Privacy Policy

SigMint adds one labeled sponsored line to your email signature and counts clicks on your link. To do that we need remarkably little: your Google account identity, your signature settings, and anonymized click events. We never read email content — ours, yours, or anyone's — and we don't sell data to anyone.

Account identity. When you sign in with Google we receive your name, email address, and Google account identifier.

Signature settings. With your permission, we read and update the signature in your Gmail send-as settings. We store your original signature (so we can restore it exactly) and the sponsored line we wrote. This is the only Gmail data SigMint touches: the permission we request cannot read your email messages, and we would not use it if it could.

Access tokens. The credential Google gives us to update your signature is stored encrypted and is deleted when you disconnect Gmail.

Click activity on your links. For each click: time, browser type, referring site, and a one-way cryptographic hash of the visitor's IP address used to filter duplicates and bots. We never store raw IP addresses.

SigMint's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You were counted, not identified. We log the click (time, browser type, referrer, and a hash of your IP that cannot be reversed), then forward you to the advertiser's site. We set no cookies on you, build no profile of you, and have no idea who you are. What the advertiser's own site collects once you arrive is governed by their privacy policy, not ours.

One cookie, for signed-in account holders, to keep you signed in. No advertising cookies, no third-party analytics, nothing on recipients who click links.

We use the data above to operate the service: writing your signature, attributing clicks to your links, calculating earnings, and detecting fraud. We share it only with the infrastructure that runs the service (our hosting provider) and, for click attribution, affiliate networks receive a random click identifier — never your name, email, or any recipient information. We do not sell personal information.

Disconnecting Gmail restores your signature and immediately deletes the stored access credential. Click and earnings records are retained as business records of commissions owed. To delete your account and associated personal data, email us at the address below.

All traffic is encrypted in transit (HTTPS). Access credentials are encrypted at rest. IP addresses are hashed before storage.

If this policy changes materially, we'll update this page and the date above. Questions or requests: support@sigmint.io.