Privacy Policy

Attimo Labs LLC (“we,” “us,” “our”) operates DreadNot. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. We take the privacy of email communications seriously and handle your data with care.

Account information: When you sign up via Google OAuth or Microsoft OAuth, we receive your name and email address from the provider. We do not receive or store your password. We store OAuth refresh tokens securely so that DreadNot can send emails on your behalf (see Section 5 and Section 6).

Email content: When emails are forwarded to your DreadNot address, we receive and store the sender’s email address, subject line, and body text. Both original and translated versions are stored in your account to power the dashboard and export features. We also store AI-generated metadata about each message, including hostility level, key facts, and communication pattern labels (such as “manipulation” or “baiting”). These labels are generated for your awareness and are not clinical or professional assessments.

Replies and drafts: When you compose or reply to messages through DreadNot — whether from the dashboard or by replying directly in Gmail or Outlook — we store the text of your reply. Draft content created with AI-assisted drafting is also stored until you send or delete it.

Translation feedback: If you rate a translation (thumbs up or down) or submit written feedback, we store that feedback along with a reference to the translated message. This data is used for product improvement (see Section 8).

Sender information: We store the email addresses, names, and relationship labels (e.g., “ex-husband”) of the people whose emails you forward to DreadNot, along with which email provider they correspond to.

Usage data: We collect basic usage information such as when messages are received, whether you have viewed them, and your progress through the curriculum.

Lead data: If you download our free tip sheet without creating an account, we collect your email address and use it to send a short follow-up email series. You can unsubscribe at any time via the link in each email.

Payment information: Payment is processed by Stripe. We do not store your credit card number or payment details. We receive and store basic subscription status information from Stripe.

We use your data to: provide and operate the DreadNot service; process and translate incoming emails using AI (see Section 4); generate AI-assisted reply drafts and feedback on your draft replies when you use those features; deliver translated emails to your inbox; maintain your message history and dashboard; send curriculum emails and track your progress through them; store and use your voluntary reflection responses to improve your experience over time; send automated support check-in emails when you experience a high volume of difficult messages; process subscription payments; send follow-up emails to free tip sheet recipients; and communicate with you about your account.

Email content is processed by AI to provide the translation, drafting, and feedback features of DreadNot. We use Anthropic’s Claude API as our primary AI provider, with OpenAI’s API as a fallback when the primary service is temporarily unavailable. Both providers process data according to their own privacy policies and API terms. We do not use your email content to train AI models. You can review their privacy practices at anthropic.com/privacy and openai.com/privacy.

AI is used in the following contexts within DreadNot: translating incoming emails into a calm, neutral tone; extracting key facts and assessing hostility level; identifying potential communication patterns (such as manipulation, baiting, or boundary violations) for user awareness; generating draft replies on your behalf; providing feedback on replies you draft; generating personalized support check-in emails; analyzing user feedback for product improvement; and generating personalized curriculum content. Communication pattern labels are generated by AI for awareness purposes only and are not clinical diagnoses or professional assessments.

DreadNot uses Google OAuth to authenticate your account and, where you have granted permission, the Gmail API to send emails from your address (“send-as” access). Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google account data (name, email address) only to create and identify your DreadNot account.
• We use Gmail send-as permission to deliver replies on your behalf. This covers three paths: replies composed within the DreadNot dashboard, new emails composed within the DreadNot dashboard, and replies you write directly in Gmail by hitting Reply on a translated message (which DreadNot receives, strips of quoted content, and forwards to your correspondent via your Gmail address).
• We do not use Google user data to serve advertisements.
• We do not allow humans to read your Gmail data except with your explicit permission or as required by law.
• We do not share Google user data with any third party except as described in Section 7 below, solely to operate the service.

DreadNot supports Microsoft OAuth as an additional way to enable the send-on-your-behalf feature for Outlook users. When you connect your Microsoft account, we request the Mail.Send permission, which allows DreadNot to send emails from your Outlook address. This permission is used solely to deliver replies and composed emails through DreadNot so that your correspondent does not see DreadNot in the exchange.

• We store a Microsoft refresh token securely to maintain send-on-your-behalf access.
• We do not read, modify, or delete your Outlook messages.
• You may revoke this permission at any time from your Microsoft account settings.

We share your data only with the service providers listed below, and only to the extent necessary to operate DreadNot. We do not sell your email content or personal information to any third party.

Your data is stored in Supabase-managed databases hosted on secure cloud infrastructure. Both original and translated emails, along with message metadata, are stored in your account to power the DreadNot dashboard. Original emails are also retained by your email provider in your archive (Gmail’s All Mail folder, or Outlook’s Archive). We use industry-standard security practices including encrypted connections and access controls.

DreadNot processes potentially sensitive personal communications. We treat email content as confidential. Only automated systems access email content under normal operation. As a limited exception, when you submit translation feedback, the feedback text, the translated version of the associated message, and related metadata (such as original subject line, hostility level, and sender label) are compiled and reviewed by the DreadNot team on a periodic basis to improve translation quality. Original hostile email content is not included in these reviews. Beyond this feedback review process, only essential infrastructure personnel with a need to know may access email content, and only for the purpose of maintaining service operation.

DreadNot includes a curriculum component — a series of emails from your guide (or, on the Sanctuary plan, rotating guides) covering healthy communication practices. Curriculum emails may include a reflection prompt. If you choose to respond to a prompt, your response is stored in your account. These responses are used solely to improve your DreadNot experience and inform future curriculum content. You are never required to submit a reflection response. You may request deletion of your reflection responses at any time by contacting us at support@dreadnot.email.

We retain your account data, original and translated message history, replies, drafts, feedback, and curriculum responses for as long as your account is active. If you cancel your account, we will retain your data for 90 days to allow for reactivation, after which it will be deleted. You may request immediate deletion of your data at any time by contacting us at support@dreadnot.email.

In the event of a data breach that affects your personal information, we will notify affected users by email within 30 days of discovering the breach. This notification will describe the nature of the breach, the types of data involved, and the steps we are taking in response. Where required by Colorado law (CRS § 6-1-716), we will also notify the Colorado Attorney General. This commitment applies to unauthorized access to stored email content, account data, or authentication credentials.

You have the right to access the personal data we hold about you, request correction of inaccurate data, request deletion of your data, export your data (available from your dashboard settings in both JSON and PDF formats), and opt out of non-essential communications. To exercise any of these rights, contact us at support@dreadnot.email.

DreadNot is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us.

We may update this Privacy Policy from time to time. We will notify active subscribers of material changes by email. Continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related questions or requests, contact us at support@dreadnot.email.