Privacy Policy

Last Updated: February 12, 2026

This Privacy Policy applies to Lisem AI Ltd. doing business as “TabMail” (“TabMail”, “we”, “us” or “our”) online services, including but not limited to the TabMail website available at tabmail.ai, including all subdomains (“Website”), the TabMail desktop email platform (“Platform”), the TabMail mobile application (“App”) and any other product or service to which TabMail applies this Agreement (collectively, “Service”), and details how we access, collect, use, and disclose data, including personal data, about you (together, “you” or “your”).

BY CLICKING “I AGREE” OR SIMILAR CONFIRMATION OR BY USING THE SERVICE OR BY AGREEING TO OUR TERMS OF SERVICE, YOU ARE AGREEING TO BE BOUND BY THIS PRIVACY POLICY.

IF YOU ARE AGREEING TO THIS PRIVACY POLICY ON BEHALF OF AN ORGANIZATION, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND THE ORGANIZATION TO THIS PRIVACY POLICY AND ARE AGREEING TO THIS PRIVACY POLICY FOR THAT ORGANIZATION. WHERE YOU ARE AGREEING TO THE SERVICE ON BEHALF OF AN ORGANIZATION, “YOU” AND “YOUR” REFERS TO THE ORGANIZATION.

1. DESCRIPTION OF THE SERVICE

The Service provides users with access to a privacy-first AI-integrated email and workflow management system. As part of the Service, registered users create or link their emails to optimize workflow, organize responses and manage their calendars. In order to provide the Service to you and for other purposes, TabMail may collect, use and disclose certain personal information (personal data). This Privacy Policy describes how we access, collect and use personal data regarding our users, including you.

2. HOW WE OBTAIN PERSONAL DATA

The Service involves accessing, collecting and processing personal information, which is information about you or that can be used to identify you. We obtain personal data that we collect either directly from you when you choose to provide it to us or when you use the Service. Your provision of personal data to TabMail is governed by this Privacy Policy, and our Terms of Service (“Terms”), which you must agree to in order to use the Service.

If you have any questions or concerns about the disclosure of your personal data, please contact TabMail at your convenience using the contact information found below. Subject to legal, contractual and technical requirements, you may choose not to provide TabMail with certain data or request the deletion of certain data, which may impact Service features available to you or operation of the Service.

3. PERSONAL DATA WE COLLECT

We collect and process certain personal data when you begin using the Service. The following is a description of the personal data that we may access, collect, use and process in connection with the Service:

• your name, email address(es), contact preferences and contact or authentication data (“Contact Information”);

• user information, including activity, engagement and interactions with the Services, applicable subscription tiers, transaction history and billing address (“User Data”);

• your payment data and information, if you make purchases. All payment data is collected and processed solely by authorized third-parties such as Stripe, and to which TabMail does not have direct access (“Payment Data”);

• tokens and similar tracking technologies to facilitate sign-in and Service use (“Tracking and Cookies Data”);

• your Google or other third-party account data, if you choose to sign-in or register an account using such third-party. TabMail’s use of this third-party data is conducted in accordance with the Google APIs Terms of Service and the Google API Services User Data Policy; (“Third-Party Account Data”)

• your answers to feedback, surveys, newsletters and comments/requests made to you from us through the Website, Platform, App, email or other form of contact you have previously provided to us (“Feedback Information”);

• basic geolocation data, information about your computer, phone, mobile device, web-connected devices or other devices used to connect to the Service including but not limited to, operating system information, feature usage, request timestamps, error logs, your computer’s Internet Protocol address (i.e. IP address), browser type, browser version, operations performed on the device, time and date of Service use, time spent on Service, other diagnostic date and/or unique tokens and identifiers that may identify you over time and across different websites including unique device identifiers (collectively, “Usage Data”); and

• email content such as subject lines, messages, bodies, attachments and related metadata, search queries and results, contact information linked to your email and/or calendar, user prompts and AI output, conversation context and chat logs (collectively, “Ephemeral Data”). Ephemeral Data is processed temporarily to provide you with access to the Service’s AI features and is not retained at rest on our servers or databases. TabMail does not routinely monitor, review, or retain Ephemeral Data, including AI inputs or outputs, except as transiently required to provide the Service in accordance with this Privacy Policy. When you enable features that retrieve external information (such as web search), limited portions of Ephemeral Data (for example, search queries derived from your request) may be transmitted to third-party search providers solely to retrieve publicly available information. Such data is not intentionally linked to your account by TabMail and is not retained by TabMail at rest. You may opt out of the collection of Ephemeral Data, but exercising such opt-out may impact your use of the Service and the availability of the Service. For more information on Ephemeral Data please contact us at [email protected].

• your phone number if you choose to link a messaging platform (such as WhatsApp) to your TabMail account ("Messaging Link Data"). This data enables you to receive notifications and interact with TabMail through the linked messaging platform. Messaging Link Data is used solely for transactional, service-related communications explicitly enabled by you and is not used for third-party advertising or behavioral profiling. Messaging Link Data can be deleted at any time by unlinking your account through TabMail settings or by sending “STOP” to the messaging platform. Message content sent through this integration is processed as Ephemeral Data and is not retained at rest.

TabMail may also collect anonymous data that does not identify you, including but not limited to responses to anonymous surveys and feedback requests, metrics and other types of statistical data, which could be derived from your use of the Service and analytical data concerning the Service. We may also aggregate, anonymize and/or de-identify the personal data we have collected about you for the same purposes. We have implemented commercially reasonable security measures to properly encrypt, anonymize and/or de-identify such data and we do not attempt to re-identify any previously anonymized or de-identified data.

4. PROCESSING OF PERSONAL DATA

We process personal data primarily for our legitimate business purposes, such as providing the Service to you, to understand your needs and to improve the quality of the Service and analyze the information and data TabMail collects. These uses include, but are not limited to:

• facilitating account creation, authentication and management of your user accounts;

• providing the Service to you, including tailoring the Service to your needs based on the data that you provide and as required to process AI requests;

• processing and managing your subscription, billing and payment information;

• understanding your needs to improve the quality and reliability of the Service, including providing customer support and feedback, providing additional support, analyzing functionality and technical issues, tracking use of the Service and generating internal reports and data models that we use to improve the Service;

• contacting you for various reasons, including when providing customer support for the Service and sending administrative information to you;

• requesting feedback when necessary and contacting you about your use of the Services;

• sending promotional and marketing communications to you, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time;

• identifying how you use our Services and understanding how the Services are being used so we can improve them;

• determining the effectiveness of our marketing and promotional campaigns;

• saving or protecting an individual’s vital interest, such as to prevent harm;

• disclosing personal data as required to comply with our legal obligations and as may be required pursuant to a lawful court order or government request;

• investigating improper or suspicious activity in or on the Service; and

• posting testimonials to our Website. Prior to posting testimonials, we will notify you of the content of the testimonial. If you wish to update or delete your testimonial, please contact [email protected] and include your name, testimonial location and contact information.

We may disclose personal data to our parent companies, affiliates, subsidiaries, business partners, advisors, employees and contractors for the same purposes described above. All such parties are required to enter into confidentiality or similar agreements with TabMail requiring stringent protection of your personal information.

5. TOKENS AND DIGITAL TRACKING TECHNOLOGIES

The Service uses tracking technologies, such as tokens and cookies, to facilitate your account sign-in, use of the Service, and protection against automated abuse. Certain third-party technologies may use identifiers necessary to maintain security, prevent fraud, and ensure reliable service operation across sessions and devices. This data is collected, used and disclosed in accordance with the terms of this Privacy Policy and the applicable third-party privacy policies.

Security and Bot Protection Cookies. The Service uses Cloudflare for security, performance and bot protection. As part of these services, Cloudflare may set cookies including but not limited to:

• Bot management cookies (e.g., __cf_bm, cf_clearance) to distinguish legitimate users from automated traffic and protect the Service from abuse;
• Challenge verification cookies (e.g., Turnstile tokens) to verify that interactions with the Service originate from real users rather than automated bots; and
• Session cookies to maintain security state during your visit.

These cookies are essential for the security and proper functioning of the Service and cannot be disabled without impacting your ability to use the Service. For more information on Cloudflare’s data practices, please see Cloudflare’s Privacy Policy.

Payment Processing Technologies. When you make a purchase or interact with billing features, our payment processor Stripe may use cookies, device identifiers, and similar technologies that are necessary for secure payment processing, fraud prevention, and transaction integrity. These technologies are controlled by Stripe and governed by Stripe’s Privacy Policy. TabMail does not control these technologies and does not receive raw payment instrument data (such as full credit card numbers). These technologies are considered essential to providing payment functionality and cannot be disabled without impacting billing-related features.

We may send communications and marketing information to email addresses associated with the information collected by other tracking technologies. You may opt out of receiving this advertising on the Website or by contacting us using the information below. Note that certain essential Service features may rely on tracking technologies and by changing certain settings on your device, you may not have access to these features.

6. THIRD PARTY SERVICES

This Privacy Policy only applies to personal data that TabMail collects, processes and discloses and does not apply to the access, collection, processing and disclosure of personal data by third parties through third-party services, including Google (Google LLC, including Google Search, where applicable), Apple (Apple Inc.), Microsoft (Microsoft Corporation), Meta (Meta Platforms, Inc., including WhatsApp Business API), Brave Software (Brave Software, Inc., including Brave Search, where applicable), Stripe (Stripe Payments Canada, Ltd.), Cloudflare (Cloudflare, Inc.), Supabase (Supabase, Inc.), Groq (Groq, Inc.), OpenRouter (OpenRouter, Inc.), Fireworks AI (Fireworks AI, Inc.) and Resend (operated by Plus Five Five, Inc.), which may be broader than set forth in this Privacy Policy, and that may be embedded and/or integrated into the Service. In many cases, third parties may collect personal data about online activities over time and across different websites and services. TabMail strongly recommends that you carefully read and consent to each third-party privacy policy before using the Service. TabMail may provide personal data to certain categories of third parties to perform work that is necessary for TabMail to provide the Services, including:

• cloud computing services;

• communication and collaboration tools;

• data analytics services;

• data storage service providers;

• product engineering and design tools;

• artificial intelligence tools;

• payment processing services;

• sales and marketing tools;

• testing tools; and

• support tools.

Please contact us directly using the information found below if you would like to learn more about third-party data practices. If you run a self-hosted TabMail backend, you are the data controller for any and all personal data processed and in such instance, this Privacy Policy does not apply to your use.

7. LEGAL BASIS FOR PROCESSING PERSONAL DATA UNDER GENERAL DATA PROTECTION REGULATION

If you are from the European Economic Area (“EEA”), or other jurisdictions in which substantially similar laws apply, such as the UK, TabMail’s legal basis for collecting and using the personal data as described in this Privacy Policy depends on the type of personal data TabMail collects and the context in which it collects it.

The categories of personal data TabMail collects and the legal basis for its processing are set out below:

Messaging-based communications (e.g., WhatsApp notifications) are processed exclusively on the basis of explicit user consent, which may be withdrawn at any time without affecting core access to the Service.

Contact Information such as emails and other forms of digital communication may also be processed to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. Pursuant to GDPR Article 6(1)(a), TabMail will acquire your consent prior to processing Contact Information.

We may also process your personal data for additional reasons as they become apparent to comply with the law, or if it is in TabMail’s legitimate interests so long as that interest is not overridden by your rights. This can include but is not limited to protecting the Services and you against illegal activity, inappropriate behavior and actions that violate TabMail’s Terms. TabMail shall update this Privacy Policy and provide you notice where the scope of personal data being processed changes.

8. EUROPEAN USERS AND RESIDENTS OF THE EUROPEAN ECONOMIC AREA

If you are a resident of the EEA, you have certain rights regarding your personal data. These rights include:

• A Right of Access. You have the right to access personal data that we hold about you free of charge in most circumstances;

• A Right to Rectification. If your personal data is inaccurate or incomplete, you can change the information you provided by changing the personal data yourself on the Service, through third-party services or by contacting TabMail using the e-mail contact listed herein;

• A Right to Erasure. You have the right to obtain deletion of personal data under most circumstances. In most cases, you may simply request the deletion by using the contact information found below. Please be careful as deletion of data in this manner is permanent and the data cannot be recovered;

• A Right to Object. If the processing of personal data is based on legitimate interests according to Article 6(1)(f) of the GDPR or by consent according to Article 6(1)(a) of the GDPR, you have the right to object to this processing. If you object, we will no longer process your personal data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular, if the personal data is necessary for the establishment, exercise or defense of legal claims or if personal data is required for the provision of the Service and you still wish to use the Service;

• A Right to file a Complaint. You have the right to file a complaint with the appropriate supervisory authority in your jurisdiction;

• A Right to Restriction of Processing of your Personal Data. You have the right to obtain restrictions on the processing of your personal data as described in Article 18 of the GDPR;

• A Right to Personal Data Portability. You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller under the conditions described in Article 20 of the GDPR;

• A Right to Post-Mortem Control of Your Personal Data. Certain jurisdictions grant post-mortem controls of your personal data and if such rights are applicable in your jurisdiction, you may have the right to establish guidelines for the preservation, the deletion and the transmission of your personal data after your death through a will or through your estate; and

• A Right to Opt-out of Marketing Communications. You have the right to opt-out of marketing communications we send you at any time. If you receive any marketing e-mails from us, you can exercise your right to stop such communications by clicking on the “unsubscribe” or “opt-out” link on any marketing e-mails TabMail sends you. To opt-out of other forms of marketing, please contact us using the contact details provided below;

Note also that other people, including UK residents, have similar rights as EEA residents and the rights described in this section also apply to UK residents, and many other people located in other jurisdictions around the world, pursuant to substantially similar laws.

9. EU/EEA & UK GDPR REPRESENTATIVES (ARTICLE 27)

If you are located in the EU or UK, and have questions or concerns regarding your personal data, you may contact our GDPR representative:

EU Representative:

Email: [email protected]

UK Representative:

Email: [email protected]

To submit a Data Subject Access Request (DSAR), data deletion request, or any other GDPR-related inquiry, please use our secure portal. This link allows you to verify our appointed representative and submit GDPR requests directly. Requests submitted through this portal are logged and tracked to ensure timely response and compliance.

10. OBTAINING, RECTIFYING AND CONTROLLING PERSONAL DATA

Where permitted under the laws of your jurisdiction, you may contact TabMail to obtain a copy of any personal data we collect, the production of which may be subject to a fee as permitted by applicable law. In addition, you may contact TabMail to correct inaccurate personal data or to complete incomplete personal data.

You may be able to opt-out of some or all of the ways in which personal data is processed, or request the deletion of certain personal data, except where the personal data is necessary or vital for:

• the performance of contractual obligations, such as our Terms or certain other legal obligations;

• protecting your interests or those of another person; and

• our legitimate interests or the legitimate interests of a third-party.

To request to review, update or delete personal data, please contact us using the contact information found below.

11. DATA STORAGE AND RETENTION

TabMail aims to provide strong privacy protections for you and is committed to the minimal amount of data storage and retention as is required to provide you with the Service. In order to provide you with the Service, we may retain your Contact Data, User Data, Payment Data, Feedback Information, Google Data, Tracking and Cookies Data, and Usage Data for the minimum applicable periods as required to provide you with the Service as an ongoing business concern or as required by law. Ephemeral Data is not stored or retained by TabMail and is processed only temporarily to provide you with the Service and optimize your and other users use thereof. For further information on our data retention and storage practices please contact us at [email protected]

While TabMail is a Canadian company, the data provided through the Service may be stored and processed by third parties in countries around the world. By using the Service, you authorize TabMail and third parties acting on our behalf to process your data in any country of their choosing, which may cause your data, including personal data, to be subject to privacy protections and legal rights that may not be equivalent to those in your country.

We have implemented measures to protect your personal data, including by ensuring the use of the European Commission’s Standard Contractual Clauses for transfers of personal data between us and our third-party providers and partners. These clauses require all recipients to protect all personal data that they process originating from the EEA, UK or Switzerland in accordance with European data protection laws and regulations.

You may change the information in your account or terminate your account with TabMail at any time by logging into your account settings and updating your account. Upon your request to terminate your account, we will deactivate or delete your account and information from our databases. However, we may retain some information for applicable periods as required to allow you to restore your account, prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

When we have no ongoing legitimate business need to process your personal data and/or your relationship with TabMail comes to an end, we will promptly return, delete or anonymize any other personal data and confidential information TabMail has on file, in line with our legal obligations. Where returning, deleting or anonymizing your personal data is not possible, TabMail will securely store your personal data and isolate it from any further processing until deletion is possible. Any personal data that has been requested to be returned, deleted or anonymized and is stored on a data backup will be held only temporarily and automatically purged after set expiration periods. Please email [email protected] to request deletion of any personal data of yours that TabMail holds.

12. DO NOT TRACK DISCLOSURE

Do Not Track (“DNT”) is a web or device setting that allows you to request that receivers of personal data stop their tracking activities. When you choose to turn on the DNT setting in your browser or device or use alternative consumer choice mechanisms, your browser or device sends a special signal to websites, analytics companies, advertising networks, plug-in providers and other web services you encounter to stop tracking your activity. Currently, there are no DNT technology standards, and it is possible that there may never be any DNT technology standards. As a result, TabMail does not respond to DNT requests.

13. CHILDREN

TabMail complies with the U.S. Children’s Online Privacy Protection Act and all other applicable laws and regulations concerning children and the Internet. The Service is not directed to children under the age of 18 and TabMail does not knowingly solicit data from or market to children under the age of 18. If we learn that we inadvertently collected personal data from a child under the age of 18, we will deactivate the account and take reasonable measures to promptly delete the data from our records. If you are a parent or guardian of a child who you believe provided TabMail with personal data without your consent, please contact us at [email protected].

If you are a resident of the EEA below the age of consent in your country, TabMail shall comply with applicable consent gathering standards required by law in your jurisdiction.

14. CALIFORNIA “SHINE THE LIGHT” RIGHT

If you are a California resident, California Civil Code 1798.83 grants you the right to request disclosure of the categories of personal data we control and have provided to third parties, and the names and addresses of these third parties, for direct marketing purposes during the preceding calendar year. If you are a California resident and would like to make this request, please contact us using the contact information set forth below.

Please note that you may only make this request once per year.

15. YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident, California Civil Code Section 1798.120 permits you to opt-out of the sale and sharing of your personal data to third parties. Currently, TabMail does not sell your personal data to third parties except as directly requested with your consent and as such no opt-out of the sale of such personal data is necessary. Although TabMail does not sell your personal data to third parties without consent, TabMail does provide a right to opt out of third-party sharing to all our users. Note that certain essential Service features may rely on third-party sharing and by exercising your right to opt-out you may not have access to these features. If you have any other questions about our privacy practices, please email us at [email protected].

16. CHANGE OF OWNERSHIP OR BUSINESS TRANSITION

In the event of, or in preparation for, a change of ownership or control of TabMail or a business transition such as the sale of some or all TabMail’s assets, we may disclose and/or transfer your personal data to third parties who will have the right to continue to collect and use such data in the manner set forth in this Privacy Policy. TabMail will only disclose such personal data where the disclosure is subject to adequate privacy and confidentiality protections to ensure the security of your personal data in any proposed change of ownership or business transition.

17. SECURITY

We are committed to ensuring that your data is secure. To prevent unauthorized access, disclosure, or breach, we have put in place suitable physical, electronic, and administrative procedures to safeguard and secure the data we collect and process. Such safeguards include but are not limited to encryption of data both in transit and at rest, authentication of users and their activity, role-based access controls and active security monitoring and audits. Despite our safeguards and security, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. Transmission of personal data to and from our Services is at your own risk. You should only access the Services within a secure environment.

In the event TabMail becomes aware of a security breach concerning your personal data, TabMail has committed to provide you notice within 72 hours of discovering such breach. Such notification will contain a description of the nature and extent of the breach, what personal data may be subject to the breach, steps taken by TabMail to mitigate the harm, our compliance with applicable laws and such related information as necessary to help you secure your personal data (subject to TabMail’s actual knowledge thereof).

18. CONTACT PREFERENCES

TabMail primarily communicates with you through the Service itself but may also communicate with you through your email address or other digital methods to conduct the Service and to respond to support requests or comments. If you have provided us with your email address and would like to change the email preferences we associate with you (for example, unsubscribing from receiving certain types of email) you may do so by clicking a link within certain types of emails that we send to you or, if no link is available, by replying with “unsubscribe” in the email title or body. On rare occasions, some types of email are necessary for the Service and cannot be unsubscribed from if you continue to use the Service.

19. UPDATES

TabMail reserves the right, in its sole discretion, to modify this Privacy Policy at any time (each an “Update”) and shall make each Update available on our Website, indicated by an updated “Revised” date. You are deemed to accept an Update by continuing to use the Service. Unless TabMail states otherwise, an Update is automatically effective 30 days after posting on the Website, except in such case where an Update is immaterial to any of your legal rights or legal obligations of TabMail and such Update is made only to correct a typographical, formatting or grammar inaccuracy, and in such case, an Update is effective immediately after posting on the Website.

20. CONTACT US

If you have any requests, questions or comments about the Privacy Policy or our data collection in general, please contact our Data Privacy Officer or our Privacy Team at [email protected] or by post at: