Privacy Policy

1.1 Information You Provide

We collect information you voluntarily provide when you create an account or use the Service, including:

• Name
• Email address
• Organization name
• Account credentials

1.2 Email Content and Metadata

The Service processes email messages to identify phishing indicators and surface risk signals. In the course of providing the Service, we may process:

• Email message content, including body text and subject lines
• Email headers, including sender and recipient addresses, timestamps, and routing information
• Attachments and embedded content
• URLs and links contained in email messages

Email content is processed automatically for risk analysis purposes. We do not read, review, or use the content of your email for advertising, marketing, or any purpose unrelated to providing the Service.

1.3 Payment Information

Payment processing is handled by our third-party payment processor, Stripe. We do not store your credit card number, debit card number, or bank account information on our servers. Stripe's collection and use of your payment information is governed by Stripe's own privacy policy and terms of service.

1.4 Information Collected Automatically

When you access the Service, we may automatically collect certain information, including:

• IP address
• Browser type and version
• Device type and operating system
• Pages viewed and features used within the Service
• Date and time of access
• Referring URL

1.5 Cookies and Similar Technologies

We may use cookies, web beacons, and similar technologies to operate and improve the Service. You may disable cookies in your browser settings, but some features of the Service may not function properly without them.

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service, including analyzing email metadata and sender behavior to surface risk indicators
• To process your subscription and manage your account
• To communicate with you about your account, including service announcements, threat alerts, and administrative messages
• To respond to your inquiries and provide customer support
• To improve the Service, including refining risk analysis models using anonymized or aggregated data
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations

We do not sell your personal information. We do not sell, share, or disclose the content of your email to third parties for advertising or marketing purposes. We may share your information in the following circumstances:

• With service providers who perform services on our behalf (e.g., payment processing, hosting, analytics), subject to contractual obligations to protect your information
• To comply with applicable law, regulation, legal process, or governmental request
• To enforce our Terms of Service or protect the rights, property, or safety of the Company, our users, or others
• In connection with a merger, acquisition, reorganization, or transfer of the Service to a successor entity, in which case the successor entity will be bound by this Privacy Policy
• With your consent or at your direction

3.2 Anonymized and Aggregated Threat Intelligence

We may share, license, or sell anonymized and aggregated threat intelligence derived from the Service, including but not limited to domain reputation scores, threat indicators, campaign patterns, and statistical trends. This data does not contain personal information and cannot reasonably be used to identify any individual user, email address, or organization. Such threat intelligence may be shared with third parties, including other security vendors, research organizations, and commercial partners.

We retain your personal information for as long as your account is active or as needed to provide the Service. Email content processed by the Service is retained only as long as necessary to complete the threat analysis and deliver results to you. Threat signatures, patterns, and indicators derived from processed email may be retained in anonymized or aggregated form to improve risk analysis and may be shared or licensed as described in Section 3.2. Anonymized data is retained for all users. Upon cancellation of your account, we may retain your account information indefinitely to allow you to return to the Service in the future, or we may delete it at our discretion. If you wish to have your personal information permanently deleted, you may submit a deletion request as described in Section 6 below.

We implement reasonable administrative, technical, and physical security measures to protect your personal information and email content from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit and at rest, access controls, and regular security assessments. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

6.1 Deletion

You have the right to request that we delete your personal information. Upon receiving a verified deletion request, we will delete your information from our active systems.

6.2 Correction

You have the right to request that we correct any inaccurate personal information we hold about you.

6.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@cupelon.com.

The Service uses Stripe for payment processing and may integrate with third-party email platforms and providers. Your use of these third-party services is governed by their respective privacy policies and terms of service. We encourage you to review the privacy policies of any third-party services you interact with through the Service.

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using the Service, you consent to such transfer and processing.

Residents of the European Economic Area may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, and data portability. Residents of California may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any such rights, please contact us at privacy@cupelon.com.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email at least thirty (30) days before they take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

If you have any questions about this Privacy Policy, please contact us at:

Cupelon LLC
Email: privacy@cupelon.com