Outtake VerifyOuttake Verify

Privacy Policy

Last updated: 23 June 2025

  1. 1. Who We Are
  2. 2. Scope
  3. 3. Information We Collect
  4. 4. How We Use Personal Data
  5. 5. Legal Bases (GDPR)
  6. 6. Disclosure to Third Parties
  7. 7. International Transfers
  8. 8. Google API Services Compliance
  9. 9. Data Security
  10. 10. Data Retention
  11. 11. Your Rights
  12. 12. Cookies & Similar Technologies
  13. 13. Children's Privacy
  14. 14. Third-Party Links
  15. 15. Changes to This Policy
  16. 16. Contact & Complaints

1. Who We Are

Outtake Inc. ("Outtake," "we," "our," "us") provides Outtake Verify—a Chrome extension, web application (verify.outtake.ai), and supporting backend that let users cryptographically sign Gmail® emails and verify those signatures.

Data Controller: Outtake Inc., 10 Grand St, Brooklyn, NY, 11211. (privacy@outtake.ai)

2. Scope

This Privacy Policy applies when you install or use the Outtake Verify Chrome extension ("Extension"), visit verify.outtake.ai ("Web App"), or otherwise interact with our services (collectively, the "Service"). By using the Service, you agree to this Policy.

3. Information We Collect

CategoryExamplesSourcePurpose / Lawful Basis
Account DataEmail address, name, profile photo, organisation, role.You / SSO / IdP.Contract - account creation & fraud prevention.
Email DataEmail drafts (to send) and email messages (to verify).Gmail API (only upon explicit user action).Contract - generate & verify signatures. We do not store raw messages or drafts or send them to our backend or other service. Raw messages are processed locally on your chrome extension, and only a hash of your signed message is ever transmitted and stored on our backend.
Signature ArtifactsPublic-key signature, verification status, timestamps.Generated by our verification providers, like World ID.Contract - display authenticity to recipients.
Security & LogsIP address, user-agent, sign-in history, audit logs.Automatic.Legitimate Interest & Legal Obligation - detect abuse, security.
PreferencesTheme, sidebar state, language.First-party cookies / localStorage.Legitimate Interest - improve UX.

We do not store raw email bodies, drafts, private keys, or biometric templates.

4. How We Use Personal Data

  • Provide, maintain, and improve the Service
  • Authenticate users and secure the platform
  • Display signature validity
  • Comply with legal obligations

We do not sell personal data.

5. Legal Bases (GDPR)

Contract, Legitimate Interests, Consent, and Legal Obligation as detailed in the full policy text.

6. Disclosure to Third Parties

We share data only with vetted service providers, your enterprise admin (if applicable), or competent authorities when legally required.

7. International Transfers

Transfers outside the EEA/UK rely on SCCs or equivalent safeguards with supplementary encryption measures.

8. Google API Services Compliance

The Extension complies with Google's Limited-Use requirements and processes Gmail data locally, never transmitting message content to our servers.

9. Data Security

  • Annual SOC 2 Type II.
  • Third-party pentests.
  • TLS 1.3 for data in transit, AES-256 at rest.

10. Data Retention

Data CategoryRetention Policy
Account & Signature RecordsWhile account is active.
Support Tickets and FeedbackWhile account is active.
Audit & Security Logs12 months (or longer for investigations).

11. Your Rights

JurisdictionRights
EEA & UK (GDPR)Access, rectification, erasure, restriction, objection, portability, withdraw consent, complain to DPA
California (CPRA)Know, delete, correct, opt-out of sale/share, limit sensitive data use, no retaliation
VA / CO / CT / UTAccess, correct, delete, portability, opt-out of targeted ads or profiling

To exercise any right, email privacy@outtake.ai. We will respond within statutory timelines.

12. Cookies & Similar Technologies

CookiePurposeExpiry
Outtake Session TokensAuthentication and session management.1 day to 1 year (rolling).
Outtake UI StatesProvide a personalized user experience.1 year.

13. Children's Privacy

Outtake Verify is not directed to children under 13. We do not knowingly collect such data.

15. Changes to This Policy

We will notify users of material changes via in-product banners and email with 30-days' notice when required.

16. Contact & Complaints

Questions? Email privacy@outtake.ai.