Privacy Policy
Last updated: March 18, 2026
This Privacy Policy describes how Metis Bilisim ("OutMass", "we", "us") collects, uses, and protects your personal data when you use the OutMass Chrome extension and related services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
Metis Bilisim
Email: getoutmassapp@outlook.com
2. Data We Collect
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name and email address | Account creation, communication | Contract performance |
| Microsoft OAuth tokens | Sending emails via Graph API | Contract performance |
| Campaign metadata (subject lines, send times, recipient counts) | Campaign management, analytics | Contract performance |
| Email open and click events | Tracking and reporting | Legitimate interest |
| Usage statistics (features used, session duration) | Product improvement | Legitimate interest |
| Payment information | Subscription billing (processed by Stripe) | Contract performance |
3. Data We Do NOT Collect
- We do not store the content or body of your emails.
- We do not store your Microsoft password.
- We do not read or store your inbox messages.
- We do not sell your data to third parties.
4. Microsoft OAuth Data
When you sign in with Microsoft, we request the following permissions:
- Mail.Send — to send emails on your behalf via Microsoft Graph API
- Mail.Read — to detect replies for follow-up automation
OAuth access tokens are stored securely and are never shared with third parties. You can revoke access at any time from your Microsoft account settings.
5. How We Use Your Data
- To provide and operate the Service
- To send emails on your behalf through Microsoft Graph API
- To track campaign performance (opens, clicks)
- To manage your subscription and process payments
- To communicate with you about your account and the Service
- To improve and develop new features
6. Third-Party Services
We use the following third-party services that may process your data:
- Supabase — Database hosting (PostgreSQL)
- Stripe — Payment processing
- Upstash — Redis queue for email scheduling
- Microsoft Graph API — Email sending
Each service operates under their own privacy policies and data protection agreements.
7. Data Retention
- Account data is retained while your account is active.
- Campaign metadata is retained for 12 months after creation.
- Tracking data (opens, clicks) is retained for 6 months.
- Upon account deletion, all personal data is removed within 30 days.
8. Your Rights (GDPR)
If you are located in the European Economic Area (EEA) or Turkey, you have the following rights:
- Access — Request a copy of your personal data
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data ("right to be forgotten")
- Portability — Request your data in a portable format
- Restriction — Request restriction of processing
- Objection — Object to processing based on legitimate interest
To exercise any of these rights, email us at getoutmassapp@outlook.com. We will respond within 30 days.
9. Cookies
The OutMass Chrome extension does not use cookies. Our website (landing page) may use minimal cookies for:
- Essential cookies — Required for basic site functionality
- Analytics cookies — To understand how visitors use our site (optional, with consent)
You can disable cookies in your browser settings at any time.
10. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encrypted data transmission (HTTPS/TLS)
- Secure OAuth token storage
- Access controls and authentication
- Regular security reviews
11. International Data Transfers
Your data may be processed in countries outside your country of residence. We ensure appropriate safeguards are in place for any international transfers in compliance with GDPR.
12. Children's Privacy
OutMass is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision.
14. Contact Us
For any privacy-related questions or requests:
Email: getoutmassapp@outlook.com
Company: Metis Bilisim