Privacy Policy for Zenith

Effective Date: June 12, 2025

Welcome to Zenith ("App", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, Zenith. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Effective Date" of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

1. Information We Collect

When you use Zenith, we may collect the following information:

A. Information You Provide to Us

• Account Information (via IMAP and SMTP): When you connect an email account to Zenith, you will provide your email address, IMAP server details, SMTP server details, and a password (or an app-specific password, if your email provider requires or recommends one) to access your mail. Zenith uses these details to authenticate with your email provider's servers. The App will then access and process data from that email account. This includes:
  • Email headers (sender, recipient, subject, dates, etc.)
  • Email body content (text and HTML)
  • Email attachments
  • When you compose and send an email, Zenith will also process the recipient addresses, subject, and body content of the outgoing message.

B. Information Collected Automatically

We may collect standard usage data, device information, and diagnostic information to improve our App and services. In addition we collect domain names to enable spam filtering. This data is generally anonymized or aggregated.

2. How We Use Your Information

We use the information we collect in the following ways:

• To Provide and Maintain Our Service:
  • To allow you to access, manage, compose, and send your emails from various providers (via IMAP and SMTP) within a unified inbox in the Zenith app.
  • To display your emails, including headers, body content, and attachments, within the App on your local device.
  • To enable features such as pinning emails, archiving, unsubscribing, and blocking senders/domains.
  • We use the anonymized sender domain data to identify potential spam.
• To Provide AI-Powered Features:
  • Email content (from any connected account) is sent from your local device, through our secure server, to a third-party Large Language Model (LLM) API (currently Google Gemini) to generate summaries and assist with bundling emails. Our server acts as a proxy to secure our API keys and manage usage; your email data is not stored on our servers.
  • Zenith does not use your email content or any other personal data collected through the app to develop, improve, or train generalized AI and/or machine learning models.
• To Improve Our App: To understand usage patterns and improve the functionality and user experience of Zenith.
• To Communicate With You: To respond to your inquiries and provide customer support.

3. Data Confidentiality

We do not sell your personal information. Zenith does not use your personal information or email content for serving advertisements. We may share information we have collected about you in certain situations:

• With Third-Party Service Providers (LLM API):

  To provide AI-powered features like email summarization, we send email content to Google's Gemini API. This data is processed by Google Gemini according to their terms and privacy policy. According to Google Gemini's terms (available at https://ai.google.dev/gemini-api/terms), "Google logs prompts and responses for a limited period of time, solely for the purpose of detecting violations of the Prohibited Use Policy and any required legal or regulatory disclosures. This data may be stored transiently or cached in any country in which Google or its agents maintain facilities." We do not control Google Gemini's data handling practices beyond what is stated in their terms.

  Our server acts as an intermediary to forward this data to the Gemini API solely to protect our API keys and enforce usage limits associated with your Zenith subscription. No email data is stored on our servers during this process.

• Transmission to Your Email Provider (SMTP): When you send an email through Zenith, the email content (recipients, subject, body, and attachments) is transmitted securely from your device to your email provider's SMTP server using the credentials you provide. Zenith facilitates this connection but does not store the outgoing email content on its servers.
• By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

4. Data Storage and Security

Zenith is designed to operate primarily on your local device. When you connect an email account (IMAP and SMTP), email data (headers, body, attachments) and your account credentials (email, password/app password, server details) are stored locally on your device to enable offline access and app functionality.

No email content or account credentials from any provider are permanently stored on our servers. As described above, email content may pass transiently through our servers when being proxied to the LLM API for summarization, but it is not retained on our servers. Similarly, while our app transmits your outgoing emails to your provider's SMTP server, these emails are not stored on our servers.

To provide our spam filtering service, anonymized sender domain data is processed and may be temporarily stored on our servers to improve and maintain our filtering algorithms. This anonymized data cannot be linked back to individual users or their email accounts.

We use administrative, technical, and physical security measures to help protect your personal information and data transmitted to and from the App. All data communication between the App, our servers (when acting as a proxy or processing anonymized data), and third-party services like Google Gemini is encrypted using HTTPS/TLS. Communication with your IMAP and SMTP servers is also encrypted using industry-standard protocols (e.g., SSL/TLS) when supported by your email provider.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

5. Your Rights and Choices

• Accessing and Updating Your Information: You can access and manage your email data directly within the Zenith app.
• Data Deletion: You can request the deletion of any data associated with your use of Zenith that might be indirectly held (such as support correspondence or aggregated analytics). To request data deletion, please email us at support [at] zenithmail.app with "Zenith Data Deletion Request" in the subject line. Please include details of all email accounts you have used with the App to help us identify any relevant information. Note that email data and account credentials stored locally on your device are under your control and can be deleted by uninstalling the app or removing accounts from within the app.

6. Children's Privacy

Zenith is not intended for use by children under the age of 13 (or a higher age if stipulated by local law). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information as soon as possible.

7. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: