Last Updated: April 17, 2026
At Haamly, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our encrypted email service. Please read this policy carefully.
IMPORTANT PRIVACY NOTICE
By using Haamly, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use the Service.
We collect information that you voluntarily provide when using our Service:
We automatically collect certain information when you use the Service:
When you connect third-party email services (Gmail, Outlook), we collect OAuth tokens and access permissions necessary to provide the Service. We do not store your third-party service passwords.
We use collected information for the following purposes:
What We CANNOT Do
Due to our zero-knowledge encryption design, we cannot read your message content, subject lines, or see who you're communicating with (sender/recipient metadata). We also cannot scan your emails for marketing, advertising, or analytics purposes.
Haamly implements end-to-end encryption for messages between Haamly users:
Important: We encrypt metadata (who you're emailing and message subjects) in addition to message content. This means Haamly servers cannot read your message content, subject lines, or see who you're communicating with.
Messages are encrypted in transit using TLS/SSL. When you use OAuth to authenticate with external email services (Gmail, Outlook), your identity is verified through those providers, but they cannot access your encrypted Haamly messages.
Your encrypted data is stored on secure cloud servers (Railway platform). We implement a zero-knowledge architecture:
We implement reasonable physical, technical, and administrative safeguards to protect your information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. Our zero-knowledge design ensures that even in the event of a server compromise, your message content and metadata remain protected.
We retain your information for as long as your account is active or as needed to provide you services. You may request deletion of your account and data at any time. After deletion, we may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).
SECURITY DISCLAIMER
While we employ industry-standard security measures, you acknowledge that you use the Service at your own risk. We are not liable for unauthorized access, data breaches, or loss of data.
We do not sell your personal information. We may share your information in the following circumstances:
We may share data with third-party service providers who perform services on our behalf (e.g., hosting, analytics, payment processing). These providers are contractually obligated to protect your data.
We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to:
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change.
We may share your information with third parties when you explicitly consent to such sharing.
Haamly integrates with third-party email services (Gmail, Outlook) via their APIs. When you connect these services, you are subject to their respective privacy policies:
We are not responsible for the privacy practices of third-party services. Please review their policies before connecting your accounts.
Depending on your location, you may have the following rights:
To exercise these rights, please contact us at haamlyapp@gmail.com. We will respond to your request within 30 days.
California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.
European Residents (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including rights to access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint with a supervisory authority.
We use cookies and similar tracking technologies to maintain your session and improve your experience. You can control cookies through your browser settings, but disabling cookies may affect your ability to use the Service.
Haamly is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at haamlyapp@gmail.com.
Your information may be transferred to and maintained on servers located outside of your country. Data protection laws may differ between jurisdictions. By using the Service, you consent to the transfer of your information to the United States and other countries where we operate.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy. We encourage you to review this policy periodically.
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notification will be provided without undue delay and will include information about the breach and steps you can take to protect yourself.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
By using Haamly, you acknowledge that you have read, understood, and agree to this Privacy Policy.