Privacy Policy

Effective date: March 25, 2026  ·  Last updated: March 25, 2026

1. Introduction

QikSend ("we", "our", or "us") operates the website qiksend.ai and the QikSend email generation and sending platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

We collect information you provide directly and information generated through your use of the Service:

  • Account information: name, email address, and authentication credentials when you create an account.
  • Email content: prompts you enter and the HTML emails generated on your behalf. This content is used solely to provide the Service and is never sold or shared with third parties for advertising.
  • Connected account credentials: when you connect a Gmail or Microsoft/Outlook account, we store OAuth tokens (access token and refresh token) in our database. These tokens are encrypted at rest using AES-256-GCM encryption and are tied exclusively to your user account. They are never transmitted to the client browser or exposed in any API response.
  • Contact data: names and email addresses you add to your contact list within the Service.
  • Usage data: pages visited, features used, and timestamps of actions, collected to improve the Service.

3. How We Use Your Information

  • To provide, operate, and maintain the Service.
  • To send emails on your behalf using your connected Gmail or Outlook account — emails are sent from your own account, not from QikSend servers.
  • To generate email content using AI based on your prompts.
  • To communicate with you about your account, updates, and support.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

4. OAuth Token Security

When you connect your Gmail or Microsoft account, we receive OAuth 2.0 tokens from Google or Microsoft. We handle these tokens with the following security measures:

  • Encryption at rest: All access tokens and refresh tokens are encrypted using AES-256-GCM before being stored in our database. The encryption key is stored separately from the database.
  • User isolation: Tokens are stored with a strict foreign key reference to your user ID. No user can access another user's tokens.
  • Never client-side: Tokens are never returned in any API response to the browser. The client only receives a connection status (connected: true/false) and the email address of the connected account.
  • Minimal scope: We request only the gmail.send (Gmail) and Mail.Send (Microsoft) scopes — the minimum required to send emails on your behalf. We do not request access to read, modify, or delete your emails.
  • Revocation: You can disconnect your account at any time from the Settings page. This immediately deletes your tokens from our database. You can also revoke access directly from your Google or Microsoft account settings.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following limited circumstances:

  • Service providers: We use trusted third-party services (cloud hosting, database providers) that process data on our behalf under strict data processing agreements.
  • AI generation: Your email prompts are sent to an AI language model API to generate email content. Prompts are not used to train AI models.
  • Legal requirements: We may disclose information if required by law, court order, or governmental authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Data Retention

We retain your account information and email history for as long as your account is active. OAuth tokens are retained until you disconnect your account or they are revoked. You may request deletion of your account and all associated data by contacting us at [email protected].

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request a machine-readable export of your data.
  • Objection: Object to certain processing of your data.

To exercise any of these rights, contact us at [email protected].

8. Cookies

We use a single session cookie to maintain your authenticated session. This cookie is HTTP-only, Secure, and SameSite=None. We do not use advertising cookies or third-party tracking cookies.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the effective date. Your continued use of the Service after changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

QikSend
Email: [email protected]
Website: qiksend.ai