Privacy Policy

1. Introduction

Keylink IT ("we", "us", or "our") operates the Keylink IT Console (console.keylinkit.com). This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

Account Information

When you create an account, we collect your email address and display name. If you sign up with a password, it is stored using industry-standard hashing and is never stored in plain text.

Email Data

When you connect an email account (Gmail, Microsoft 365, or Yahoo) for our Email Security service, we access email metadata such as sender addresses, subject lines, timestamps, URLs, and attachment file names. This data is used exclusively for security analysis, including phishing detection, URL reputation checks, and attachment risk assessment.

We do not read, store, or share the full body content of your emails beyond what is necessary for security classification. Email metadata and classification results are stored securely and associated with your account.

OAuth Tokens

When you connect an email provider, we store encrypted OAuth access and refresh tokens to maintain the connection. These tokens are encrypted at rest and are used solely to access your mailbox for security scanning purposes. You can disconnect your mailbox at any time, which deletes the stored tokens.

3. How We Use Your Information

We use the information we collect to:

• Provide AI-powered email security analysis and phishing detection
• Check URLs against known threat databases
• Identify risky email attachments
• Analyze email authentication (SPF, DKIM, DMARC) for spoofing detection
• Categorize emails (safe, spam, suspicious, phishing, promotions, etc.)
• Display security results in your dashboard
• Improve our security detection capabilities

4. AI Processing

We use AI models to classify emails and detect security threats. Email metadata (sender, subject, URLs, attachment names) may be sent to AI service providers (Anthropic) for analysis. This processing is done in real-time and AI providers do not retain your data for training purposes.

5. Data Sharing

We do not sell your personal information. We may share limited data with:

• AI service providers (Anthropic) for email security classification
• URL reputation services (Google Safe Browsing, PhishTank) to check link safety
• Your managed service provider (MSP) if your account is linked to a company managed by Keylink IT

6. Data Security

We implement industry-standard security measures including:

• Encryption of OAuth tokens and API credentials at rest
• HTTPS for all data in transit
• Role-based access controls
• Regular security monitoring

7. Data Retention

Email classification results are retained for as long as your account is active. URL reputation data is cached with time-limited expiry (7 days for safe URLs, 30 days for threats). You may disconnect your mailbox at any time, which stops further scanning and removes stored OAuth tokens.

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Disconnect your email accounts at any time
• Request deletion of your account and associated data
• Provide feedback on email classifications to improve accuracy

9. Contact Us

If you have questions about this Privacy Policy, please contact us at support@keylinkit.com.