Features
GmailOutlook Web
PricingDownloadsSign in

Privacy Policy

Last updated: January 2026

TL;DR - The short version

  • Your email content NEVER leaves your device. All risk checks happen 100% locally.
  • We don't see your emails. We don't store them. We don't use them for AI training.
  • Only metadata for analytics: check counts, no content.
  • You can delete your data at any time via your account settings.

1. Who are we?

Before You Click ("we", "us", "our") is privacy-first software that protects you from irreversible digital mistakes. This privacy policy explains how we handle your data when you use our products.

2. What data do we collect?

2.1 Data we DO collect

  • Account data: Email address, name (optional), password hash
  • Device data: Device type (desktop/extension), platform (macOS/Windows/Chrome)
  • Usage analytics (metadata only):
    • Number of checks performed
    • Which check types triggered (e.g., "R1 - Missing attachment")
    • Verdict (ALLOW/WARN/BLOCK)
    • Platform (Gmail/Outlook)
  • Payment data: Processed via Stripe, we never store credit card numbers

2.2 Data we NEVER collect

We NEVER collect, view, or store:

  • ❌ Email content (body, subject)
  • ❌ Recipients or senders
  • ❌ Attachments
  • ❌ Contacts
  • ❌ Passwords from other services

3. How does Before You Click work technically?

Before You Click runs entirely locally in your browser. When you want to send an email:

  1. The Browser Extension intercepts the "Send" action
  2. The email content is analyzed locally by our Risk Engine
  3. A verdict is determined (ALLOW/WARN/BLOCK)
  4. Only the verdict and check type are (optionally) sent to our server for analytics
  5. The email content never leaves your browser

4. Where is data stored?

Account and analytics data are stored on servers within the European Union (Supabase, hosted in Frankfurt). We use industry-standard encryption (TLS 1.3, AES-256).

5. Who do we share data with?

We only share your data with:

  • Supabase: Database and authentication (EU servers)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Vercel: Website hosting

We never sell your data to third parties.

6. Your rights (GDPR)

As an EU resident, you have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and all data
  • Portability: Export your data
  • Object: Stop certain processing

To exercise your rights, email privacy@beforeyouclick.io.

7. Data retention

  • Account data: Until you delete your account
  • Analytics: Maximum 12 months, then anonymized
  • Logs: Maximum 30 days

8. Cookies

We only use essential cookies for authentication. No tracking cookies, no advertising cookies, no third-party analytics.

9. Changes

We may update this policy. For significant changes, we will email registered users.

10. Contact

Questions about privacy? Email privacy@beforeyouclick.io.