Privacy
+ Security
We want to be transparent about how we utilize and process your data. We understand the inbox is a highly personal and private place, and we don't take you giving us access lightly. As a general rule we attempt to be as minimally invasive as possible, doing the minimum we need to perform our services.
We are SOC 2 Type 2 certified and GDPR compliant. Below is a link to our full privacy policy, but we'll summarize the most important aspects here:
01.
We don't store your emails.
As soon as Lavender is finished analyzing and helping you with your email, it is immediately deleted.
02.
We don't store your payment info.
All payments are securely processed by Stripe, the industry leader in software payment processing. This means that we never see, touch, or store your credit card details.
03.
We don't store your password.
All accounts are created and signed in with OAuth one-click sign-in for Google and Microsoft. This means we never see or save your password(s).
04.
We encrypt everything.
Lavender's AI is hosted securely on Amazon Web Services behind a firewall. We encrypt any data in transfer with TLS and at rest with AES encryption.
05.
We don't read your emails.
By default, Lavender only has access to the email you are currently working on. We don't have access to your historic emails and we can't read your inbox.
You can give us permission to access historic emails and performance data to provide benchmarking, progress reports, and coaching recommendations. These are encrypted for analysis and never saved.
Lavender's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
You can give us permission to access historic emails and performance data to provide benchmarking, progress reports, and coaching recommendations. These are encrypted for analysis and never saved.
Lavender's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
06.
You can delete your data.
In compliance with GDPR, CCPA, and other data privacy acts, users can easily and automatically delete any data we have on them from our servers.
