Last updated: 12.01.2026 1. Introduction PhaseID (“we”, “us”, “our”) is an email management and routing service operated as a sole proprietorship based in Germany (EU). We take privacy seriously. This Privacy Policy explains what data we process, why we process it, and how we protect it. 2. What data we process 2.1 Account & identity data Email address Authentication data (handled via Supabase) Subscription and plan information 2.2 Email data To provide PhaseID’s core functionality, we process incoming emails, including: Email content Sender and recipient addresses Subject lines Timestamps Technical metadata This processing is fully automated and required to apply phases, rules, filtering, blocking, and forwarding. We do not manually read or inspect user emails. 3. Storage & access Emails are primarily processed and forwarded, not permanently stored by default. Limited metadata (sender, subject, timestamp, delivery status) may be retained for: Analytics Logs User visibility In certain cases, users may choose to: View recent processed emails Export email data Request access to stored content for legitimate reasons All access is controlled, logged, and restricted. 4. Purpose of processing We process data solely to: Route and filter emails Apply user-defined phases and rules Provide analytics and usage insights Maintain security and reliability Fulfill legal obligations We do not sell user data. We do not use email content for advertising. 5. Third-party services PhaseID relies on the following processors: Supabase – authentication, database, storage (EU region) Vercel – hosting and infrastructure Resend – transactional and system emails Integrations (Slack, Microsoft Teams, Zapier, Webhooks) – data is processed only when explicitly connected by the user All providers are selected with GDPR compliance in mind. 6. Analytics & tracking PhaseID currently does not use invasive tracking or advertising analytics on the public website. Operational and usage analytics may be collected inside the application to improve reliability and performance. 7. Data retention & deletion Users can delete their account at any time. Available options include: Immediate deletion (within 24 hours) Export data and delete after a 14-day grace period Automatic deletion after inactivity or plan expiration After deletion, all associated data is permanently removed. 8. User rights (GDPR) Users have the right to: Access their data Export their data Request correction or deletion Restrict or object to processing Requests can be submitted via the contact page. 9. Security We apply industry-standard security practices including: Encrypted connections Access controls Role-based permissions Automated safeguards No system is perfectly secure, but protecting user data is a core priority. 10. Contact For privacy-related questions, please contact us via the contact form on our website.