Privacy Policy

Effective Date: March 30, 2026 · Last Updated: March 30, 2026

AlertOwl ("we," "us," or "our") is operated by Friday Surprise LLC, a company registered in the State of Delaware, USA. We operate the AlertOwl platform, an AI-powered email monitoring and alert service. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

This policy applies to users in all jurisdictions where AlertOwl operates, including Germany, the United Arab Emirates, the United Kingdom, and the United States.

        Summary: We process your email metadata and message content solely to classify and deliver alerts. Message content is permanently removed immediately after classification. We never sell your data. We never train AI models on your data.
      

1. Information We Collect

1.1 Account Information

When you register for AlertOwl, we collect:

Email address (used for login and system communications)
Account name / business name
WhatsApp phone number (for alert delivery)
Timezone and language preference

1.2 Email Data (via OAuth Connection)

When you connect your Gmail or Outlook account, we access:

Email metadata: sender address, recipient address, subject line, timestamps
Email body content: message text used for AI classification (permanently removed immediately after classification — see Section 4)
Attachments: we do not download, process, or store email attachments

We access your email via industry-standard OAuth 2.0 tokens with read-only permissions. Gmail uses the readonly scope; Outlook uses Mail.Read. We cannot send, delete, modify, or forward your emails. We never see or store your email password.

1.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or bank account details on our servers. We store only your Stripe customer ID and subscription status.

1.4 Usage Data

We collect aggregate platform usage data such as the number of messages processed, alert delivery rates, and classification accuracy metrics. This data is used to improve the service and is not shared externally.

2. How We Use Your Information

We use your information exclusively to:

Classify messages: AI analysis of email content to determine category (Urgent, Complaint, Payment, Legal, VIP) and priority level
Deliver alerts: Send WhatsApp notifications and daily digest emails to you
Maintain your account: Authentication, subscription management, customer support
Improve classification accuracy: Aggregate, anonymized analysis of classification patterns (never individual message content)
Communicate with you: Service updates, security notices, billing information

        We never: Sell your data to third parties. Use your email content for advertising. Train AI models on your individual messages. Share your data with other AlertOwl customers.
      

3. Third-Party Services (Sub-processors)

We use the following third-party services to operate AlertOwl. Each is bound by their own privacy policy and data processing terms:

Service	Purpose	Data Shared	Location
Anthropic (Claude API)	AI message classification	Message content (processed in real-time, not stored by Anthropic per their zero-retention API policy)	United States
Twilio	WhatsApp alert delivery	Your WhatsApp number, alert message text (metadata only, no email body content)	United States
Stripe	Payment processing	Email, payment method details (handled by Stripe)	United States
Supabase	Database hosting	All application data (encrypted at rest via AES-256 and in transit via TLS)	United States (AWS)
DigitalOcean	Workflow processing server	Email data in transit during processing	Germany (Frankfurt)
Resend	Transactional emails	Email address, email content for system notifications	United States
Cloudflare	DNS, CDN, email routing	Domain routing metadata	Global
Sentry	Error monitoring	Technical error data only (no message content)	United States

We will notify customers at least 14 days before engaging any new sub-processor. If you have concerns about a new sub-processor, contact us at privacy@alertowl.ai.

A formal Data Processing Agreement (DPA) covering all sub-processors is available upon request or from our Security page.

4. Data Retention

4.1 Two-Tier Retention Model

AlertOwl applies a two-tier data lifecycle to your email messages:

Stage	Default	What Happens
Tier 1: Content Removal	Immediate	Email body content is permanently removed immediately after AI classification. Metadata (sender, subject, classification, timestamps) is preserved.
Tier 2: Permanent Deletion	30 days	The entire message record — including metadata — is permanently deleted from our database.

        Immediate content removal: Email body content is permanently removed from our systems immediately after classification — it is not stored, cached, or retained. You can adjust your metadata retention period (7, 14, 30, 60, or 90 days) from your dashboard settings.
      

4.2 What Is Preserved After Content Removal

After content removal (Tier 1), the following metadata is retained until deletion (Tier 2) for reporting and audit purposes:

Sender email address
Email subject line
AI classification result (category, priority, confidence)
Alert delivery status and timestamps
Message source (Gmail/Outlook) and received timestamp

The email body text itself is permanently and irreversibly replaced and cannot be recovered.

4.3 Account Data

Account information is retained for the duration of your subscription. If you request account deletion, your data is permanently deleted within 30 days. If you cancel your subscription without requesting deletion, your account data is retained for 90 days (to allow reactivation), after which it is permanently deleted.

4.4 OAuth Tokens

Gmail and Outlook OAuth tokens are encrypted at the application level using AES-256-GCM before storage, in addition to AES-256 disk-level encryption provided by our database host (Supabase). Tokens are revoked and deleted when you disconnect your email account or delete your account.

4.5 Backups

Automated database backups are retained for 7 days and are encrypted at rest. Backups older than 7 days are permanently deleted.

5. Data Security

We implement the following security measures:

Encryption in transit: All data transmitted between your browser, our servers, and third-party APIs uses TLS 1.2+ encryption (HTTPS)
Encryption at rest: Database storage is encrypted using AES-256 managed by Supabase
Access control: Row-Level Security (RLS) policies on every database table ensure each customer can only access their own data
Read-only email access: OAuth 2.0 with read-only scopes — we cannot send, delete, or modify your emails
No password storage: We never see or store your email password
Secret management: API keys and tokens are stored in encrypted environment variables on our backend servers, never in source code or client-side files
Content masking: Email body content is permanently removed immediately after AI classification
Monitoring: Automated error tracking with real-time alerts via Sentry

        About our frontend code: The Supabase anonymous key visible in our frontend code is designed to be public — it only allows operations permitted by our Row-Level Security policies. All secret keys (API keys, OAuth secrets, service credentials) are stored securely on our backend servers and are never exposed in client-side code.
      

For detailed information about our security practices, certifications, and compliance roadmap, visit our Security page.

6. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data.

6.1 For All Users

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data (completed within 30 days of verified request)
Disconnect: Revoke email access at any time from your dashboard or directly from your Google/Microsoft account
Export: Request an export of your data in a machine-readable format
Retention control: Adjust your message metadata retention period from your dashboard settings

6.2 For EU/EEA Residents (EU GDPR)

If you are located in the European Union or European Economic Area, the EU General Data Protection Regulation (Regulation 2016/679) applies to our processing of your personal data. In addition to the rights listed above, you have the right to:

Object to processing based on legitimate interest
Restrict processing under certain conditions
Data portability (receive your data in a structured, commonly used format)
Lodge a complaint with your local supervisory authority
Not be subject to automated decision-making with legal effects (AlertOwl's AI classification is advisory only and does not produce legal effects or similarly significant decisions)

Legal basis for processing: (a) Contractual necessity — providing the service you subscribed to (Article 6(1)(b)); (b) Legitimate interest — improving service quality and security (Article 6(1)(f)); (c) Consent — where applicable, such as marketing communications (Article 6(1)(a)).

Data transfers: Where your data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission (Decision 2021/914) and, where applicable, the EU-US Data Privacy Framework.

6.3 For German Residents

In addition to EU GDPR rights, the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG") applies. The Federal Commissioner for Data Protection and Freedom of Information (BfDI) and the relevant state data protection authorities serve as supervisory authorities.

If AlertOwl is used to monitor a company email account subject to works council (Betriebsrat) oversight, the customer is responsible for ensuring compliance with applicable co-determination rights under the Works Constitution Act (Betriebsverfassungsgesetz). AlertOwl provides read-only, advisory classification and does not constitute employee monitoring or surveillance.

6.4 For UK Residents (UK GDPR)

If you are located in the United Kingdom, the UK General Data Protection Regulation and the Data Protection Act 2018 apply. You have the same rights as EU residents listed in Section 6.2 above, enforced by the UK Information Commissioner's Office (ICO).

Supervisory authority: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK — ico.org.uk
Data transfers: For transfers from the UK to the USA, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs
UK adequacy: The EU's renewed adequacy decision for the UK (extended through December 2031) permits free data flow between the UK and EEA

As Friday Surprise LLC does not currently have an establishment in the UK, we will appoint a UK GDPR Article 27 representative when our UK customer base reaches meaningful scale. Until then, privacy inquiries from UK residents can be directed to privacy@alertowl.ai.

6.5 For UAE Residents (PDPL)

If you are located in the United Arab Emirates, the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, "PDPL") applies. As the data controller, Friday Surprise LLC processes your data in accordance with the PDPL.

Legal basis: Performance of a contract (providing the AlertOwl service) and your explicit consent obtained during account onboarding
Your rights: Access, correction, erasure, restriction, objection to processing, data portability, and the right to withdraw consent at any time
Cross-border transfers: Your data is transferred to the United States for processing. We rely on contractual safeguards modelled on international standards and your explicit consent. The UAE Data Office has not yet published an adequacy list or standard contractual clauses; we follow international best practices pending further guidance
Data Protection Impact Assessment: We have conducted a DPIA covering our AI-based email classification processing, as required by the PDPL for high-risk processing involving automated technologies. This DPIA is available upon request
Complaints: You have the right to lodge a complaint with the UAE Data Office
Supervisory authority: UAE Data Office (established under the PDPL)

6.6 For California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) provides you with specific rights:

Right to know: You can request details about the categories and specific pieces of personal information we collect, the sources, the business purpose, and the categories of third parties with whom we share it
Right to delete: You can request deletion of your personal information (completed within 45 days of verified request)
Right to opt-out of sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising
Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
Right to correct: You can request correction of inaccurate personal information

Under CCPA, our processing of your data constitutes a "business purpose" (service provision). To exercise any of these rights, contact us at privacy@alertowl.ai.

6.7 For US Residents (Other States)

As of 2026, multiple US states have enacted comprehensive privacy laws. AlertOwl's GDPR-level privacy controls — including data minimization, content masking, configurable retention, and the right to deletion — satisfy the requirements of all current US state privacy laws.

7. Data Breach Notification

In the event of a data breach that affects your personal data:

We will notify affected users via email within 72 hours of becoming aware of the breach
We will notify the relevant supervisory authority within 72 hours where required by law, including the relevant EU supervisory authority (for EU residents), the ICO (for UK residents), and the UAE Data Office (for UAE residents)
Notification will include the nature of the breach, the data affected, likely consequences, and the measures we are taking to address it

Our Incident Response Plan documents our full breach detection, containment, and notification procedures. A copy is available upon request.

8. International Data Transfers

AlertOwl processes data across multiple locations. Here is exactly where your data flows:

Processing Activity	Service	Location
Workflow processing (n8n server)	DigitalOcean	Frankfurt, Germany (FRA1)
Database storage	Supabase (AWS)	United States
AI classification	Anthropic Claude API	United States (transient — zero retention)
WhatsApp alert delivery	Twilio	United States
Email delivery (digests, notifications)	Resend	United States
DNS and CDN	Cloudflare	Global

For transfers from the EU/EEA to the United States, we rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework. For UK transfers, we use the UK IDTA or UK Addendum to the SCCs. For UAE transfers, we rely on contractual safeguards and your explicit consent.

9. AI Processing

AlertOwl uses artificial intelligence (Anthropic's Claude API) to classify your incoming emails. This processing is advisory only — it does not produce automated decisions with legal effects or similarly significant impact on you. The classification is a tool to help you prioritize your communications.

Anthropic's API operates on a zero-retention basis: your email content is processed in real-time and is not stored, cached, or used to train AI models by Anthropic. Email content is permanently removed from our systems immediately after classification.

By connecting your email account and using the AlertOwl service, you consent to AI-based classification of your email content for the purpose of delivering alerts. You may withdraw this consent at any time by disconnecting your email account from the AlertOwl dashboard.

10. Children's Privacy

AlertOwl is a business service and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 14 days before they take effect. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries, data access requests, or concerns:

Privacy inquiries: privacy@alertowl.ai
General support: support@alertowl.ai
Security concerns: security@alertowl.ai
Response time: We aim to respond to all privacy requests within 30 days (45 days for CCPA requests as permitted by law)

Data controller: Friday Surprise LLC, a Delaware limited liability company, operating as AlertOwl.

Terms of Service

Effective Date: March 30, 2026 · Last Updated: March 30, 2026

These Terms of Service ("Terms") govern your use of the AlertOwl platform and services ("Service") operated by Friday Surprise LLC ("we," "us," or "our"), doing business as AlertOwl. By creating an account or using the Service, you agree to these Terms.

1. Service Description

AlertOwl is an AI-powered email monitoring and alert platform that:

Connects to your email accounts (Gmail, Outlook) via secure OAuth with read-only access
Classifies incoming messages using artificial intelligence
Delivers priority alerts via WhatsApp and email digests
Provides daily business briefs summarizing important communications

2. Account Registration

2.1 Eligibility

You must be at least 18 years old and have the legal authority to bind yourself (or your organization) to these Terms. The Service is designed for business use.

2.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify us immediately at support@alertowl.ai if you become aware of any unauthorized access.

2.3 Accurate Information

You agree to provide accurate, current, and complete registration information and to update it as necessary.

3. Subscriptions & Billing

3.1 Free Trial

New customers may receive a free trial period. Trial duration and terms are displayed at the time of registration. We reserve the right to modify or discontinue trial offers at any time. One trial per customer.

3.2 Subscription Plans

AlertOwl offers subscription plans as displayed on our website. Current pricing is in USD and excludes applicable taxes.

3.3 Billing

Subscriptions are billed monthly in advance via Stripe. By subscribing, you authorize us to charge your payment method on a recurring monthly basis.

3.4 Cancellation

You may cancel your subscription at any time from your dashboard. Cancellation takes effect at the end of your current billing period. No refunds are issued for partial months.

3.5 Price Changes

We may change subscription prices with at least 30 days' notice. Price changes apply at the start of your next billing cycle after the notice period.

4. Acceptable Use

You agree to use AlertOwl only for lawful business purposes. You shall not:

Use the Service to monitor email accounts without the account holder's explicit consent
Attempt to access another customer's data or accounts
Use the Service for spam, phishing, or any illegal activity
Reverse-engineer, decompile, or attempt to extract source code from the Service
Overload the Service with excessive API requests or automated abuse
Resell or redistribute the Service without written authorization

5. Email Access & OAuth Permissions

5.1 Scope of Access

When you connect an email account, you grant AlertOwl read-only access to your inbox messages. We use this access exclusively to classify messages and deliver alerts as described in our Privacy Policy.

5.2 Revoking Access

You may disconnect your email account at any time from your AlertOwl dashboard or directly from your Google/Microsoft account settings. Revoking access immediately stops email processing for that account.

5.3 Your Responsibility

You represent that you have the authority to grant AlertOwl access to the email accounts you connect. If you connect a shared or organizational mailbox, you confirm you have appropriate authorization from the account owner or organization.

6. AI Classification Disclaimer

        Important: AI classification is provided as an assistive tool and is not a substitute for human judgment. Classification accuracy may vary and we do not guarantee that every urgent message will be correctly identified.
      

You acknowledge that:

AI classification may occasionally produce incorrect results
The Service should supplement, not replace, your existing communication review processes
We are not liable for business decisions made based solely on AI classifications
Classification quality may vary based on message language, format, and context

7. Service Availability

We aim for 99.5% uptime during business hours. This is a target, not a guarantee. We do not offer formal SLAs at this time. We may perform scheduled maintenance with at least 24 hours' notice. The Service depends on third-party providers whose outages may affect availability.

8. Intellectual Property

The AlertOwl platform is our intellectual property. You retain all ownership rights to your email data and content. Our license to process your data is limited to providing the Service.

9. Limitation of Liability

To the maximum extent permitted by applicable law:

AlertOwl is provided "as is" and "as available" without warranties of any kind
Our total liability shall not exceed the amount you paid to us in the 3 months preceding the claim
We are not liable for indirect, incidental, special, consequential, or punitive damages

Nothing in these Terms excludes or limits liability that cannot be excluded or limited under applicable law, including liability for fraud, death or personal injury caused by negligence, or any mandatory consumer protection rights.

10. Indemnification

You agree to indemnify and hold harmless AlertOwl and its affiliates from any claims, losses, or damages arising from your use of the Service, your violation of these Terms, or your violation of any third-party rights.

11. Termination

11.1 By You

You may terminate your account at any time from your dashboard or by contacting support@alertowl.ai.

11.2 By Us

We may suspend or terminate your account if you violate these Terms, engage in fraudulent activity, or if required by law. We will provide notice where possible.

11.3 Effect of Termination

Upon termination, your access to the Service ceases immediately. If you request account deletion, all your data is permanently deleted within 30 days. If you cancel your subscription without requesting deletion, your account data is retained for 90 days (to allow reactivation) and then permanently deleted.

12. Governing Law & Disputes

These Terms are governed by the law applicable to your location as follows:

EU/EEA residents: The laws of the Federal Republic of Germany. Disputes shall be subject to the jurisdiction of the courts in Frankfurt, Germany.
UK residents: The laws of England and Wales. Disputes shall be subject to the jurisdiction of the courts of England and Wales.
UAE residents: The laws of the United Arab Emirates. Disputes shall be resolved through the Dubai International Arbitration Centre (DIAC).
US residents: The laws of the State of Delaware, USA. Disputes shall be subject to the jurisdiction of the courts in Delaware.
All other jurisdictions: The laws of the State of Delaware, USA.

In all cases, we will first attempt to resolve disputes through good-faith negotiation before pursuing formal proceedings.

13. Changes to These Terms

We may update these Terms from time to time. Material changes will be communicated via email at least 30 days before they take effect.

14. Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions continue in full force and effect.

15. Contact Us

For questions about these Terms:

Email: support@alertowl.ai

Cookie Policy

Effective Date: March 30, 2026 · Last Updated: March 30, 2026

This Cookie Policy explains how AlertOwl uses cookies and similar technologies on our website and dashboard.

        Summary: We use minimal, essential cookies only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie banner is needed because we only use strictly necessary cookies.
      

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They serve various purposes such as remembering login sessions, storing preferences, and analyzing site usage.

2. Cookies We Use

AlertOwl uses only strictly necessary cookies required for the Service to function:

Cookie	Purpose	Duration	Type
`sb-access-token`	Supabase authentication session	1 hour (refreshed automatically)	Essential
`sb-refresh-token`	Supabase session refresh	7 days	Essential

3. Cookies We Do NOT Use

Analytics cookies: We do not use Google Analytics, Mixpanel, or similar tracking tools
Advertising cookies: We do not serve ads or use ad-tracking pixels
Social media cookies: We do not embed social media widgets that set cookies
Third-party tracking: We do not allow any third party to set tracking cookies on our site

4. Local Storage

In addition to cookies, we use browser local storage for caching your authentication token for faster page loads and storing UI preferences (e.g., dashboard layout settings). This data remains on your device and is cleared when you log out or clear your browser data.

5. Managing Cookies

Since we only use essential cookies required for authentication, disabling them will prevent you from logging in. You can manage cookies through your browser settings. Clearing cookies will log you out of AlertOwl.

6. Changes to This Policy

If we introduce any non-essential cookies in the future, we will update this policy and implement a cookie consent mechanism before deploying them.

7. Contact Us

For questions about our cookie practices:

Email: support@alertowl.ai