Avalon legal

Privacy Policy

1. Overview

Avalon provides an Outlook-first email operations platform that helps users classify messages, generate drafts, organize inboxes, and trigger automation workflows. This Privacy Policy explains how we collect, use, store, and disclose information when you use our website, connect a Microsoft account, or otherwise interact with Avalon.

By using Avalon, you agree to the practices described in this Privacy Policy.

2. Who This Policy Applies To

This Policy applies to:

  • Visitors to the Avalon website
  • Individuals who create an Avalon account
  • Users who connect Microsoft 365, Outlook.com, or other Microsoft-hosted mailboxes to Avalon
  • Users who connect optional services such as calendars, storage providers, or messaging tools that Avalon supports

3. The Information We Collect

We may collect and process the following categories of information:

3.1 Account and Identity Information

  • Name
  • Email address
  • Profile image, if provided by your identity provider
  • Organization and workspace membership information

3.2 Authentication and Connection Data

  • Sign-in method and authentication state
  • OAuth tokens, refresh tokens, and connection metadata for Microsoft and other supported integrations
  • Account identifiers needed to keep integrations active and functioning

3.3 Mailbox and Workflow Data

To provide the service, Avalon may process:

  • Email metadata, including sender, recipient, subject, timestamps, folder placement, and thread identifiers
  • Message content when required for summarization, drafting, classification, rule execution, thread analysis, or related product features
  • User-created rules, prompts, labels, categories, digests, drafts, and automation settings
  • Activity history and execution logs tied to inbox workflows

3.4 Product Usage and Device Information

  • Browser, operating system, and device information
  • IP address and approximate location derived from network activity
  • Session, diagnostic, crash, and performance data
  • Product analytics and interaction events

3.5 Billing and Support Information

  • Subscription, plan, and payment-status information received through billing providers
  • Messages you send to support
  • Information you provide during onboarding, troubleshooting, or customer success interactions

4. How We Collect Information

We collect information:

  • Directly from you when you sign up, configure rules, or contact us
  • From Microsoft and other connected providers when you authorize Avalon to access those services
  • Automatically through logs, cookies, analytics tools, and product telemetry
  • From service providers that help us operate infrastructure, support, payments, messaging, and security

5. How We Use Information

We use information to:

  • Provide, secure, and maintain Avalon
  • Authenticate users and manage sessions
  • Sync with Outlook and other authorized services
  • Analyze email and thread data to deliver summaries, automation, categorization, drafting, and workflow execution
  • Improve reliability, performance, accuracy, and product experience
  • Prevent fraud, abuse, unauthorized access, or misuse of the service
  • Communicate with you about product updates, billing, service issues, and support matters
  • Comply with legal obligations and enforce our Terms

6. AI Processing

Avalon uses AI models and related infrastructure to power features such as summarization, drafting, categorization, inbox analysis, and automation assistance.

When those features are used, Avalon may send relevant message content, message metadata, user prompts, and related workflow context to approved model providers or AI infrastructure partners strictly for the purpose of delivering the requested feature.

We require service providers to process this information only for providing Avalon services and not for unrelated advertising use. Retention and handling may vary by provider, but Avalon aims to minimize data exposure and transmit only the context necessary for the requested feature.

7. Legal Bases for Processing

Where applicable data protection laws require a legal basis, Avalon processes information on one or more of the following grounds:

  • Performance of a contract with you
  • Legitimate interests in operating, securing, and improving the service
  • Compliance with legal obligations
  • Your consent, where consent is the appropriate basis

8. How We Share Information

We may share information with:

  • Hosting, storage, analytics, logging, customer support, security, and infrastructure providers
  • Authentication, billing, and communications providers
  • AI and automation service providers used to deliver requested features
  • Integration partners you explicitly connect to Avalon
  • Advisors, auditors, or acquirers in connection with financing, corporate transactions, or business restructuring
  • Law enforcement or regulators when required by law or necessary to protect rights, users, or the service

We do not sell your personal information for advertising purposes.

9. Microsoft Data Access

Avalon uses Microsoft APIs, including Microsoft Graph, only to deliver the product features you enable. Depending on the features you use, this may include:

  • Reading mailbox content and metadata
  • Sending or drafting messages on your behalf
  • Organizing mail using folders, categories, or labels supported by the provider
  • Reading calendar or file information for connected workflow features

Avalon does not use Microsoft account data for advertising.

10. Data Retention

We retain information for as long as reasonably necessary to operate Avalon, comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods vary by data type. Some records may be deleted quickly after processing, while audit logs, billing records, account records, and automation history may be kept longer for operational, compliance, or security reasons.

When data is no longer needed, we delete it or de-identify it where reasonably possible.

11. Security

Avalon uses administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, or alteration. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

You are responsible for safeguarding your own devices, credentials, and access to connected accounts.

12. International Transfers

Avalon and its service providers may process information in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.

13. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion
  • Object to or restrict certain processing
  • Receive a portable copy of certain data
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us through the support channels provided in Avalon. We may need to verify your identity before fulfilling a request.

14. Children

Avalon is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and revise the effective date above.

16. Contact

If you have questions about this Privacy Policy or Avalon’s data practices, please contact us through the support options made available in the product or on the Avalon website.