Privacy Policy

1. Overview

Warm Vanilla Inbox is a purpose-built email client for commercial real estate brokers. You connect your existing Gmail or Microsoft Outlook account, and Warm Vanilla Inbox provides a clean, deal-focused view of your email — surfacing what matters and filtering out the noise.

This Privacy Policy explains what data we collect, how we use it, and your rights as a user. By using Warm Vanilla Inbox, you agree to the practices described here. If you are using Warm Vanilla Inbox through your brokerage or firm, your organization is our customer, and your use is also governed by any agreement between Warm Vanilla Inbox LLC and that organization.

This Privacy Policy is incorporated by reference into our Terms of Service. If there is any conflict between this Policy and the Terms, the Terms govern.

2. What Data We Access and Why

Warm Vanilla Inbox connects to your Gmail or Outlook account using OAuth. We request only the permissions necessary to operate the email client. Below is a plain-English explanation of every permission we request and why.

Email — read and send

• Read your email — to display your inbox, apply deal-priority filtering, and surface emails from active clients, counterparties, and transactions. We read email content to identify CRE-relevant signals such as sender relationships, deal terminology, and urgency indicators. See Section 4 for how email content is processed, including by automated classification systems.
• Send email on your behalf — to allow you to compose and send replies directly from within Warm Vanilla Inbox. We only send emails when you explicitly initiate an action in the email client.

Calendar — read and create events

• Read your calendar — to display upcoming site tours, closings, and calls alongside relevant email threads, giving you deal context in one place.
• Create and edit calendar events — to allow you to schedule site tours, calls, and meetings directly from the email client. When applicable, this includes generating Google Meet or Microsoft Teams links.

Contacts — read only

• Read your contacts — to seed your contact graph on day one, so Warm Vanilla Inbox immediately recognizes your clients, buyers, tenants, and counterparties and can prioritize their emails correctly.

Identity

• Email address and profile — to identify you, display your name and photo within the email client, and associate your account with your Warm Vanilla Inbox session.
• Offline access / refresh tokens — to keep your account connected without requiring you to re-authenticate every session.

Account & Usage Data

• Organization or brokerage name
• Feature usage events (e.g., filters applied, tabs accessed, actions taken)
• Error logs and diagnostic data

Device & Technical Data

• Browser type and version
• IP address
• Session identifiers

3. How We Use Your Data

We use your data to:

• Operate and improve Warm Vanilla Inbox
• Apply deal-priority filtering and inbox organization within the email client
• Recognize your counterparties and prioritize emails from active clients, buyers, and tenants
• Classify incoming email into urgency categories, as described in Section 4
• Display calendar context alongside email threads
• Enable email composition, sending, and meeting scheduling from within the email client
• Send service-related communications (onboarding, updates, security notices)
• Diagnose bugs and improve reliability
• Comply with legal obligations

We do not:

• Sell your data to third parties
• Use the content of your emails to train AI or machine learning models, whether our own or those of any third party
• Use your data for advertising purposes

We may use aggregated metadata about email characteristics and your interactions with classified messages (for example, classification outcomes, whether you opened or replied to a message, whether you overrode our classification) to improve our classification systems. This metadata does not include the body content of your emails.

4. Automated Email Classification

Warm Vanilla Inbox classifies your incoming email into urgency categories (spam, noise, normal, important, urgent) using a three-tier system:

• Tier 1 examines structural features of the message, such as marketing links, unsubscribe headers, and image-to-text ratio. This processing occurs entirely on Warm Vanilla Inbox infrastructure. Email content is not sent to any third party at this tier.
• Tier 2 scans for commercial real estate vocabulary and urgency indicators using rule-based logic. This processing occurs entirely on Warm Vanilla Inbox infrastructure. Email content is not sent to any third party at this tier.
• Tier 3 applies only when Tiers 1 and 2 cannot confidently classify a message. In Tier 3, the message is processed by a third-party AI provider (currently Anthropic, using the Claude Haiku model) to produce a classification.

Limitations of redaction. No automated redaction system is perfect. Redaction may occasionally fail to remove a sensitive value, or may redact content that is not actually sensitive. Commercial real estate emails routinely contain numbers that may or may not be sensitive depending on context (prices, square footage, phone numbers, loan amounts). You should not rely on our redaction as a substitute for your own judgment about what information is appropriate to include in email.

Our agreement with Anthropic. Our commercial agreement with Anthropic prohibits the use of your email content (including redacted email content) to train Anthropic's models. Anthropic's API terms and data retention practices are published at anthropic.com/legal.

Opting out of Tier 3. If you do not want Tier 3 processing applied to your account, contact us at privacy@warmvanillainbox.com to disable it. Disabling Tier 3 will reduce classification accuracy on ambiguous messages but will not otherwise affect your ability to use Warm Vanilla Inbox.

5. Data Sharing and Subprocessors

We may share data with:

• Subprocessors — trusted vendors who help us operate Warm Vanilla Inbox, under contractual data protection obligations that include confidentiality, security requirements, and restrictions on use of your data for their own purposes (including model training). Our current subprocessors include:
  • Anthropic, PBC — AI classification (Tier 3 only, on redacted content)
  • [Cloud hosting provider] — infrastructure and data storage
  • [Analytics provider, if any] — product analytics on non-content usage data
• Your organization — if your brokerage or firm has an account with us, administrators may have access to team usage data and configuration settings. Administrators do not have access to the content of your emails.
• Legal authorities — if required by law, court order, or to protect the rights and safety of Warm Vanilla Inbox LLC or others.

We do not share your email, calendar, or contact data with any third party except as described above. We will update this list when we add or change subprocessors; material changes will be communicated in accordance with Section 13.

6. Security

We protect your data using the following measures:

• Encryption at rest. Email content stored in our database is encrypted at rest.
• Encryption in transit. All data moving between your email provider, our systems, and any subprocessor is transmitted over encrypted connections (TLS).
• Access controls. Access to production systems is limited to authorized personnel on a need-to-know basis.
• Audit logging. Administrative access to the database is recorded in an audit log.
• PII redaction. Personally identifiable information is automatically redacted before any email content is sent to a third-party AI provider, as described in Section 4.
• Regular security review. We review our security practices on a recurring basis and as our architecture evolves.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at privacy@warmvanillainbox.com.

7. Google API Data Use

Specifically:

• We do not use Google data to develop, improve, or train generalized AI or ML models
• We do not allow humans to read your email, calendar, or contact data except for security purposes, to comply with applicable law, or with your explicit permission
• We only request Google API scopes necessary to operate the features described in this policy
• Data accessed via Google APIs is used solely to provide the Warm Vanilla Inbox service to you
• Tier 3 classification uses Google data solely to produce a classification for the user who owns that data. Data is redacted before being sent to Anthropic, and Anthropic is contractually prohibited from using it for model training. We consider this use consistent with the Limited Use requirements; if Google determines otherwise, we will modify our practices to comply.

This disclosure also appears on our OAuth consent screen, which states: "Warm Vanilla Inbox's use of Google data adheres to the Google API Services User Data Policy, including the Limited Use requirements."

8. Microsoft API Data Use

Warm Vanilla Inbox's use of data accessed via Microsoft APIs — including Outlook mail, calendar, and contacts — complies with Microsoft's API Terms of Use and applicable data use policies. All limitations described above for Google data apply equally to data accessed via Microsoft 365 and Outlook. We request only the Microsoft API scopes necessary to operate the features described in this policy.

9. Data Retention

We retain your data for as long as your account is active. When you disconnect your email account or terminate use of Warm Vanilla Inbox, we will delete or anonymize your data within 30 days, unless we are required by law to retain it longer.

Redacted email content sent to Anthropic for Tier 3 classification is subject to Anthropic's retention practices, which are published at anthropic.com/legal. We do not retain copies of redacted content sent to Anthropic beyond the time needed to receive and apply the classification result.

Aggregated metadata (as described in Section 3) may be retained after account termination in a form that is no longer associated with your identity or email content.

You may request deletion of your data at any time by contacting us at privacy@warmvanillainbox.com.

10. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data
• Disconnect your Gmail or Outlook account at any time through your Google or Microsoft account settings
• Opt out of Tier 3 AI classification (see Section 4)

Depending on where you live, you may have additional rights under applicable law, including rights under the GDPR (EU/UK), CCPA/CPRA (California), and similar state privacy laws. These may include the right to data portability, the right to object to certain processing, and the right to lodge a complaint with a supervisory authority.

To exercise these rights, contact privacy@warmvanillainbox.com. We will respond within the timeframes required by applicable law.

11. International Data Transfers

Warm Vanilla Inbox LLC is located in the United States, and our subprocessors may operate in the United States or other jurisdictions. If you access Warm Vanilla Inbox from outside the United States, your data may be transferred to, stored in, and processed in the United States or other countries. Where required by law, we put appropriate safeguards in place for such transfers.

12. Children's Privacy

Warm Vanilla Inbox is a professional tool not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If we learn we have collected data from a person under 18, we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes — including changes to our subprocessors, changes to how email content is processed, or changes to your rights — via email or an in-app notice at least 14 days before the changes take effect, where practicable. Continued use of Warm Vanilla Inbox after changes take effect constitutes acceptance.

14. Contact

Questions about this Privacy Policy or our data practices:

Warm Vanilla Inbox LLC
4030 Wake Forest Road STE 349
Raleigh, NC 27609
privacy@warmvanillainbox.com
warmvanillainbox.com