Legal
Privacy Policy
Last updated: April 17, 2026
1. Who we are
Mayil ("we", "us", "our") is a competitive intelligence service operated by Mayil Technologies. Our platform delivers weekly AI-interpreted briefs on competitor activity to founders and marketing teams. We are accessible at emayil.com.
For privacy-related questions, contact us at legal@emayil.com.
2. What data we collect
Account information
When you sign up, we collect your name, email address, and company name via Clerk (our authentication provider). If you use Google SSO, we receive your name and email from Google.
Brand and competitor data
You provide us with the names and domains of your brand and competitors you want tracked. We store this to configure your weekly brief.
Connected channel tokens (OAuth)
If you choose to connect social or analytics channels (Instagram, Google), we store access tokens in our database to retrieve data on your behalf. We store only the access token, refresh token (where applicable), and the time of connection. We never store your channel passwords.
Specifically for Instagram Business Login: we request the following permissions:
- instagram_business_basic — your connected account's name, follower count, and media count, used to display your baseline in the brief.
- instagram_business_manage_insights — post reach, impressions, and engagement rate for your own account, used as a benchmark against competitor data.
We access this data on your behalf and use it solely to generate your weekly brief. We do not sell, share, or use your Instagram data for advertising or profiling purposes.
Usage data
We collect standard server logs (IP addresses, page views, request timestamps) for security monitoring and debugging. We do not use third-party analytics trackers.
Payment data
Payments are processed by Razorpay (India) or Stripe (international). We do not store card numbers or bank details — only your plan status and subscription ID.
3. How we use your data
- To generate and deliver your weekly competitive intelligence brief
- To send transactional emails (brief delivery, account notifications)
- To manage your subscription and process payments
- To improve the service and debug issues
- To comply with legal obligations
We do not use your data for advertising, sell it to third parties, or share it with anyone except the sub-processors listed in Section 5.
4. Data retention
- OAuth tokens — retained until you disconnect the channel or delete your account.
- Brief data — retained for 12 months, then anonymised.
- Account data — retained until account deletion. Deleted within 30 days of a deletion request.
- Payment records — retained for 7 years as required by Indian tax law.
5. Sub-processors
We use the following third-party services to operate Mayil:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database hosting | All account and brief data |
| Clerk | Authentication | Name, email, session tokens |
| Vercel | Web hosting | Server logs, IP addresses |
| Railway | Background workers | Account IDs, OAuth tokens (read-only) |
| Resend | Email delivery | Recipient email addresses, brief content |
| Anthropic | AI signal interpretation | Anonymised competitor activity data |
| Apify | Public data collection | Competitor brand names and handles |
| Razorpay / Stripe | Payment processing | Email, subscription amount |
6. Instagram data
Mayil uses the Instagram API with Instagram Business Login. By connecting your Instagram account you authorise us to access your business account's basic profile data and insights as described in Section 2.
We do not: read your direct messages, post content on your behalf, access follower lists, or share your Instagram data with any third party outside of the sub-processors listed above.
Disconnecting Instagram: you can disconnect at any time from Settings → Channels → Disconnect. This immediately revokes our access. Any cached data from your account will be deleted within 30 days.
Deauthorisation via Instagram: if you remove Mayil from your Instagram app settings, we will be notified via a webhook and your token will be deleted automatically within 24 hours.
Data deletion requests can be submitted via Instagram's Privacy Center or by emailing legal@emayil.com. We will delete all Instagram-derived data within 30 days and provide a confirmation code.
7. Your rights
Depending on your location, you may have the right to:
- Access — request a copy of the data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — request deletion of your account and all associated data
- Portability — receive your data in a machine-readable format
- Objection — object to processing for direct marketing
To exercise any of these rights, email legal@emayil.com. We will respond within 30 days.
To delete your account, go to Settings → Profile → Delete account, or email us.
8. Cookies
We use only functional cookies necessary for authentication (set by Clerk) and short-lived OAuth state tokens (deleted immediately after connection completes). We do not use advertising or tracking cookies.
9. Security
All data is encrypted in transit (TLS 1.2+) and at rest. OAuth tokens are stored in a managed PostgreSQL database with row-level security. Access to production data is restricted to authorised personnel only.
10. Changes to this policy
We may update this policy from time to time. We will notify you by email if we make material changes. Continued use of Mayil after notification constitutes acceptance of the updated policy.
11. Contact
Mayil Technologies
Email: legal@emayil.com