Emon

    Privacy Policy

    Last updated: November 30, 2025

    Introduction

    Emon ("we", "our", or "us") provides an integration that synchronizes Outlook emails with your Notion workspace in real-time. This Privacy Policy explains how we collect, use, store, and protect your personal information as you use Emon. By using our service, you agree to the practices described below.

    Information We Collect

    1. OAuth Authentication Data

    • Microsoft 365: We request permissions to read your emails (Mail.Read), access your user profile (User.Read), and maintain access (offline_access). We store encrypted access and refresh tokens.
    • Notion: We request permission to access and modify your selected Notion workspace databases. Your Notion API access token is stored using strong encryption.

    2. Email Data

    We process:

    • Sender and recipient email addresses and display names
    • Email subject lines and body content
    • Send/receive timestamps
    • Conversation thread IDs

    Important: Email data is only temporarily stored for sync processing and sent directly to your Notion workspace. We do not permanently store your email content after delivery.

    3. Account & Technical Information

    • Email used for authentication
    • Date of account creation and last login
    • Subscription status and Stripe account ID
    • Chosen Notion database IDs and schema information
    • IP address, device type, browser info, sync operation logs, error messages, and page navigation patterns

    How We Use Your Information

    Your information is used for:

    • Delivering core service functionality (syncing emails to Notion)
    • Authentication and secure API access to Microsoft/Notion
    • Improving reliability and system performance
    • Customer support
    • Fraud prevention and security
    • Legal compliance

    Data Storage and Security

    Emon uses a multi-tenant architecture with strong tenant isolation: your data is logically separated using unique tenant IDs, and all queries enforce separation.

    OAuth tokens are encrypted using AES-256-GCM; encryption keys are managed securely and separately.

    We never see any payment information or card numbers; Stripe handles that securely and independent of us.

    Temporary mail processing queues are cleared within 7 days. System logs (for error tracking and debugging) are retained for up to 30 days. Account data is kept until you delete your account, at which point all user content (emails, tokens) is purged immediately and automatically.

    Data Breach Notification: In the event of a confirmed data breach affecting your personal data, we will notify you within 72 hours of becoming aware of the breach.

    Data Sharing and Subprocessors

    We do not sell or rent your personal data. We share information only with trusted subprocessors in these cases:

    • Service Providers: We use the following trusted subprocessors:
      • Railway: Cloud hosting and infrastructure
      • Microsoft 365: Email provider integration
      • Notion: Database synchronization target
      • Stripe: Payment processing
    • Legal Requirements: Compliance with laws, court orders, or requests from government agencies.
    • Business Transfers: In the event of a merger, acquisition, or sale of assets, with advance notice.

    Integration With Notion

    Emon interacts with Notion as a third-party integration and processes workspace data strictly according to your configured permissions. Access is always limited to the databases and pages you authorize.

    For more, see: Notion Privacy Policy and Notion Privacy Practices.

    Your Rights and Choices

    Access & Control

    You may access, correct, or request deletion of your personal data at any time.

    OAuth permissions can be revoked using your Microsoft or Notion account settings. You may also revoke these permissions by deleting your account on your Emon dashboard.

    You may export your Notion data directly from your Notion workspace.

    Opting Out & Deletion

    • Disconnect Notion integration in your Notion settings.
    • Revoke Microsoft 365 permissions in your Microsoft account.
    • Delete your Emon account via your Emon Dashboard.

    Marketing Communications

    We do not use your information for marketing unless you explicitly opt in. Unsubscribe options are available in every communication.

    GDPR and CCPA Rights

    Lawful Basis for Processing: We process your data based on Contract (to provide the service), Consent (when you authorize OAuth), and Legitimate Interests (security and improvement).

    Your Rights: Under GDPR and CCPA, you have the right to:

    • Access & Portability: Request a copy of your data.
    • Rectification: Correct inaccurate data.
    • Erasure: Request deletion of your data ("Right to be Forgotten").
    • Restriction: Limit how we use your data.
    • Non-Discrimination: We will not discriminate against you for exercising these rights.

    Cookies and Tracking

    Essential cookies are used to maintain your login session, remember preferences, and analyze aggregate site usage. Disabling cookies may affect service functionality.

    Data Location and International Transfers

    Our servers and data processing facilities are located in the United States. If you are accessing Emon from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using our service, you acknowledge and consent to this transfer.

    Children's Privacy

    Emon is not intended for users under 18. We do not knowingly collect information from children; please contact us promptly if you believe this has occurred.

    Changes to This Policy

    We may update our Privacy Policy occasionally. You'll receive at least 30 days' notice via email or in-app before material changes take effect. Continued use after changes constitutes acceptance.

    Contact Us

    If you have questions or wish to exercise your rights, contact us at nrich@emoncrm.com.