Privacy Policy

Overrule ("we", "our", or "us") provides a tool for managing Microsoft Outlook email rules. This Privacy Policy explains what information we collect when you use Overrule, how we use it, and the choices you have.

By using Overrule, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

We collect the following categories of information:

• Account information — Your name, email address, and Microsoft tenant ID, obtained through Microsoft sign-in.
• Mailbox rules — The names, conditions, actions, and ordering of your Outlook inbox rules, retrieved via the Microsoft Graph API.
• Mail folder names — The names of your mail folders, used to display human-readable folder names in the rule editor.
• Organizational annotations — Groups and labels you create within Overrule to organize your rules. These exist only in Overrule and are not written back to Outlook.

Overrule does not access, read, or store the content of any email messages.

Overrule requests the following Microsoft Graph API permissions when you sign in:

• MailboxSettings.ReadWrite — To read your inbox rules and apply changes you request, such as toggling, reordering, or deleting rules.
• Mail.ReadBasic — Used solely to retrieve the names of your mail folders for display in the rule editor. This permission does not grant access to message content.
• People.Read — To provide contact autocomplete when creating or editing rule conditions that reference senders or recipients.
• offline_access — To maintain your session without requiring you to sign in again during a single working session.

You can revoke these permissions at any time through your Microsoft account settings at myapps.microsoft.com. Revoking access will prevent Overrule from functioning.

We use the information we collect solely to provide the Overrule service:

• To authenticate you and associate your data with your account.
• To display, search, filter, and organize your Outlook rules within the application.
• To detect potentially conflicting or unreachable rules using static analysis.
• To apply changes you explicitly request — such as enabling, disabling, reordering, or deleting rules — by calling the Microsoft Graph API on your behalf.
• To store organizational annotations (groups and labels) you create within Overrule.

We do not sell your data, use it for advertising, or share it with third parties for marketing purposes.

Your rule data is cached in a PostgreSQL database to support features such as search, grouping, and conflict detection. This cache is synchronized with Microsoft Graph and treated as a mirror — Microsoft Outlook remains the authoritative source of truth for your rules.

We use industry-standard practices to protect your data, including encrypted connections (TLS) for data in transit and access controls on our database infrastructure. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

We retain your account and rule data for as long as your account is active. Rule data in our cache is updated each time you sync with Outlook and soft-deleted when rules are removed from your mailbox.

If you would like your data deleted, please contact us using the information in the Contact section below. We will remove your account and associated data within a reasonable time.

Overrule uses the following third-party services:

• Microsoft Azure AD — For authentication and access to the Microsoft Graph API.
• Sentry — For error monitoring. Sentry may receive error context including stack traces and session metadata. It does not receive the content of your rules or emails.
• Stripe — For payment processing, if and when paid plans are introduced. Stripe handles all payment information directly and we do not store card details.

Each of these services has its own privacy policy governing how they handle data.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Withdraw consent for data processing, where consent is the legal basis.

To exercise any of these rights, please contact us using the information below. We will respond within a reasonable timeframe.

We may update this Privacy Policy from time to time. When we do, we will revise the date at the top of this page. Continued use of Overrule after changes are posted constitutes your acceptance of the revised policy.

For significant changes, we will make reasonable efforts to notify you directly, such as by displaying a notice within the application.

If you have questions about this Privacy Policy or would like to exercise your data rights, please contact us at:

support@overruleinbox.com