Privacy Policy

Last updated: March 19, 2026

1. Introduction

Welcome to Outlook Inbox ("we," "our," or "us"), a product developed and operated by BaruzoTech ("BaruzoTech," baruzotech.com). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Outlook Inbox application ("App") available on the monday.com Marketplace.

By installing, accessing, or using our App, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you install the App, we receive basic account information from your monday.com workspace, including your name, email address, workspace name, and user ID.
  • Microsoft Account Authorization: When you connect your Microsoft Outlook account, you authorize the App to access your email data through the Microsoft Graph API via our third-party email integration provider, Nylas. This includes email messages, folders, contacts, and other related data necessary for the App to function.
  • Email Content: The emails you view, send, reply to, and manage through the App, including email subject lines, body content, attachments, sender and recipient information, and timestamps.
  • Email Templates: Any email templates you create within the App, including template names, content, and placeholder configurations.
  • Board Data: Data from your monday.com boards that you configure for use with the App, including column values (such as email addresses), item names, and other board data used for email placeholders and matching.

2.2 Information Collected Automatically

  • Usage Data: We automatically collect information about how you interact with the App, including features used, actions taken (such as emails sent, templates created, views accessed), frequency of use, and error logs.
  • Device Information: Browser type and version, operating system, screen resolution, and device identifiers.
  • Log Data: Server logs that may include your IP address, access times, pages viewed within the App, and referring URLs.
  • Cookies and Similar Technologies: We may use cookies, web beacons, and similar tracking technologies to collect information about your browsing activity and to maintain your session within the App.

2.3 Information from Third Parties

  • monday.com: We receive workspace and user information from monday.com as part of the app installation and authentication process, in accordance with the monday.com API and marketplace guidelines.
  • Nylas (Third-Party Email Integration Provider): We use Nylas, a third-party email API platform, to facilitate the connection between your Microsoft Outlook account and the App. Nylas processes your email data to enable email synchronization, sending, and receiving functionality. By using our App, your email data is processed through Nylas's infrastructure. You can review Nylas's privacy policy at https://www.nylas.com/legal/privacy-policy/.
  • Microsoft: Email content, metadata, and account information accessed through Microsoft Graph API as authorized by you during the OAuth consent flow.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and Maintaining the App: To display your Outlook inbox within monday.com, enable email sending and replying, match emails to board contacts, and provide the core functionality of the App.
  • Email Template Feature: To store and process your email templates, populate placeholders with data from your monday.com board columns, and enable one-click email sending.
  • Item View Feature: To match email addresses from your monday.com board columns with your Outlook email communications and display relevant email threads within the item view.
  • Improvement and Optimization: To analyze usage patterns, diagnose technical issues, improve App performance, and develop new features.
  • Communication: To send you important notices about the App, including updates, security alerts, and support messages.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Security and Fraud Prevention: To detect, prevent, and address security incidents, fraud, and other harmful or unauthorized activities.

4. Third-Party Services and Data Processors

Our App relies on the following third-party services to function:

4.1 Nylas

Nylas is our primary third-party email integration provider. Nylas acts as a data processor on our behalf and processes your email data to provide email synchronization, sending, and receiving capabilities within the App. Nylas may temporarily store and cache your email data on their servers to ensure reliable and fast email delivery. We have a data processing agreement with Nylas that requires them to handle your data in accordance with applicable data protection laws. For more information about how Nylas handles your data, please visit Nylas's Privacy Policy.

4.2 monday.com

The App operates within the monday.com platform and accesses your workspace data through the monday.com API. Your use of monday.com is governed by monday.com's own terms of service and privacy policy.

4.3 Microsoft Outlook API

The App accesses your Microsoft Outlook email data through the Microsoft Outlook REST API and Microsoft Graph API. These APIs allow the App to read your emails, send new emails, reply to existing threads, and access your mailbox folders and contacts on your behalf. The App requests only the minimum permissions necessary to provide its functionality, including permissions to read and send mail, and access your profile information. All API access is authenticated through Microsoft's OAuth 2.0 authorization framework — we never receive or store your Microsoft password. Your Microsoft account and data are subject to Microsoft's terms of service and privacy statement. You can revoke the App's access to your Microsoft account at any time through your Microsoft account security settings at https://account.microsoft.com/privacy.

4.4 Hosting and Infrastructure

We use industry-standard cloud hosting providers to host the App's backend infrastructure. These providers may process your data in data centers located in various geographic regions. We ensure that all hosting providers meet appropriate security and data protection standards.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • Service Providers: With third-party service providers (such as Nylas) who perform services on our behalf and require access to your data to provide those services. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Legal Requirements: When required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your data may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your data.
  • With Your Consent: We may share your information with third parties when you have given us your explicit consent to do so.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols.
  • Encryption of sensitive data at rest, including authentication tokens and credentials.
  • Regular security assessments and vulnerability testing.
  • Access controls and authentication mechanisms to limit data access to authorized personnel only.
  • Secure OAuth 2.0 authentication flows for connecting Microsoft accounts — we never store your Microsoft password.
  • Regular monitoring and logging of system activities for security purposes.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Specifically:

  • Account Data: Retained for as long as you have the App installed and an active account with us. Upon uninstallation or account deletion, we will delete your account data within 30 days.
  • Email Data: Email data accessed through the App is processed in real-time and is not permanently stored on our servers beyond what is necessary for caching and performance purposes. Nylas may retain cached email data in accordance with their own data retention policies.
  • Email Templates: Templates you create are retained until you delete them or uninstall the App.
  • Usage and Log Data: Generally retained for up to 12 months for analytics and debugging purposes, after which it is aggregated or deleted.

8. Your Rights and Choices

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

  • Right of Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request correction of any inaccurate personal information we hold about you.
  • Right to Erasure: You have the right to request deletion of your personal information, subject to certain legal exceptions.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal information in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal information in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time by disconnecting your Microsoft account or uninstalling the App.

To exercise any of these rights, please contact us at outlookinbox@baruzotech.com. We will respond to your request within 30 days.

9. International Data Transfers

Your information may be transferred to, and maintained on, servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. If you are located outside of our primary operating region and choose to provide information to us, please be aware that we transfer the data to our servers and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy when transferred internationally, including the use of standard contractual clauses and other approved transfer mechanisms.

10. Children's Privacy

Our App is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete such information as soon as possible. If you believe that we may have collected information from a child under 16, please contact us immediately at outlookinbox@baruzotech.com.

11. GDPR Compliance (For EU/EEA Users)

If you are located in the European Union or European Economic Area, the following additional provisions apply:

  • Data Controller: BaruzoTech is the data controller for the personal information processed through the App.
  • Legal Basis for Processing: We process your personal information based on: (a) your consent when you connect your Microsoft account; (b) the performance of our contract with you to provide the App's services; (c) our legitimate interests in improving and securing the App; and (d) compliance with legal obligations.
  • Data Protection Officer: For GDPR-related inquiries, please contact us at outlookinbox@baruzotech.com.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.

12. CCPA Compliance (For California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose about you.
  • The right to request deletion of your personal information.
  • The right to opt-out of the sale of your personal information. We do not sell your personal information.
  • The right to non-discrimination for exercising your CCPA rights.

To exercise your CCPA rights, please contact us at outlookinbox@baruzotech.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy within the App or through email notification. The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BaruzoTech

Email: outlookinbox@baruzotech.com

Website: baruzotech.com