Mail2ActionMail2Action

Privacy Policy

Last updated: March 2026

1. Data Controller

Kolmira UG (haftungsbeschränkt)
Represented by: Frank Baisch
Address: Scanbox #17325, Ehrenbergstr. 16a, 10245 Berlin, Germany
Email: support@mail2action.com

2. Overview

Mail2Action is a Chrome extension that extracts and processes email content using AI. We are committed to protecting your privacy. This policy explains how your data is handled.

3. Email Content

Your email content never touches our servers. Mail2Action uses a BYOK (Bring Your Own Key) architecture where email text is sent directly from your browser to your chosen AI provider's API (OpenAI, Google Gemini, Anthropic, or xAI) using your personal API key. We do not see, store, intercept, or process your email content at any point.

4. Data We Store Locally

The following data is stored in your browser's local extension storage. Legal basis: § 25 para. 2 no. 2 TDDDG — strictly necessary for app functionality.

  • Your AI provider API key (encrypted in local storage, never sent to our servers)
  • Your preferences (selected model, date format)
  • License key and activation status
  • Cached feature output (cleared when you load a new email)

5. Our Backend Services

Our Cloudflare Worker backend handles only the following. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in operating and securing the service.

  • License activation, validation, and deactivation
  • Serving configuration (system prompts, available models)
  • Anonymized usage analytics (feature used, model selected — no email content)

6. Third-Party Services

We use selected service providers to operate our business. All providers are bound by Data Processing Agreements (DPA) where applicable.

ProviderPurposeLegal Basis
OpenAI, Google, Anthropic, or xAI (your choice)Email processing (direct from browser via your API key — only your selected provider receives data)Contract (Art. 6(1)(b))
CloudflareHosting & SecurityLegitimate Interest (Art. 6(1)(f))
Lemon SqueezyLicense management & payment processingContract (Art. 6(1)(b))

7. Permissions

Mail2Action requests the following Chrome extension permissions:

  • storage: To save your preferences and API key locally
  • activeTab: To extract email content from the current tab
  • sidePanel: To display the side panel UI
  • Host permissions for Gmail and Outlook domains only

8. Your Rights

Under the GDPR, you have the right to access, rectify, or erase your personal data, restrict processing, object to processing, and data portability. You may withdraw consent at any time without affecting the lawfulness of prior processing.

For inquiries, contact support@mail2action.com. You also have the right to lodge a complaint with the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

9. Data Retention

  • Local extension data is deleted when you uninstall the extension.
  • License & activation data is retained until your subscription ends, then deleted within 30 days.
  • Backend logs are retained for up to 30 days for security purposes.

10. Contact

Kolmira UG (haftungsbeschränkt)
Scanbox #17325, Ehrenbergstr. 16a, 10245 Berlin, Germany
Email: support@mail2action.com