mechanisms

We ensure all third-party processors meet equivalent data protection standards regardless of location.

Children's Privacy

WarmOpener is not intended for children under 13 (or under 16 where EU law applies). We do not knowingly collect information from children under these ages.

If you believe a child has provided us with personal information, please contact us atsupport@warmopener.comand we will delete the information promptly.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through the platform. Continued use after changes constitutes acceptance.

Contact Us

If you have questions about this Privacy Policy, please contact us:

Company: Rebirth Automation Technologies

Email: support@warmopener.com

Location: Dubai, United Arab Emirates

Back to Home
Privacy Policy | WarmOpener