Privacy Policy

Effective Date: July 24, 2025

At Limitless Now Ltd, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our intelligent email management application, including our OAuth integrations with Google and Microsoft services.

About Us

Limitless Now Ltd is the data controller for your personal data. We are registered with the UK's Information Commissioner's Office (ICO) under registration number [TO BE UPDATED]. Our registered office is at 27 Old Gloucester Street, Holborn, London, WC1N 3AX, United Kingdom.

Contact Information:

1. Information We Collect

1.1 Account Information

When you create an account with Limitless Now, we collect:

  • Name and email address

  • Account credentials and authentication tokens

  • Profile information you choose to provide

1.2 Email Data Through OAuth Integration

Google Account Integration (Gmail API):
When you connect your Google account, we access and process:

  • Email Content: Full email messages, including headers, body content, and attachments for the purpose of categorization, analysis, and draft generation

  • Email Metadata: Sender information, recipient lists, timestamps, subject lines, and message threading and Categories:** Existing Gmail labels and folders to understand your organization preferences

  • Draft Management: Access to create, read, update, and manage email drafts on your behalf

  • Profile Information: Your Google account name and email address for authentication

Microsoft Account Integration (Microsoft Graph API):
When you connect your Microsoft account, we access and process:

  • Email Content: Full email messages, including entire conversation threads for contextual analysis

  • Mailbox Data: Email headers, content, attachments, and folder structures

  • Mailbox Settings: Permission to create and manage email folders/categories

  • Draft Management: Ability to create and modify draft emails in your mailbox

  • Profile Information: Your Microsoft account name and email address for authentication

1.3 Usage and Analytics Data

We automatically collect:

  • Application usage patterns and feature interactions

  • Error logs and performance metrics

  • Device and browser information

  • IP addresses and general location information

2. How We Use Your Information

2.1 Core Service Provision

We use your data to:

  • Email Processing and Categorization: Analyze email content using AI to automatically categorize and prioritize messages

  • Contextual Draft Generation: Access entire email threads to provide relevant context for AI-generated draft responses

  • Smart Organization: Create and manage email labels, folders, and categories based on your preferences

  • Real-time Notifications: Monitor your inbox for new emails and provide intelligent alerts

2.2 Service Improvement

We use aggregated, anonymized data to:

  • Improve our AI models and categorization algorithms

  • Enhance application performance and user experience

  • Develop new features and functionality

2.3 Legal Basis for Processing (GDPR)

Our processing is based on:

  • Contract Performance: Processing necessary to provide the email management services you've requested

  • Legitimate Interest: Improving our services and preventing fraud

  • Consent: Where explicitly provided for specific features or marketing communications

3. Data Sharing and Transfers

3.1 Third-Party Service Providers

We share data only with essential service providers:

  • Cloud Infrastructure: Google Cloud Platform for secure data processing and storage

  • AI Services: Google Gemini API for email analysis and draft generation

  • Authentication Services: Supabase for secure user authentication and data management

3.2 OAuth API Compliance

Google API Services Compliance:
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data to third parties.

Microsoft Graph API Compliance:
We process Microsoft user data strictly in accordance with Microsoft's API terms and data protection requirements.

3.3 International Data Transfers

Your data may be processed in countries outside the UK/EU. We ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission

  • Adequacy decisions where applicable

  • Additional safeguards as required by GDPR

4. Data Security and Protection

We implement robust security measures including:

  • Encryption: AES-256 encryption for data at rest and TLS encryption for data in transit

  • Access Controls: Role-based access controls and multi-factor authentication

  • Regular Security Audits: Continuous monitoring and security assessments

  • OAuth 2.0 Security: Implementation of PKCE, state parameters, and secure token management

5. Data Retention

We retain your data only as long as necessary:

  • Email Data: Processed in real-time; temporary copies deleted within 24 hours after processing

  • Account Data: Retained while your account is active

  • Analytics Data: Aggregated data retained for up to 2 years for service improvement

  • Legal Requirements: Data may be retained longer if required by law

6. Your Rights (GDPR)

You have the right to:

  • Access: Request copies of your personal data

  • Rectification: Correct inaccurate personal data

  • Erasure: Request deletion of your personal data

  • Data Portability: Receive your data in a machine-readable format

  • Restrict Processing: Limit how we process your data

  • Object: Object to processing based on legitimate interests

  • Withdraw Consent: Revoke consent for specific processing activities

To exercise these rights, contact us at [email protected].

7. Cookies and Tracking

We use essential cookies for:

  • User authentication and session management

  • Application functionality and preferences

  • Security and fraud prevention

8. AI Model Training and User Data Integrity

To comply with Google's Limited Use Policy and to protect your privacy, we want to be unequivocally clear: Your personal data is never used to train or improve our general, global AI models.

Any learning or personalization that occurs is strictly confined to your own account to enhance your individual user experience. We do not aggregate your data with that of other users for the purpose of training artificial intelligence or machine learning models. All data sent to our third-party AI service providers is processed for the sole purpose of providing the immediate feature (e.g., drafting a reply) and is subject to zero-retention policies.

9. Marketing Communications

We may send you service updates and relevant product information. You can opt out at any time through:

  • Unsubscribe links in emails

  • Account settings in the application

  • Contacting [email protected]

10. Data Breach Notification

In the event of a data breach that may affect your personal data, we will:

  • Notify the ICO within 72 hours where required

  • Inform affected users without undue delay

  • Provide clear information about the breach and our response

11. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated through:

  • Email notifications to registered users

  • In-app notifications

  • Updates on our website

12. Contact and Complaints

Data Protection Contact:
Email: [email protected]
Address: 27 Old Gloucester Street, Holborn, London, WC1N 3AX

Complaints:
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk

  • Phone: 0303 123 1113