Privacy Policy

Last Updated: December 30, 2025

1. Introduction

Found Opportunity ("we," "our," or "us") operates www.foundopportunity.com and provides two services:

• Found Opportunity ("FO"): email analysis designed to identify legitimate business opportunities that were misfiled into spam/junk.
• OWL ("On-call Watch List"): a rule-based VIP alert service that checks newly received Inbox messages against rules you configure (e.g., senders, domains, keywords, threads) and can send push alerts when a message matches.

FO and OWL are referred to collectively in this Privacy Policy as the "Services." Where a term or clause applies to only one Service, we label it (FO only) or (OWL only).

This Privacy Policy explains how we collect, use, protect, and handle your information.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and authentication information used to access the Services (for example, encrypted/hashed credentials or magic-link verification tokens).
• Email Connection: Email address and OAuth access tokens for Gmail or Outlook/Microsoft 365 (read-only scopes).
• Service Settings (FO only): Preferences related to opportunity detection (such as categories, notification preferences, and account configuration).
• Service Settings (OWL only): VIP rules you configure (e.g., senders, domains, keywords, threads), on-call/quiet-hour preferences, and alert preferences.
• Profile Information: Optional company name, industry, and preferences.

2.2 Information We Access from Your Email

When you connect your email account, we access only the data you authorize via OAuth and use read-only scopes. What we access depends on which Service you use:

(FO only) Found Opportunity (spam/junk opportunity detection)

Found Opportunity only accesses messages in your spam or junk folder and only with your explicit permission.

• Email Content (from spam/junk folders only): Subject lines, sender information, a short preview of the email body (approximately 300 characters), and dates for emails that appear to be legitimate opportunities. Full email bodies are processed in memory for analysis and are not stored.
• Email Metadata (for validation and security): Technical identifiers such as message IDs, folder/label names (to confirm the message is in spam/junk), and timestamps. We do not store read/unread status or full header data beyond what is needed for opportunity detection and security checks.
• Scope of Access:
  • Gmail: We only read messages from the SPAM label using read-only Gmail API scopes.
  • Outlook/Microsoft 365: We only read messages from folders named "Junk Email" or "Junk" using read-only Microsoft Graph API scopes.
  • We do not read Inbox, Sent, Drafts, Trash, or any other folders.
• Data Retention: Opportunity details (sender, subject, body preview, and classification metadata) are stored for up to 7 days and then automatically deleted.

(OWL only) OWL (VIP rules and alerts)

OWL checks newly received messages in your Inbox against the VIP rules you define (such as specific senders, domains, keywords, or threads) and can send push alerts when a message matches.

• Email Content (Inbox only, as needed to provide OWL): Sender, recipients, subject, timestamps, thread/conversation identifiers, and the portion of the message body needed to evaluate your rules and show Alert Details for matching messages (up to 10,000 characters).
• Email Metadata (for reliability and security): Technical identifiers such as message IDs, folder/label identifiers, and timestamps to prevent duplicate processing, support synchronization, and protect against abuse.
• No historical scanning: OWL is designed to evaluate newly received Inbox messages as they arrive; it does not scan your historical Inbox to generate alerts.
• Scope of Access (Inbox only):
  • Gmail: We only read newly received messages with the INBOX label using read-only Gmail API scopes.
  • Outlook/Microsoft 365: We only read newly received messages from the "Inbox" folder using read-only Microsoft Graph API scopes.
  • OWL does not read Sent, Drafts, Trash/Deleted Items, Spam/Junk, or any other folders.
• Email Actions: OWL does not send, delete, move, or modify your emails.
• Data Retention: OWL stores Alert Details content and related alert records for up to 7 days and then automatically deletes them.

2.3 Automatically Collected Information

• Usage Data: Features used, login times, interaction patterns
• Technical Data: IP address, browser type, device information, operating system
• Cookies: Session cookies for authentication and functionality
• Mobile App Data: Device type, operating system version, push notification tokens, and app version when using our mobile application

3. How We Use Your Information

3.1 Email Processing

• (FO only) Analyze email content from your spam/junk folders to identify business opportunities (e.g., leads, referrals, partnership requests) that were misfiled as spam.
• (FO only) Categorize and rank opportunities by relevance and priority; extract key information (sender details, opportunity type, urgency); and present results in your dashboard.
• (OWL only) Evaluate newly received Inbox messages against your OWL VIP rules to determine whether a message matches and whether to generate an alert.
• (OWL only) Display and deliver alert records and Alert Details for matching messages.

3.2 Service Operations

• (Both) Provide and maintain the Services
• (Both) Send service-related notifications (account/security updates, operational notices)
• (FO only) Improve our opportunity detection logic and analyze detection accuracy during a 7-day quality-control window before automatic deletion
• (OWL only) Improve rule-matching reliability and alert delivery behavior (e.g., deduplication and timing)
• (Both) Provide customer support
• (Both) Detect and prevent fraud or abuse

3.3 AI Processing

(FO only) We use Anthropic's Claude AI to analyze email content. Email data sent to Anthropic for processing:

• Is processed in real-time and not stored by Anthropic
• Is not used to train AI models
• Is transmitted securely via encrypted connections
• Complies with Anthropic's data processing terms

(OWL only) OWL does not use Anthropic or any other large language model (LLM) providers. OWL performs rule-based matching against the VIP rules you configure.

4. How We Share Your Information

We do NOT sell, rent, or trade your email data or personal information.

4.1 Service Providers

We share data with trusted third-party providers who help us operate and secure the Services. These providers only receive the minimum data needed to perform their functions and are not allowed to use it for their own purposes:

• Anthropic (Claude AI) (FO only): Email content analysis for spam/junk emails. Data is processed in real time, not stored by Anthropic, and not used to train AI models.
• DigitalOcean (Both): Cloud hosting, managed PostgreSQL database, and encrypted backups for application data (including FO opportunity records and OWL alert records).
• SendGrid (Both): Transactional email delivery (for example: magic-link sign-in, account/security emails, and service notifications).
• Stripe (Both): Subscription and payment processing. We do not store full payment card numbers; this information is handled directly by Stripe.
• Apple Push Notification Service (APNs) (OWL only): Push notification delivery to iOS devices. APNs processes device push tokens and the notification payload needed to deliver alerts.
• Google Firebase Cloud Messaging (FCM) (OWL only): Push notification delivery to Android devices. FCM processes device push tokens and the notification payload needed to deliver alerts.
• Namecheap (Both): Domain registration and DNS hosting, which may involve processing website and DNS logs (such as visitor IP addresses and user agents).
• UptimeRobot (Both): Uptime and health monitoring of our public endpoints (URL checks and basic status information).
• Intruder.io (Both): External vulnerability scanning and security assessments of our production environment.
• Google (Both): Gmail OAuth authentication and access to emails (using read-only scopes), and distribution of our Android mobile app via Google Play Store.
• Microsoft (Both): Outlook/Microsoft 365 OAuth authentication and access to email folders (using read-only scopes).
• Apple (Both): Distribution of our iOS mobile app via the Apple App Store and push notification delivery via Apple Push Notification Service (APNs).

We do NOT sell, rent, or trade your email data or personal information.

4.2 Legal Requirements

We may disclose information if required by law, court order, or to:

• Comply with legal obligations
• Protect our rights or property
• Prevent fraud or security issues
• Protect user safety

4.3 Business Transfers

If Found Opportunity is acquired or merged, your information may be transferred to the new entity. We will notify you before this occurs.

5. Data Security

5.1 Security Measures

• Encryption: All data transmitted using TLS/SSL encryption
• Access Controls: Strict internal access policies and authentication
• OAuth Security: We never store your email password - only secure OAuth tokens
• Database Security: Encrypted database storage with access logging
• Regular Audits: Security reviews and vulnerability testing
• Vulnerability Scanning: Continuous external vulnerability scanning of our production environment through a third-party provider
• Security Assessments: Independent security assessments (including Google's CASA Tier 2 program) with tracked remediation of identified issues
• Administrative Security: Strong authentication and 2FA required for administrative access to our infrastructure and code repositories

5.2 Data Retention

We retain your data only for as long as necessary to provide the service, meet legal obligations, and maintain security:

• Email Content (full bodies): Full email bodies from your spam/junk folders are processed in real time for analysis and are not stored after processing.
• Opportunity Data: For emails identified as potential opportunities, we store sender information, subject lines, a short body preview (approximately 300 characters), classification metadata, and timestamps for up to 7 days. After 7 days, these records are automatically deleted by scheduled cleanup jobs.
• Processed Email Tracking: We store hashed message IDs and related technical identifiers to prevent duplicate processing and to enforce spam-only access. These identifiers are retained while your account is active and deleted when you delete your account.
• Account Data: Account information is retained while your account is active and for a limited period afterward as needed for billing, security, and legal requirements, after which it is deleted or anonymized.
• Backups: Encrypted database backups and server snapshots are retained for approximately 7 days by our hosting provider before being automatically rotated and overwritten.
• Logs: Application and system logs are retained based on disk and rotation policies, typically around 30 days, after which they are overwritten.

OWL:

• Alert Records and Alert Details: For messages in your Inbox that match your OWL VIP rules, we store alert records (such as the matching rule, sender, subject, timestamps, and related identifiers) and Alert Details content (up to 10,000 characters from matching emails) for up to 7 days, after which they are automatically deleted.
• Processed Email Tracking: We may store hashed message IDs and related technical identifiers to prevent duplicate processing and to support synchronization and security. These identifiers are retained while your account is active and deleted when you delete your account.

When you delete your account, we delete your opportunities, email connection data, and processed email identifiers from our active systems without undue delay (typically within seconds), and any remaining copies in backups are overwritten within the backup retention window.

6. Your Rights and Choices

6.1 Access and Control

• View Data: Access detected opportunities (FO) and alerts (OWL) in your dashboard
• Delete Records: Remove individual opportunities (FO) or alerts (OWL) anytime
• Disconnect Email: Revoke access to your email account instantly
• Export Data: Download your opportunity/alert records
• Delete Account: Permanently delete your account and all associated data

6.2 Email Access Control

• You can revoke email access at any time through your account settings
• You can also revoke access through Google or Microsoft account settings
• Revoking access immediately stops all email scanning

6.3 Communication Preferences

• Opt out of marketing emails (service emails still required)
• Control notification frequency and types

6.4 GDPR Compliance (European Users)

• Legal Basis: We process email data based on legitimate interest (spam opportunity detection) and your explicit consent
• Data Minimization: We only store data necessary for a 7-day quality control period
• Right to Erasure: All opportunity data automatically deleted after 7 days
• Data Processing Agreement: Available upon request for business accounts
• Cross-Border Transfers: EU user data processed with appropriate safeguards

7. Google API Services User Data Policy

Found Opportunity's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the minimum Gmail API scopes necessary (gmail.readonly)
• Gmail data is used solely to provide opportunity detection services
• Gmail data is not transferred to third parties except as required for service operations
• Gmail data is not used for serving advertisements
• Human review of Gmail data occurs only with explicit user consent or for security/legal purposes
• Service-specific Gmail access:
  • Found Opportunity: We only read messages from your Gmail SPAM label and do not read your Inbox, Sent, Drafts, or other folders for Found Opportunity.
  • OWL: We only read newly received messages with your Gmail INBOX label to check for VIP-rule matches and deliver alerts, using read-only Gmail API scopes.
• We use read-only Gmail API scopes and do not send, delete, move, or modify your emails

8. Microsoft Data Usage

For Outlook/Microsoft 365 accounts, we access only the permissions you explicitly grant using read-only Microsoft Graph API scopes.

Service-specific Microsoft access:

• Found Opportunity: We only read messages from folders named "Junk Email" or "Junk" and do not read your Inbox, Sent Items, Drafts, Deleted Items, or other folders for Found Opportunity.
• OWL: We only read newly received messages from your "Inbox" folder to check for VIP-rule matches and deliver alerts, using read-only Microsoft Graph API scopes.

We do not send, delete, move, or modify your emails. You can revoke access at any time through your Microsoft account settings or within our application, which immediately stops all email scanning.

9. Children's Privacy

Found Opportunity is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover we have collected information from a child, we will delete it immediately.

10. International Data Transfers

Your data may be processed in the United States of America. If you are located outside this region, your data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination for exercising your rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under GDPR:

• Right of access to your personal data
• Right to rectification of incorrect data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Email notification to your registered address
• Prominent notice on our website
• In-app notification upon login

Continued use of Found Opportunity after changes constitutes acceptance of the updated policy.

14. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data:

• Found Opportunity
• Email: privacy@foundopportunity.com
• Address: PO Box 727, Wainscott, NY 11975
• Website: www.foundopportunity.com

We will respond to all requests within 30 days.