Privacy policy

Last updated:

Feb 3, 2026

This Privacy Policy explains how Optilake (“we”, “us”) collects, uses, and protects personal data when you visit our website or use Mailwise (the “Service”).

1) Who we are

Controller: Optilake
Email: privacy.mailwise@optilake.com

If you connect a work mailbox owned by your organisation, your organisation may be the controller for that mailbox data. In many business contexts, we act as a processor on behalf of the organisation when providing the Service.

2) What personal data we collect

A) Website and pilot form data

When you use our website or submit a pilot request, we may collect:

  • Name, work email, company name, role

  • Your selected email provider (e.g., Google/Microsoft)

  • Your preferred alert channel (e.g., WhatsApp/Slack)

  • Any message you submit (e.g., “biggest issue”)

  • Technical data (IP address, device/browser type, referral source, basic analytics)

B) Account and configuration data (once you onboard)

If you create an account and use the Service, we may collect:

  • Account identifiers and login/security events

  • Mailbox configuration (e.g., inboxes selected, alert settings)

  • Service usage data (e.g., alert/digest delivery timestamps)

  • Support communications

C) Email data (content minimisation)

Mailwise may temporarily process email bodies to detect risk and generate alerts. We don’t store full email bodies long-term — they’re deleted after processing.

To operate the Service, we store only minimal outputs needed for alerts/digests and auditing, such as:

  • Risk level/score (e.g., High/Medium)

  • Matched signal categories (e.g., chargeback, cancellation, legal)

  • Timestamps and mailbox identifiers

  • A link to view the email in your email provider (where supported)

3) How we use personal data

We use personal data to:

  • Respond to pilot requests and manage invitations

  • Provide and maintain the Service (risk detection, alerts, daily digests)

  • Prevent spam, fraud, abuse, and security incidents

  • Provide customer support and communicate operational updates

  • Improve our product and website performance

4) Legal bases for processing (UK GDPR)

Depending on the context, we rely on:

  • Legitimate interests: operating, securing, and improving the Service; responding to enquiries; preventing abuse

  • Contract: providing the Service once you sign up or enter a pilot/paid arrangement

  • Consent: where required (e.g., non-essential cookies, optional marketing)

You can object to processing based on legitimate interests in certain circumstances (see “Your rights”).

5) Sharing personal data

We may share personal data with trusted service providers (“processors”) who help us operate the Service (e.g., hosting, databases, analytics, messaging delivery, customer support tooling). We require appropriate contractual protections and limit access on a need-to-know basis.

We do not sell personal data.

Sub-processors: We may publish an up-to-date list of key sub-processors on request or within our customer documentation.

6) International data transfers

Some service providers may process data outside the UK. Where applicable, we use appropriate safeguards (such as UK addendum/standard contractual clauses) and vendor assessments.

7) Data retention

We keep personal data only as long as needed for the purposes described above:

  • Pilot/waitlist data: retained to run the pilot and follow up. If you are not accepted or do not proceed, we delete or anonymise your data within a reasonable period (e.g., within 90 days), unless we need to keep it for legal or security reasons.

  • Account/service data: retained for the duration of your use of the Service, and for a limited period afterwards for security, dispute resolution, and compliance.

  • Temporary email processing: full email bodies are processed transiently for classification and are deleted after processing (not stored long-term in our database by default).

8) Security

We use reasonable technical and organisational measures designed to protect personal data, including access controls and monitoring. No method of transmission or storage is completely secure, but we work to reduce risk.

9) Your rights

Subject to applicable law, you may have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion

  • Restrict processing

  • Object to processing (especially where based on legitimate interests)

  • Data portability (in certain cases)

  • Withdraw consent (where processing is based on consent)

To exercise rights, contact: privacy@[yourdomain].com

You can also complain to the UK regulator: Information Commissioner’s Office.

10) Cookies and analytics

We may use cookies and similar technologies for:

  • Essential functionality and security

  • Analytics to understand site usage and improve performance

Where required, we will request consent for non-essential cookies. You can manage cookies via your browser settings.

11) Changes to this policy

We may update this Privacy Policy from time to time.