Privacy Policy

Last updated: April 29, 2026

1. Introduction

AfterHours Lead Reply (“AfterHours”, “we”, “our”, or “us”) operates the website after-hours.email and the AfterHours Lead Reply SaaS application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, organization name, business hours, and timezone. If you sign in via Google OAuth, we receive your Google profile name and email.

2.2 Email Account Access (Gmail / Outlook)

To provide automated replies, you authorize AfterHours to access your connected email account. We request the following permissions:
  • Gmail: Read incoming emails (gmail.readonly) and send replies on your behalf (gmail.send).
  • Microsoft Outlook: Read and send email via the Microsoft Graph API.
We access only the email messages necessary to determine whether an incoming message is a new lead and to compose a reply. We do not read, store, or process emails outside of this purpose.

2.3 Email Content

Incoming email subject lines, sender addresses, and message bodies are temporarily processed to classify the email and generate a reply. Email content is passed to a third-party AI model (see Section 5) and is not stored beyond the processing window unless the message is classified as a lead (in which case the sender name, email, and subject are stored as a lead record in your dashboard).

2.4 Usage Data

We collect standard server logs (IP addresses, browser type, pages visited, timestamps) and application telemetry to monitor service health.

3. How We Use Your Information

  • Authenticate you and manage your account.
  • Poll your connected email inbox during after-hours periods and automatically reply to identified leads.
  • Send you daily digest emails and high-urgency lead alerts (if enabled).
  • Improve and maintain the reliability of the service.
  • Comply with legal obligations.

We do not use your email data to train AI models, serve advertising, or share with third parties except as described in Section 5.

4. Data Retention

  • Lead records (sender name, email, subject, reply status) are retained until you delete them or close your account.
  • OAuth access tokens are encrypted at rest (AES-256-GCM) and are deleted when you disconnect an email account.
  • Raw email bodies are not persisted after processing.
  • Account data is deleted within 30 days of account closure upon request.

5. Third-Party Services

  • Anthropic / OpenAI: Email content is sent to an AI API to classify whether a message is a lead and to generate a reply. These providers process data under their own privacy policies and are not permitted to use your data to train their models via our API usage.
  • Google (Gmail API): We use Google APIs to read and send email. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • Microsoft (Graph API): We use Microsoft Graph to read and send Outlook email on your behalf.
  • Railway / Infrastructure: Our application is hosted on Railway. Your data resides on servers in the United States.

6. Google API Limited Use Disclosure

AfterHours Lead Reply’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
  • We only read and send email for the purpose of automated lead replies.
  • We do not transfer Gmail data to third parties except AI providers required to generate the reply, and only for that purpose.
  • We do not use Gmail data for advertising.
  • We do not allow humans to read your Gmail data except with your explicit consent or as required by law.

7. Security

We implement industry-standard measures to protect your data: TLS in transit, AES-256-GCM encryption for stored OAuth tokens, hashed passwords (bcrypt), and JWT-based session management. No system is 100% secure; please use a strong password and keep your account credentials confidential.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data, or to withdraw consent for processing. To exercise these rights, contact us at the address below. We will respond within 30 days.

9. Children

AfterHours is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe we have done so, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the service after such changes constitutes acceptance of the updated policy.

11. Contact

If you have questions or requests regarding this Privacy Policy, please contact us at: [email protected]
← Back to home·Terms of Service