Privacy Policy
Effective Date: July 24, 2025
At Limitless Now Ltd, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our intelligent email management application, including our OAuth integrations with Google and Microsoft services.
About Us
Limitless Now Ltd is the data controller for your personal data. We are registered with the UK's Information Commissioner's Office (ICO) under registration number [TO BE UPDATED]. Our registered office is at 27 Old Gloucester Street, Holborn, London, WC1N 3AX, United Kingdom.
Contact Information:
Email: [email protected]
Address: 27 Old Gloucester Street, Holborn, London, WC1N 3AX
1. Information We Collect
1.1 Account Information
When you create an account with Limitless Now, we collect:
Name and email address
Account credentials and authentication tokens
Profile information you choose to provide
1.2 Email Data Through OAuth Integration
Google Account Integration (Gmail API):
When you connect your Google account, we access and process:
Email Content: Full email messages, including headers, body content, and attachments for the purpose of categorization, analysis, and draft generation
Email Metadata: Sender information, recipient lists, timestamps, subject lines, and message threading and Categories:** Existing Gmail labels and folders to understand your organization preferences
Draft Management: Access to create, read, update, and manage email drafts on your behalf
Profile Information: Your Google account name and email address for authentication
Microsoft Account Integration (Microsoft Graph API):
When you connect your Microsoft account, we access and process:
Email Content: Full email messages, including entire conversation threads for contextual analysis
Mailbox Data: Email headers, content, attachments, and folder structures
Mailbox Settings: Permission to create and manage email folders/categories
Draft Management: Ability to create and modify draft emails in your mailbox
Profile Information: Your Microsoft account name and email address for authentication
1.3 Usage and Analytics Data
We automatically collect:
Application usage patterns and feature interactions
Error logs and performance metrics
Device and browser information
IP addresses and general location information
2. How We Use Your Information
2.1 Core Service Provision
We use your data to:
Email Processing and Categorization: Analyze email content using AI to automatically categorize and prioritize messages
Contextual Draft Generation: Access entire email threads to provide relevant context for AI-generated draft responses
Smart Organization: Create and manage email labels, folders, and categories based on your preferences
Real-time Notifications: Monitor your inbox for new emails and provide intelligent alerts
2.2 Service Improvement
We use aggregated, anonymized data to:
Improve our AI models and categorization algorithms
Enhance application performance and user experience
Develop new features and functionality
2.3 Legal Basis for Processing (GDPR)
Our processing is based on:
Contract Performance: Processing necessary to provide the email management services you've requested
Legitimate Interest: Improving our services and preventing fraud
Consent: Where explicitly provided for specific features or marketing communications
3. Data Sharing and Transfers
3.1 Third-Party Service Providers
We share data only with essential service providers:
Cloud Infrastructure: Google Cloud Platform for secure data processing and storage
AI Services: Google Gemini API for email analysis and draft generation
Authentication Services: Supabase for secure user authentication and data management
3.2 OAuth API Compliance
Google API Services Compliance:
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data to third parties.
Microsoft Graph API Compliance:
We process Microsoft user data strictly in accordance with Microsoft's API terms and data protection requirements.
3.3 International Data Transfers
Your data may be processed in countries outside the UK/EU. We ensure adequate protection through:
Standard Contractual Clauses approved by the European Commission
Adequacy decisions where applicable
Additional safeguards as required by GDPR
4. Data Security and Protection
We implement robust security measures including:
Encryption: AES-256 encryption for data at rest and TLS encryption for data in transit
Access Controls: Role-based access controls and multi-factor authentication
Regular Security Audits: Continuous monitoring and security assessments
OAuth 2.0 Security: Implementation of PKCE, state parameters, and secure token management
5. Data Retention
We retain your data only as long as necessary:
Email Data: Processed in real-time; temporary copies deleted within 24 hours after processing
Account Data: Retained while your account is active
Analytics Data: Aggregated data retained for up to 2 years for service improvement
Legal Requirements: Data may be retained longer if required by law
6. Your Rights (GDPR)
You have the right to:
Access: Request copies of your personal data
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data
Data Portability: Receive your data in a machine-readable format
Restrict Processing: Limit how we process your data
Object: Object to processing based on legitimate interests
Withdraw Consent: Revoke consent for specific processing activities
To exercise these rights, contact us at [email protected].
7. Cookies and Tracking
We use essential cookies for:
User authentication and session management
Application functionality and preferences
Security and fraud prevention
8. AI Model Training and User Data Integrity
To comply with Google's Limited Use Policy and to protect your privacy, we want to be unequivocally clear: Your personal data is never used to train or improve our general, global AI models.
Any learning or personalization that occurs is strictly confined to your own account to enhance your individual user experience. We do not aggregate your data with that of other users for the purpose of training artificial intelligence or machine learning models. All data sent to our third-party AI service providers is processed for the sole purpose of providing the immediate feature (e.g., drafting a reply) and is subject to zero-retention policies.
9. Marketing Communications
We may send you service updates and relevant product information. You can opt out at any time through:
Unsubscribe links in emails
Account settings in the application
Contacting [email protected]
10. Data Breach Notification
In the event of a data breach that may affect your personal data, we will:
Notify the ICO within 72 hours where required
Inform affected users without undue delay
Provide clear information about the breach and our response
11. Changes to This Policy
We may update this Privacy Policy periodically. Significant changes will be communicated through:
Email notifications to registered users
In-app notifications
Updates on our website
12. Contact and Complaints
Data Protection Contact:
Email: [email protected]
Address: 27 Old Gloucester Street, Holborn, London, WC1N 3AX
Complaints:
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113