Execify Back to sign in

Legal

Privacy Policy

Effective May 24, 2026

This Privacy Policy explains what information Execify collects when you use the Service, how we use it, and the choices you have. Execify is operated by Michaël Ménard from Québec, Canada. If you have questions, email [email protected].

1. Information We Collect

Account information

When you sign in with Google or Microsoft, we receive your name, email address, profile picture, and a stable provider user ID from the OAuth consent flow. We store this to identify your account.

OAuth credentials

We store the access token and refresh token issued by Google or Microsoft, encrypted at rest. These tokens let Execify call the provider's API on your behalf within the scopes you approved. You can revoke them at any time from your provider's security settings.

Message content

To perform the workflows you configure, Execify reads messages from the mailboxes you connect. This includes message bodies, attachments, headers (sender, recipient, subject, dates), thread relationships, and folder/label metadata. When you enable outbound actions, we also process the replies you send.

Workflow and usage data

We store the workflows you create, the classification results produced by our engine, the action runs they trigger (including webhook delivery status), and basic telemetry such as IP address, browser type, and request timestamps for security and reliability monitoring.

2. How We Use Information

We use the information above to:

  • ingest messages from your connected mailboxes and classify them against the rules you configure;
  • deliver structured payloads to the webhook endpoints you set up, and to draft, send, or organize messages when your workflows instruct us to;
  • operate, maintain, secure, and improve the Service;
  • respond to your support requests and account-related communications;
  • comply with legal obligations and enforce our Terms of Service.

3. Google API Services User Data Policy

Execify's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Gmail data only to provide and improve the user-facing features of Execify that are clearly visible in our user interface.
  • We do not use Gmail data to serve advertising of any kind.
  • We do not transfer Gmail data to others except (a) to webhook endpoints you explicitly configure as part of a workflow, (b) to the limited service providers listed below to operate the Service, (c) as necessary for security or to comply with applicable law, or (d) as part of a merger, acquisition, or sale of assets with notice to you.
  • We do not allow humans to read Gmail data except (a) with your explicit consent, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
  • We do not use Gmail data to develop, improve, or train generalized or non-personalized AI or machine-learning models.

4. Microsoft Graph Data

When you connect a Microsoft account, Execify accesses your mailbox through Microsoft Graph under the scopes you approved (User.Read, Mail.ReadWrite, Mail.Send, and offline_access). We use this access only to provide the features described in this Policy and apply the same restrictions as above: no advertising use, no training of generalized AI models, and no transfer outside the categories listed in Section 5.

5. How We Share Information

Webhook endpoints you configure

The core function of Execify is to forward classified message data to webhook URLs you specify. You are responsible for those endpoints and for any downstream processing they perform. Payloads are signed so receivers can verify they came from Execify.

Service providers (sub-processors)

We use a small set of vendors to operate the Service. They access your data only as needed to perform their function and are bound by contractual confidentiality and security obligations.

  • Laravel Cloud — application hosting, database, and queue infrastructure.
  • Anthropic — large-language-model API used for message classification and reply drafting. Content sent to Anthropic is processed under their commercial API terms, which prohibit training on customer data and require deletion within a short retention window.
  • Google LLC and Microsoft Corporation — identity providers and source mail providers; data exchanged with them is governed by your account with them.
  • Laravel Nightwatch — application performance and error telemetry; configured to redact request bodies and headers that could contain message content.

Legal and safety

We may disclose information if we believe in good faith it is required to comply with a legal obligation, to enforce our Terms, to protect the rights, property, or safety of Execify, our users, or the public, or to detect and prevent fraud or security incidents.

Business transfers

If Execify is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will give you notice before your information becomes subject to a different privacy policy.

6. Data Retention

We keep message content and classification history for as long as your account is active or as needed to provide the Service. You can request deletion at any time. When you delete your account or disconnect a mailbox, we delete the associated message content within 30 days, except for records we are required to keep for legal, security, or auditing purposes.

7. Security

We protect your data with industry-standard measures: TLS for data in transit, encryption at rest for OAuth tokens, scoped database access, signed webhook payloads, and standard infrastructure hardening. No system is perfectly secure, however, and we cannot guarantee absolute security.

8. Your Rights

Depending on where you live, you may have rights under privacy laws such as Québec's Law 25, Canada's PIPEDA, the EU/UK GDPR, or the California CCPA — including rights to access, correct, delete, export, or restrict our processing of your personal data, and to withdraw consent. To exercise any of these rights, email [email protected]; we will respond within the time required by applicable law.

9. International Data Transfers

Execify is operated from Canada and our service providers may process data in Canada, the United States, and the European Union. By using the Service you acknowledge that your information may be transferred to and processed in countries other than the one in which you reside.

10. Children

Execify is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe we have, please contact us and we will delete the information.

11. Changes to this Policy

We may update this Privacy Policy from time to time. If we make a material change we will give you notice (for example, by email or by a notice in the Service) before the change takes effect. The "effective date" at the top of this page indicates when this version was published.

12. Contact

Questions, complaints, or requests under this Policy can be sent to [email protected].