Legal
Privacy Policy
Last updated: April 27, 2026
This Privacy Policy explains what Emma collects, how we use it, and the choices you have. It is written for the actual product: connected inboxes, AI drafting, deal workflows, outreach, subscriptions, and optional integrations.
If you use Emma on behalf of an agency, company, client, creator, or team, please make sure you have the rights and permissions needed to provide their information to Emma.
1. Who We Are
Emma is operated by Creator Compute Company. Emma helps creators, managers, and agencies manage brand deal conversations, connected inboxes, outreach, drafts, invoices, reminders, and related workflow data.
In this policy, 'Emma', 'Creator Compute Company', 'we', 'us', and 'our' refer to Creator Compute Company and the Emma service.
2. Information We Collect
We collect information you provide directly, information generated when you use Emma, and information from services you choose to connect.
- Account information, such as your name, email address, user type, agency or company name, profile details, and authentication metadata.
- Creator, brand, deal, contact, CRM, invoice, contract, campaign, note, task, and message data you add or authorize us to process.
- Connected inbox data from Gmail, Outlook, or other email providers you authorize, including sender, recipient, subject, thread metadata, message bodies, attachments, labels, folders, drafts, and send status.
- AI workflow data, including prompts, generated drafts, classifications, extracted deal terms, summaries, chat messages, approval events, and agent activity needed to provide the service.
- Billing and subscription data, such as plan, payment status, customer identifiers, receipts, and tax records. We do not store full payment card numbers.
- Optional integration data from services you connect, such as Slack, QuickBooks, Airtable, Notion, Monday.com, WhatsApp or SMS providers, social or creator analytics providers, and enrichment providers.
- Usage, device, log, diagnostic, and analytics data, such as IP address, browser, device, pages visited, feature use, errors, performance events, and security logs.
3. How We Use Information
- Provide, secure, operate, troubleshoot, and improve Emma.
- Connect to your inbox, classify messages, detect brand opportunities, extract deal terms, draft replies, create drafts, send or schedule outreach when authorized, and keep email state in sync.
- Power AI features, including chat, document review, deal matching, summarization, classification, draft generation, and workflow automation.
- Manage accounts, teams, subscriptions, payments, invoices, support, notifications, onboarding, and product communications.
- Sync data with integrations you enable and perform actions you request through those integrations.
- Detect, prevent, and investigate spam, abuse, security incidents, service misuse, billing issues, and violations of our Terms.
- Comply with legal obligations and enforce agreements.
4. Connected Email and Google User Data
When you connect an inbox, Emma uses the permissions you grant to read, organize, draft, send, and sync email only to provide user-facing product features. You can disconnect an inbox from Emma or from your email provider account settings.
Emma's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data, use it for advertising, or use it to train generalized AI or machine learning models.
5. AI Processing
Emma sends relevant content to AI service providers when needed for features such as email classification, draft generation, chat, document review, search, and extraction. We design these flows to send the minimum context needed for the task.
We do not use connected inbox content to train generalized AI models. Our AI providers process data on our behalf under their service terms and data processing commitments.
6. Sharing and Subprocessors
We share data with service providers that help us run Emma, including hosting, database, email connectivity, AI processing, payments, error monitoring, analytics, messaging, enrichment, and customer support providers. They may process data only as needed to provide services to us.
We also share data with third-party integrations you connect or direct us to use. Those services process data under their own terms and privacy policies.
- Infrastructure and storage providers, including Supabase, Cloudflare, Vercel, and similar hosting providers.
- Email connectivity providers and the underlying email providers you connect.
- AI and data processing providers, including OpenAI, Anthropic, Google AI, and similar providers used for product features.
- Billing providers, including Stripe.
- Monitoring, logs, analytics, and diagnostics providers, including Sentry, Grafana, Amplitude, and similar tools.
- Communication and integration providers, including Slack, Twilio, QuickBooks, Airtable, Notion, Monday.com, and similar tools when enabled.
7. Legal Bases
For users in the UK, EEA, and other regions with similar privacy laws, we process personal data based on contract necessity, consent, legitimate interests, and legal obligations. For example, inbox access and optional integrations depend on your authorization, while billing records may be retained to meet legal requirements.
8. Security
We store data safely using technical and organizational safeguards designed to protect it from unauthorized access, loss, misuse, or disclosure. Data is encrypted in transit using HTTPS/TLS, and our infrastructure providers encrypt stored data at rest.
Sensitive integration credentials are protected with additional encryption using strong cryptography such as AES-256-GCM. We also use access controls, service role separation, logging, and operational security practices to limit access to user data.
No internet service can guarantee perfect security. Please use strong passwords, keep connected accounts secure, and tell us promptly if you believe your account has been compromised.
9. Retention and Deletion
We keep data for as long as needed to provide Emma, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Retention periods vary by data type and feature.
If you disconnect an inbox, we revoke or clear the active connection where possible and stop using that grant for new reads or sends. If you delete your account, we disable product access and automated sending, revoke connected email grants where possible, and delete or anonymize data subject to backups, legal obligations, and legitimate business needs.
10. Cookies and Analytics
Emma may use cookies, local storage, and similar technologies for authentication, security, preferences, analytics, and product improvement. Browser settings may allow you to block or delete cookies, though some service features may stop working.
11. International Transfers
We and our providers may process data in the United States, United Kingdom, European Union, and other countries. Where required, we use appropriate safeguards such as standard contractual clauses, data processing agreements, and provider transfer mechanisms.
12. Your Rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data, and to withdraw consent where processing is based on consent. You may also have the right to complain to a data protection authority.
To exercise your rights, contact [email protected] with enough information for us to verify and process your request.
13. Children
Emma is not intended for children under 13 or for anyone under the age required to use the service in their location. Do not use Emma if you are not old enough to enter into these terms or provide valid consent.
14. Changes
We may update this Privacy Policy as Emma evolves. If changes are material, we will take reasonable steps to notify users, such as updating the date on this page or sending an in-product or email notice.