Privacy Policy

Azindoo — Email Intelligence Platform, operated by Obimanso Technologies
Last Updated: 11 May 2026 · Effective: 11 May 2026
UK ICO registered data controller · annual data-protection fee paid (registration number to follow)

Plain-English Summary: When you connect your inbox to Azindoo, we import a minimised plain-text copy of your recent emails into a secure cloud database located in the United States, operated by Abacus.AI on Amazon Web Services (AWS) infrastructure. We strip HTML formatting, quoted reply chains and email signatures before storing anything — keeping only the content our 21 analytical modules actually need. We do not sell your data, do not use it for advertising, and do not train AI models on it. You can disconnect, export, or permanently delete everything at any time from the Settings page.

Contents: 1. Who We Are 2. What We Collect 3. Why We Process It (Lawful Basis) 4. How Data Flows 5. Where Your Data Is Stored 6. Sub-Processors 7. Google API Limited Use 8. AI Processing 9. Third-Party Senders/Recipients 10. Security 11. Retention & Deletion 12. Your Rights 13. International Transfers 14. Cookies 15. Children 16. Changes 17. Contact

1. Who We Are

Azindoo is an email-intelligence platform owned and operated by Obimanso Technologies, a UK-registered company based in Leeds, England. In data-protection terms, when you sign up and connect your inbox we act as a data controller for your account information and as a data processor for the email content you import. For email content belonging to third parties (people who emailed you), please see section 9.

2. What We Collect

2.1 Account Information

Your name and email address
Hashed password (we never see or store your password in plain text)
Team / organisation details if you create or join a team
OAuth tokens issued by Google (encrypted), used only to read your mailbox on your behalf

2.2 Email Data We Import from Your Inbox

When you connect Gmail (the only provider currently supported), we sync the most recent emails (up to the last 30 days by default, up to 100 per sync). Before storing anything, we apply a data-minimisation pipeline that keeps only what our AI modules require:

Field	Description
Subject	The email subject line.
Body (plain text only)	The cleaned plain-text body — HTML formatting, quoted reply chains, email signatures and content beyond 8 KB are stripped before storage. We never store HTML, tracking pixels, or embedded images from emails.
Snippet	Auto-generated first 200 characters of the cleaned body (for search and preview).
From / To / Cc	Sender and recipient email addresses and display names. We do not store Bcc recipients.
Thread & Message IDs	Gmail identifiers used to group conversations.
Timestamps	When the email was sent and received.
Direction	Whether the message is inbound or outbound.

What we deliberately do NOT import or store: HTML email bodies, embedded images and tracking pixels, email signatures and footers, quoted reply chains (“On [date], [name] wrote:”), Gmail labels (INBOX, STARRED, CATEGORY_*), Bcc recipients, attachment contents.

2.3 Derived / Generated Data

From the imported emails, our AI modules generate and store:

Extracted commitments and intent statements
Emotional / escalation scores
Memory entries (decisions, approvals, key facts)
Thread summaries and forensic reconstructions
Trust-graph edges (relationship and influence scores between contacts)
Reply-probability profiles for the people you correspond with
Regulatory and data-protection alerts (flags about PII, off-hours activity, policy risk)
SLA records and invisible-work metrics

2.4 Usage / Technical Data

Device type, browser, operating system
IP address and approximate location
Pages visited, features used, error logs, performance data

3. Why We Process Your Data (Lawful Basis)

Under the UK GDPR, EU GDPR and similar global privacy frameworks, we rely on the following lawful bases:

Contract — to deliver the features you signed up for (importing your inbox, running the 21 intelligence modules, surfacing dashboards).
Consent — you provide explicit consent during Google sign-in (the OAuth consent screen) and when you tick the consent box at sign-up. You can withdraw consent at any time.
Legitimate Interests — to keep the platform secure, prevent abuse, debug errors, and improve aggregate (non-identifying) product analytics.
Legal Obligation — where applicable law requires us to retain or disclose data.

4. How Data Flows

Once you authorise the connection to Gmail:

Azindoo uses Google's OAuth 2.0 to obtain an access token with the gmail.readonly scope.
Azindoo calls the Gmail API and downloads recent messages to our database in the United States.
Each new message is then analysed by an AI/LLM service to extract structured intelligence (see section 8).
The structured results are written back to your account so you can view them in the dashboard.
You may delete individual emails, the entire dataset, or your whole account at any time from Settings.

5. Where Your Data Is Stored

All servers, databases and AI inference endpoints used by Azindoo are currently hosted in the United States:

Application server & database: Operated by Abacus.AI on Amazon Web Services (AWS) US regions.
AI / LLM processing: Abacus.AI inference endpoints, also in the United States.
Email source: Google (Gmail) servers, location determined by Google.

If you are located outside the United States, your personal data — including email contents — will be transferred to and processed in the United States.

6. Sub-Processors

We engage the following sub-processors. We bind each of them to confidentiality and data-protection obligations no less protective than those in this Policy:

Sub-Processor	Purpose	Location
Abacus.AI	Application hosting, managed database, LLM inference	United States
Amazon Web Services (AWS)	Underlying cloud infrastructure	United States
Google LLC	Source of email data (Gmail API), Google Sign-In	Global (Google-managed)

7. Google API Services — Limited Use Disclosure

Azindoo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scope requested: gmail.readonly — read-only access to your messages.
No advertising: We do not use Google user data for serving advertisements, including retargeting or personalised advertising.
No selling: We do not transfer or sell Google user data to third parties.
No human reading: Humans do not read your emails except (a) with your explicit consent for support, (b) for security or abuse investigations, (c) to comply with applicable law, or (d) on aggregated/anonymised data for internal operations.
No AI training: Google user data is not used to train, improve or develop generalised AI/ML models.
Revoke any time: You may revoke Azindoo's access via your Google Account permissions page.

8. AI Processing

Several of our modules send the contents of imported emails to a large-language-model (LLM) hosted by Abacus.AI to extract structured insights. We require that:

Email content is not retained by the LLM provider beyond the time strictly needed to return a response.
Email content is not used to train, fine-tune or evaluate any generalised model.
Processing happens entirely within Abacus.AI's US infrastructure.

9. Third-Party Senders and Recipients

When you import your inbox you also import messages written by, or addressed to, other people who never directly signed up to Azindoo. By connecting your inbox you confirm that you have the right under applicable law to allow us to process that correspondence on your behalf, and you take responsibility for informing your contacts where required.

We process this third-party data on the basis of your legitimate interest in understanding and managing your own correspondence. We minimise this processing: we do not enrich it with external data sources, do not build cross-user profiles, and do not share it with anyone else. If a third party objects to their data being held, please contact [email protected] and we will remove the relevant records.

10. Security

All traffic is encrypted in transit using TLS 1.2 or higher.
Databases are encrypted at rest by the underlying cloud provider.
OAuth tokens are stored encrypted and never exposed to the browser.
Access to production systems is limited to authorised engineers using strong authentication.
We log administrative access and monitor for anomalies.
We are working towards SOC 2 Type II attestation.

No system is perfectly secure. If you become aware of a vulnerability or incident, please email [email protected].

11. Data Retention & Deletion

While your account is active: we retain your imported emails and derived intelligence so the dashboards keep working.
On disconnecting an email account: we stop syncing new messages immediately and delete OAuth tokens.
On request: you can permanently delete all email data, derived intelligence, or your entire account from Settings › Privacy & Data. Deletion is irreversible and completes within 30 days.
Backups & logs: residual copies in encrypted backups are overwritten on a rolling 30-day cycle.
Anonymised analytics: we may keep fully anonymised aggregate statistics that cannot be linked back to you.

12. Your Rights

Depending on where you live (UK GDPR, EU GDPR, California CCPA, and similar global frameworks), you have some or all of the following rights:

Access: request a copy of the personal data we hold about you.
Rectification: ask us to correct inaccurate information.
Erasure (“right to be forgotten”): ask us to delete your data.
Portability: receive your data in a machine-readable format (JSON).
Restriction / Objection: limit or object to certain processing.
Withdraw consent at any time, including by revoking the Google connection.
Complain to your local data-protection authority (e.g. the ICO in the UK, your EU DPA, or the equivalent body in your country).

You can exercise most rights directly from Settings › Privacy & Data, or by emailing [email protected].

13. International Data Transfers

Because our infrastructure is in the United States, personal data of users outside the US will be transferred there. We rely on:

The EU–US, UK Extension and Swiss–US Data Privacy Framework, where our sub-processors are certified.
Standard Contractual Clauses with sub-processors where applicable.
Your explicit consent obtained at sign-up.

14. Cookies

We use a small number of strictly-necessary cookies for authentication (NextAuth session) and security. We do not use third-party advertising or cross-site tracking cookies. We may add a minimal analytics cookie in future; if we do, you will be asked to consent first.

15. Children

Azindoo is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has signed up, contact [email protected] and we will delete the account.

16. Changes to This Policy

If we make material changes (for example, adding a new sub-processor or changing data-storage location), we will update the “Last Updated” date and, where required, notify you in-app or by email at least 14 days before the change takes effect.

17. Contact Us

Privacy enquiries: [email protected]
Security: [email protected]
Legal / DPO: [email protected]
Operated by: Obimanso Technologies (UK-registered company, based in Leeds) — obimanso.com
ICO registration: Registered controller, annual data-protection fee paid. Number to be appended on this page.

18. Accountability Documents

The detailed accountability documentation required by Art. 5(2) UK GDPR is published in our Compliance Centre:

Record of Processing Activities — Art. 30 inventory.
Data Protection Impact Assessment — Art. 35 summary for our AI processing.
Legitimate Interests Assessment — balancing test for third-party email content.
Data Retention Policy — what we keep, for how long, and how it is deleted.
Incident & Breach Response Runbook — how we handle Art. 33/34 incidents.