Privacy Policy

Last Updated: April 24, 2026

1. Introduction

Zinkforge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services, including our Google Workspace™ Add-ons (Mail2Cal, Mail2Ledger), our Chrome Extension (Mail2Follow), and other services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Google Workspace™ Add-ons (Mail2Cal, Mail2Ledger)

When you use Mail2Cal, Mail2Ledger or other Google Workspace™ Add-ons, we may access and process:

  • Email content and attachments you explicitly select for processing
  • Calendar information for event creation (Mail2Cal)
  • Google Drive™ files and Google Sheets™ generated or modified by the application (Mail2Ledger)
  • User profile information (name, email address)
  • Metadata associated with emails, calendar events, and generated spreadsheets

2.2 Chrome Extension (Mail2Follow)

When you use Mail2Follow, we collect and process the following data for emails you explicitly choose to track:

  • Email subject line (stored)
  • Recipient email address and name (stored)
  • Date the email was sent (stored)
  • Gmail thread and message IDs (stored for deduplication and navigation)
  • Your Gmail signature (stored for reuse in follow-up drafts)
  • AI-generated follow-up drafts (stored until the follow-up is resolved, then deleted)
  • User profile information obtained via Google OAuth 2.0 (name, email address)
  • Analytics events (event name, properties, timestamp, used to improve the product)

Email body content is processed transiently by our AI service for email classification and draft generation. The body is sent to Anthropic's API for analysis, processed in memory, and immediately discarded. It is never stored in our database.

What Mail2Follow does NOT collect:

  • Mail2Follow does not request Gmail API scopes. It does not read your inbox or access emails through Google's API
  • It only processes emails you explicitly choose to track
  • It never stores the full body of any email

How Mail2Follow interacts with Gmail: The extension operates via the browser's DOM within the Gmail web interface. It intercepts post-send responses to capture thread IDs (without modifying your emails), scans the thread view to detect replies, and accesses the Gmail Atom feed for background reply detection. On the free tier, a "Powered by Mail2Follow" attribution may be appended to tracked emails.

2.3 Open Tracking — Data Collected from Email Recipients (Pro Feature)

When a Mail2Follow user enables open detection and sends a tracked email, a 1×1 transparent pixel is embedded in that email. When the recipient opens the email, their email client loads the pixel from our server. At that moment, we collect the following data about the recipient's device:

  • Country code — derived from the recipient's IP address via Cloudflare's infrastructure. The raw IP address is never stored.
  • Anonymised device fingerprint — a one-way SHA-256 hash of IP address + User-Agent string + a server-side secret salt. The original IP address cannot be recovered from this hash.
  • User-Agent string — the first 200 characters are stored in our analytics log for bot detection and fraud prevention. This field is not linked to any recipient identity beyond the anonymised device hash.
  • Open timestamps — date and time of each detected open event.
  • Bot classification flag — a boolean indicating whether the open appears to originate from an email security scanner rather than a human.

The recipient's email address is stored exclusively as a one-way SHA-256 hash, solely to check whether that recipient has opted out of tracking globally. The raw email address is never stored on our servers in any form.

Open tracking data is retained for 365 days from the date of collection and then permanently deleted. Domains belonging to government, healthcare, and institutional organisations are automatically excluded from tracking.

Recipient opt-out: If you have received an email tracked by Mail2Follow and wish to prevent future open detection, you can opt out globally at any time. Your opt-out is stored as an irreversible hash — we never record your email address in plaintext.

Role clarification: The Mail2Follow user who sends tracked emails acts as the Data Controller for their recipients' data. Zinkforge acts solely as Data Processor on their behalf (see Terms of Service §7.1 — Data Processing Agreement ).

2.4 Usage Information

We automatically collect certain information about your device and how you interact with our Services, including:

  • Log data (IP address, browser type, operating system)
  • Usage patterns and feature interactions
  • Error reports and performance data

Our website uses Cloudflare Web Analytics and Ahrefs Web Analytics to understand how visitors interact with our site. These services do not use cookies or collect personal identifiers. They only process aggregated, anonymised data such as page views and referral sources. No data is used for advertising or profiling.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our Services, including processing emails to create calendar events (Mail2Cal), extracting financial data from emails and attachments to create and update Google Sheets™ (Mail2Ledger), and tracking sent emails to generate follow-up reminders and AI-powered draft suggestions (Mail2Follow)
  • Improve, personalize, and expand our Services based on user feedback
  • Understand and analyze usage patterns to optimize performance
  • Develop new products, services, features, and functionality
  • Communicate with you for customer service, support, and updates
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations and enforce our terms

4. Data Processing and AI

4.1 Google Workspace™ Add-ons (Mail2Cal, Mail2Ledger)

Mail2Cal and Mail2Ledger use Google's Gemini™ AI to analyze email content and attachments. Mail2Cal extracts relevant information for calendar event creation, while Mail2Ledger extracts financial data to organize it in spreadsheets. This processing occurs in real-time and the email content and attachments are:

  • Only processed when you explicitly request it by interacting with the add-on
  • Sent securely to Google's AI services for analysis
  • Not stored permanently on our servers
  • Not used to train AI models or shared with third parties

4.2 Chrome Extension (Mail2Follow)

Mail2Follow uses Anthropic's Claude AI to classify tracked emails and generate follow-up draft suggestions. When you track an email:

  • The email subject and a sanitized version of the email body are sent securely to Anthropic's API
  • Processing occurs in real-time. The email body is never stored in our database
  • Anthropic processes the data subject to their privacy policy and does not use API inputs to train their models
  • The generated AI draft is stored temporarily and automatically deleted when the follow-up is resolved

5. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using SSL/TLS protocols
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Minimal data retention policies
  • Mail2Follow data is hosted on Cloudflare's global infrastructure (Workers and D1 database), benefiting from their enterprise-grade security

5.1 Data Retention

For Mail2Follow specifically:

  • Active follow-ups are retained until you delete them or resolve them
  • AI-generated drafts are automatically deleted when the follow-up is resolved
  • Email body content is never stored. It is processed in memory and discarded
  • Analytics events are stored in aggregated form indefinitely to improve the service

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist in operating our Services (e.g., Google Cloud Platform™, Gemini™ AI, Anthropic Claude AI, Cloudflare, Lemon Squeezy, Ahrefs)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Protection of Rights: To protect the rights, property, or safety of Zinkforge, our users, or others

7. Google API Services User Data Policy

Zinkforge's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.

Specifically, we only request the minimum necessary scopes to provide our Services, and we do not use Google user data for serving advertisements or any other purpose beyond providing the core functionality of our add-ons.

8. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases under Article 6 of the GDPR:

8.1 Mail2Follow Users

  • Contract performance (Art. 6(1)(b)): Processing your account data, email metadata, and follow-up records is necessary to provide the Mail2Follow service you subscribed to.
  • Legitimate interests (Art. 6(1)(f)): Collecting analytics events to detect abuse, improve product reliability, and understand aggregate usage patterns.

8.2 Email Recipients of Tracked Emails

When a Mail2Follow user enables open tracking, they become the Data Controller for processing their recipients' data. Zinkforge acts as Data Processor on their behalf. The applicable legal basis is:

  • Legitimate interests of the Controller (Art. 6(1)(f)): The Mail2Follow user has a legitimate interest in knowing whether their business communications have been read, in order to time follow-ups appropriately. Zinkforge minimises the data collected and provides a global opt-out mechanism to balance this interest against recipient rights.

Sensitive domains (government, healthcare, institutional) are automatically excluded from tracking. Recipients can opt out at any time via the global opt-out page .

8.3 Mail2Cal and Mail2Ledger Users

  • Contract performance (Art. 6(1)(b)): Accessing and processing email content and attachments is necessary to provide the add-on functionality you explicitly requested.

9. Your Rights and Choices

You have the following rights regarding your information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Revoke Access: You can revoke our access to your Google account at any time through your Google Account permissions settings
  • Uninstall: Uninstall our add-ons from the Google Workspace Marketplace™ or remove our Chrome Extension from your browser at any time
  • Opt Out of Tracking: If you are a recipient of emails tracked by Mail2Follow, you can opt out of email open detection at any time

To exercise these rights, please contact us at hi@zinkforge.com .

10. Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hi@zinkforge.com .

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (if you have provided your email address)

Your continued use of our Services after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Email Communications

We use MailerLite to manage our email communications. When you subscribe to product updates or our newsletter, your email address is stored and processed by MailerLite in accordance with their privacy policy . You can unsubscribe at any time using the link included in every email we send. We do not share your email address with third parties for marketing purposes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hi@zinkforge.com

Company: Zinkforge

This Privacy Policy is effective as of the date stated at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Google Workspace™, Google Drive™, Google Sheets™, Google Cloud Platform™, Google Workspace Marketplace™, and Gemini™ are trademarks of Google LLC. Claude is a product of Anthropic, PBC.