Skip to main content
Home/Privacy Policy

Privacy Policy

Your data is yours. Here's exactly how we handle it — no legalese fog, just clarity.

Last updated: March 23, 2026

Pynglo ("we," "our," or "us") is operated by Corvexa Studio. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Pynglo web application at pynglo.com (the "Service").

1

Information We Collect

1.1 Account Information

When you sign in with Google, we receive:

  • Your name and email address
  • Your Google profile picture URL
  • OAuth access and refresh tokens for Gmail API access

1.2 Email Metadata

When you sync your Gmail, we collect metadata and a short preview snippet from your sent emails:

  • Recipient name and email address
  • Email subject line
  • Date and time the email was sent
  • Gmail thread ID and message ID
  • A short text snippet (first ~100 characters)

1.3 What We Do NOT Collect

We want to be absolutely clear about what we never access or store:

We never read, store, or process the full content of your emails. Your email body and attachments are completely private.

  • Email body content — We never read, store, or process the full content of your emails
  • Attachments — We never access or download email attachments
  • IP addresses — We do not log or store your IP address
  • Location data — We do not track your geographic location
  • Device fingerprints — We do not collect device or browser fingerprinting data
  • Contacts — We do not access your Google Contacts
  • Calendar — We do not access your Google Calendar

1.4 Open Tracking Data

For follow-up emails sent through Pynglo, we embed a 1x1 transparent tracking pixel. When the recipient opens the email, we record:

  • The number of times the email was opened
  • The timestamp of each open event

We do not record IP addresses, device information, geographic location, or any other data from the tracking pixel.

2

How We Use Your Information

We use the collected information exclusively to:

  • Display your email tracking dashboard (who replied, who hasn't)
  • Detect replies to your tracked emails
  • Send follow-up emails on your behalf (only when you explicitly request it)
  • Generate response statistics and insights
  • Send you daily or weekly digest emails (configurable, can be turned off)
  • Process payments for Pro and Lifetime plans

We do not use your data for advertising, profiling, marketing to third parties, or any purpose beyond providing the Service.

3

Data Storage and Security

  • All data is stored in a Supabase (PostgreSQL) database hosted in the United States (AWS us-east-1)
  • Data is encrypted at rest and in transit (TLS 1.2+)
  • Gmail OAuth tokens are stored in the database and are only used to access Gmail on your behalf
  • We use Row Level Security (RLS) to ensure users can only access their own data
  • Our application is hosted on Vercel with automatic HTTPS
4

Data Sharing

We do not sell, rent, or share your personal data with any third parties.

The only services that process your data are:

  • Google Gmail API — to read your sent email metadata, send follow-ups on your behalf, and detect replies by checking thread participants
  • Supabase — database hosting
  • Vercel — application hosting
  • Resend — to send digest emails from digest@pynglo.com
  • Lemon Squeezy — to process payments (they handle all payment data; we never see your credit card number)
5

Google API Services — Limited Use Disclosure

Google API Limited Use Compliance

Pynglo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Gmail data to provide and improve the email tracking features of Pynglo
  • We do not use Gmail data for advertising or to build advertising profiles
  • We do not transfer Gmail data to third parties except as necessary to provide the Service (as listed in Section 4)
  • We do not use Gmail data for any purpose other than providing the Pynglo Service
  • Human users only see their own data through the Pynglo dashboard
6

Data Retention

  • Your account data and email metadata are retained as long as your account is active
  • Replied emails are automatically archived from the dashboard after 30 days but remain in the database
  • If you delete your account, all your data is permanently deleted within 30 days
  • You can request immediate data deletion by emailing hello@pynglo.com
7

Your Rights

You have the right to:

  • Access — View all data we store about you (visible in your dashboard and settings)
  • Rectification — Correct any inaccurate data
  • Deletion — Request complete deletion of your account and all associated data
  • Portability — Request an export of your data
  • Revoke access — Disconnect Gmail at any time through your Google Account permissions
  • Opt out of digests — Turn off digest emails in your Pynglo settings at any time
8

GDPR Compliance

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis: We process your data based on your consent (granted when you sign in and authorize Gmail access) and contract performance (providing the Service)
  • Data controller: Corvexa Studio is the data controller
  • You may withdraw consent at any time by disconnecting your Gmail or deleting your account
  • You may lodge a complaint with your local data protection authority
9

California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know — what personal information we collect, use, and disclose
  • Right to delete — request deletion of your personal information
  • Right to opt out — of the sale of personal information. We do not sell your personal information.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights

To exercise any of these rights, contact us at hello@pynglo.com.

10

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority as required by applicable law, including GDPR Article 33.

11

International Data Transfers

Your data may be processed in the United States and other countries where our service providers (Supabase, Vercel, Google) operate. We ensure appropriate safeguards are in place through our providers' Standard Contractual Clauses and data processing agreements. If you are in the EEA, your data is transferred with protections consistent with GDPR Chapter V requirements.

For Data Processing Agreement (DPA) requests, contact hello@pynglo.com.

12

Cookies

We use only essential cookies required for the Service to function:

  • Authentication cookies — to keep you signed in
  • Session cookies — to maintain your session state

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

13

Children's Privacy

Pynglo is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it immediately.

14

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.

15

Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, contact us at:

Email

hello@pynglo.com

Website

pynglo.com

Company

Corvexa Studio