Privacy Policy

01 Who we are

Mabel (“Mabel,” the “Service,” “we,” “us,” or “our”) is a personal email assistant operated by Baseline Logic LLC, a limited liability company based in Colorado, United States. Baseline Logic LLC is the data controller responsible for the personal information described in this policy.

You interact with the Service by sending email to its assistant address (for example, ask@mabel.email) and receiving replies. This policy also covers our marketing website at mabel.email, including the early-access request form.

02 On discretion

Most assistants earn their usefulness by reading everything you have — your full inbox, calendar, contacts, and files. Mabel takes the opposite approach. There is no inbox sync, no OAuth connection to your mail provider, no browser extension, and no app to install.

The assistant only ever receives the specific message you forward or write to it. Nothing before it, nothing after it, and nothing else in your mailbox is visible to us. The act of forwarding a message is the act of consent to process that message. This is the core of how the Service works, and it shapes everything below.

This is about access, not secrecy. It means we never reach into anything you didn’t send — but the message you do send still travels as ordinary, non-end-to-end-encrypted email and is processed by our AI providers to generate your reply (see section 7). Treat it as you would any email. What sets Mabel apart is not that the channel is secret, but that once your message is answered it is not kept (see Data retention).

03 Information we collect

Messages you send the assistant

When you email the assistant, we receive the content of that message — the body text, the subject line, and any attachments or images — so we can act on it. We do not keep it. The message is held only transiently while our system generates and sends your reply, and its content is then automatically deleted (see Data retention). We do not retain a copy of the raw email, the message body, the subject, or the reply we send back.

Because you decide what to send, you control what we receive. Note that while we generate your reply, the content is transmitted to the AI providers described in section 7. Please avoid forwarding information you do not want processed by an AI assistant — for example, highly sensitive personal, financial, or health details — unless you are comfortable with that processing.

Account information

Mabel is currently invite-only. When you are added, we store your email address, an optional display name, your account status, usage quotas, and any internal notes our team records about your invitation. If you request early access through our website, we collect the email address you submit and any optional details you provide (such as which examples interested you).

Your memory note

To make replies more useful, the assistant maintains a short, human-readable note about you (an evolving summary built from your exchanges — for example, “prefers concise answers” or “favorite cuisine is Thai”). This note is sent to the AI model with each request so the assistant can keep context across messages. You can ask us to view, correct, or delete it at any time.

Usage and operational data

We retain aggregate metadata needed to run and bill the Service: counts of messages and timestamps, which AI model handled a request, token counts and cost estimates, and job status. This data does not include the content of your messages. We use it for quota enforcement, billing accuracy, abuse prevention, and basic reliability monitoring.

Website and email-authentication data

When you visit our website, our hosting and edge providers automatically log standard technical information such as IP address, browser type, and timestamps for security and reliability. Inbound email is checked against standard sender-authentication signals (SPF, DKIM, and DMARC) to reject spoofed mail; the results of those checks are processed as part of accepting your message.

04 What we do not collect

• We do not connect to, sync, or read your mailbox.
• We do not request OAuth permissions or access tokens to your email account.
• We do not access your contacts, calendar, or files.
• We do not install browser extensions or device software.
• We do not track your activity across other websites or build advertising profiles.
• We do not retain the content of your messages or our replies once we have answered you.

05 How we use information

We use the information we collect to:

• Process the request in your message and send you a useful reply;
• Maintain conversational context through your memory note;
• Enforce usage quotas and prevent abuse, spoofing, and fraud;
• Operate, secure, monitor, and debug the Service;
• Communicate with you about the Service, including early-access onboarding and important notices;
• Comply with our legal obligations.

We do not use your messages or memory note to build advertising profiles, and we do not sell them.

06 Legal bases (GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

• Performance of a contract — to provide the assistant service you requested by sending a message.
• Consent — your choice to forward a specific message, and to let the assistant keep a memory note, which you may withdraw at any time.
• Legitimate interests — to secure the Service, prevent abuse, and operate our business, balanced against your rights.
• Legal obligation — where we must retain or disclose data to comply with the law.

07 How your message is processed & shared

Mabel is built on a small number of trusted infrastructure and AI providers. To generate a reply, the content of your message and your memory note are transmitted to AI providers who run the language models that produce the answer. We do not sell your personal data to anyone. We share data only with the service providers (“subprocessors”) below, who process it on our behalf under contractual confidentiality and data-protection terms:

As we add features (for example, image generation), we may engage additional providers and will update this list. We may also disclose information if required by law, to enforce our terms, or to protect the rights, safety, and security of our users or the public. If Baseline Logic LLC is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to this policy.

08 AI model training

We do not use your messages or memory note to train AI models. We select our AI providers and configure their data settings with the intent that your content is not used to train their models. Some providers may retain inputs for a short period for security and abuse-monitoring purposes before deletion, in line with their own published policies. Because the specific model handling a request can vary, we encourage you not to send content you would not want processed by a third-party AI service.

09 Data retention

Message content — not retained

We do not retain the content of your messages or our replies. A message is stored only for the brief period our system needs to generate and send your reply — typically a few seconds, and at most a few minutes if a temporary error requires a retry. Once the reply is sent (or the request permanently fails), the message content is automatically deleted from our database. We retain technical threading identifiers (such as machine-generated message IDs) so related emails group into the same conversation, but those identifiers do not contain your message content.

What we keep

The only personal information we retain on an ongoing basis is your account information, your memory note, and the aggregate usage and operational metadata described above. We keep these for as long as your account is active, and for a reasonable period afterward as needed for security, dispute resolution, and legal compliance.

Deletion

You may ask us to delete your data at any time (see Your privacy rights). On request, we will delete your memory note and account and close your access, except where we are required to retain certain limited records by law.

10 Security

We take reasonable measures to protect your information, including:

• Encrypted transport (TLS/HTTPS) for web and API traffic;
• Cryptographically signed (HMAC) webhooks so our application only accepts authenticated inbound mail;
• Sender authentication (SPF, DKIM, DMARC) plus an invite-only allowlist to block spoofed and unsolicited mail;
• Restricting internal administrative access to authorized personnel through an access-controlled gateway.

Please note that email is not end-to-end encrypted in transit between your mail provider and ours, and no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect your information and to notify you of material breaches as required by law.

11 Your privacy rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

• Access — obtain a copy of the personal data we hold about you;
• Correction — correct inaccurate or incomplete data, including your memory note;
• Deletion — request that we delete your data;
• Portability — receive your data in a portable format;
• Objection / restriction — object to or restrict certain processing;
• Withdraw consent — where we rely on consent;
• Non-discrimination — we will not deny you service or charge you differently for exercising these rights.

To exercise any of these rights, email us at privacy@mabel.email. We will verify your request using the email address associated with your account and respond within the timeframe required by applicable law. You may also authorize an agent to make a request on your behalf where the law permits.

12 Colorado & other US states

If you are a Colorado resident, the Colorado Privacy Act (CPA) gives you the rights of access, correction, deletion, data portability, and the right to opt out of the sale of personal data, targeted advertising, and certain profiling. We do not sell personal data, serve targeted advertising, or engage in profiling that produces legal or similarly significant effects, so there is no opt-out to apply — but you may still exercise your other rights as described above.

If we deny a rights request, you may appeal by replying to our decision or emailing privacy@mabel.email. If your appeal is unsuccessful, you may contact the Colorado Attorney General. Residents of other US states with comprehensive privacy laws (such as California, under the CCPA/CPRA) have comparable rights; we extend the rights described in this policy to all our users regardless of state. We do not “sell” or “share” personal information for cross-context behavioral advertising as those terms are defined under California law.

13 International users & transfers

Mabel is operated from the United States, and our providers may process data in the United States and other countries. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for international transfers.

14 Cookies & the website

Our marketing website uses only what is necessary to function. We do not use advertising or cross-site analytics trackers, and the early-access form is protected by a hidden honeypot field rather than a third-party CAPTCHA. One third-party service may receive your IP address when you load the site: Google Fonts, which serves the typefaces. Our internal admin tools use a cookie solely to authenticate authorized staff (through Cloudflare Access). The email assistant itself does not rely on cookies.

15 Children

Mabel is not directed to children. The Service is invite-only and intended for adults; we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

16 Third-party links

Replies from the assistant may include links to third-party websites (for example, recipe sites or research sources). We are not responsible for the privacy practices or content of those sites, and we encourage you to review their policies before sharing information with them.

17 Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If we make material changes, we will take reasonable steps to notify you, such as by email or a prominent notice. Your continued use of the Service after an update means you accept the revised policy.

18 Contact us

If you have questions about this policy or how we handle your data, or to exercise your privacy rights, contact us: