Privacy Policy

Last Updated: December 8, 2025

1. Introduction

Found Opportunity ("we," "our," or "us") operates www.foundopportunity.com and provides email analysis services to identify business opportunities. This Privacy Policy explains how we collect, use, protect, and handle your information.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password (encrypted)
• Email Connection: Email address and OAuth access tokens for Gmail or Outlook
• Profile Information: Optional company name, industry, preferences

2.2 Information We Access from Your Email

When you connect your email account, we only access messages in your spam or junk folder and only with your explicit permission.

• Email Content (from spam/junk folders only): Subject lines, sender information, a short preview of the email body (approximately 300 characters), and dates for emails that appear to be legitimate opportunities. Full email bodies are processed in memory for analysis and are not stored.
• Email Metadata (for validation and security): Technical identifiers such as message IDs, folder/label names (to confirm the message is in spam/junk), and timestamps. We do not store read/unread status or full header data beyond what is needed for opportunity detection and security checks.
• Scope of Access:
  • Gmail: We only read messages from the SPAM label using read-only Gmail API scopes.
  • Outlook/Microsoft 365: We only read messages from folders named "Junk Email" or "Junk" using read-only Microsoft Graph API scopes.
  • We do not read Inbox, Sent, Drafts, Trash, or any other folders.
• Data Retention: Opportunity details (sender, subject, body preview, and classification metadata) are stored for up to 7 days and then automatically deleted.

2.3 Automatically Collected Information

• Usage Data: Features used, login times, interaction patterns
• Technical Data: IP address, browser type, device information, operating system
• Cookies: Session cookies for authentication and functionality
• Mobile App Data: Device type, operating system version, push notification tokens, and app version when using our mobile application

3. How We Use Your Information

3.1 Email Processing

• Analyze email content from your spam/junk folders to identify business opportunities, such as sales leads, referrals, partnership requests, and other messages that appear legitimate but were misfiled as spam
• Categorize and rank opportunities by relevance and priority
• Extract key information (sender details, opportunity type, urgency)
• Present filtered results in your dashboard

3.2 Service Operations

• Provide and maintain the Found Opportunity service
• Send service-related notifications (new opportunities found, system updates)
• Improve our AI detection algorithms
• Analyze detection accuracy during a 7-day quality control window before automatic deletion
• Provide customer support
• Detect and prevent fraud or abuse

3.3 AI Processing

We use Anthropic's Claude AI to analyze email content. Email data sent to Anthropic for processing:

• Is processed in real-time and not stored by Anthropic
• Is not used to train AI models
• Is transmitted securely via encrypted connections
• Complies with Anthropic's data processing terms

4. How We Share Your Information

We do NOT sell, rent, or trade your email data or personal information.

4.1 Service Providers

We share data with trusted third-party providers who help us operate and secure our service. These providers only receive the minimum data needed to perform their functions and are not allowed to use it for their own purposes:

• Anthropic (Claude AI): Email content analysis for spam/junk emails. Data is processed in real time, not stored by Anthropic, and not used to train AI models.
• DigitalOcean: Cloud hosting, managed PostgreSQL database, and encrypted backups for our application data.
• SendGrid: Transactional email delivery for account-related emails, notifications, and security alerts.
• Stripe: Subscription and payment processing. We do not store full payment card numbers; this information is handled directly by Stripe.
• Namecheap: Domain registration and DNS hosting, which may involve processing website and DNS logs (such as visitor IP addresses and user agents).
• UptimeRobot: Uptime and health monitoring of our public endpoints (URL checks and basic status information).
• Intruder.io: External vulnerability scanning and security assessments of our production environment.
• Google: Gmail OAuth authentication, access to spam emails (using read-only scopes), and distribution of our Android mobile app via Google Play Store.
• Microsoft: Outlook/Microsoft 365 OAuth authentication and access to Junk Email/Junk folders (using read-only scopes).
• Apple: Distribution of our iOS mobile app via the Apple App Store and push notification delivery via Apple Push Notification Service (APNs).
• Firebase Cloud Messaging (FCM): Push notification delivery to Android devices.

We do NOT sell, rent, or trade your email data or personal information.

4.2 Legal Requirements

We may disclose information if required by law, court order, or to:

• Comply with legal obligations
• Protect our rights or property
• Prevent fraud or security issues
• Protect user safety

4.3 Business Transfers

If Found Opportunity is acquired or merged, your information may be transferred to the new entity. We will notify you before this occurs.

5. Data Security

5.1 Security Measures

• Encryption: All data transmitted using TLS/SSL encryption
• Access Controls: Strict internal access policies and authentication
• OAuth Security: We never store your email password - only secure OAuth tokens
• Database Security: Encrypted database storage with access logging
• Regular Audits: Security reviews and vulnerability testing
• Vulnerability Scanning: Continuous external vulnerability scanning of our production environment through a third-party provider
• Security Assessments: Independent security assessments (including Google's CASA Tier 2 program) with tracked remediation of identified issues
• Administrative Security: Strong authentication and 2FA required for administrative access to our infrastructure and code repositories

5.2 Data Retention

We retain your data only for as long as necessary to provide the service, meet legal obligations, and maintain security:

• Email Content (full bodies): Full email bodies from your spam/junk folders are processed in real time for analysis and are not stored after processing.
• Opportunity Data: For emails identified as potential opportunities, we store sender information, subject lines, a short body preview (approximately 300 characters), classification metadata, and timestamps for up to 7 days. After 7 days, these records are automatically deleted by scheduled cleanup jobs.
• Processed Email Tracking: We store hashed message IDs and related technical identifiers to prevent duplicate processing and to enforce spam-only access. These identifiers are retained while your account is active and deleted when you delete your account.
• Account Data: Account information is retained while your account is active and for a limited period afterward as needed for billing, security, and legal requirements, after which it is deleted or anonymized.
• Backups: Encrypted database backups and server snapshots are retained for approximately 7 days by our hosting provider before being automatically rotated and overwritten.
• Logs: Application and system logs are retained based on disk and rotation policies, typically around 30 days, after which they are overwritten.

When you delete your account, we delete your opportunities, email connection data, and processed email identifiers from our active systems without undue delay (typically within seconds), and any remaining copies in backups are overwritten within the backup retention window.

6. Your Rights and Choices

6.1 Access and Control

• View Data: Access all detected opportunities in your dashboard
• Delete Opportunities: Remove individual opportunities anytime
• Disconnect Email: Revoke access to your email account instantly
• Export Data: Download your opportunity data
• Delete Account: Permanently delete your account and all associated data

6.2 Email Access Control

• You can revoke email access at any time through your account settings
• You can also revoke access through Google or Microsoft account settings
• Revoking access immediately stops all email scanning

6.3 Communication Preferences

• Opt out of marketing emails (service emails still required)
• Control notification frequency and types

6.4 GDPR Compliance (European Users)

• Legal Basis: We process email data based on legitimate interest (spam opportunity detection) and your explicit consent
• Data Minimization: We only store data necessary for a 7-day quality control period
• Right to Erasure: All opportunity data automatically deleted after 7 days
• Data Processing Agreement: Available upon request for business accounts
• Cross-Border Transfers: EU user data processed with appropriate safeguards

7. Google API Services User Data Policy

Found Opportunity's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the minimum Gmail API scopes necessary (gmail.readonly)
• Gmail data is used solely to provide opportunity detection services
• Gmail data is not transferred to third parties except as required for service operations
• Gmail data is not used for serving advertisements
• Human review of Gmail data occurs only with explicit user consent or for security/legal purposes
• We only read messages from your Gmail SPAM label and do not read your Inbox, Sent, Drafts, or other folders
• We use read-only Gmail API scopes and do not send, delete, move, or modify your emails

8. Microsoft Data Usage

For Outlook/Microsoft 365 accounts, we access only the permissions you explicitly grant using read-only Microsoft Graph API scopes. We only read messages from folders named "Junk Email" or "Junk" and do not read your Inbox, Sent Items, Drafts, Deleted Items, or other folders. We do not send, delete, move, or modify your emails. You can revoke access at any time through your Microsoft account settings or within our application, which immediately stops all email scanning.

9. Children's Privacy

Found Opportunity is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover we have collected information from a child, we will delete it immediately.

10. International Data Transfers

Your data may be processed in the United States of America. If you are located outside this region, your data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination for exercising your rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under GDPR:

• Right of access to your personal data
• Right to rectification of incorrect data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Email notification to your registered address
• Prominent notice on our website
• In-app notification upon login

Continued use of Found Opportunity after changes constitutes acceptance of the updated policy.

14. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data:

• Found Opportunity
• Email: privacy@foundopportunity.com
• Address: PO Box 727, Wainscott, NY 11975
• Website: www.foundopportunity.com

We will respond to all requests within 30 days.