Coldblock

Privacy Policy

Last updated: March 30, 2026

1. What Coldblock does

Coldblock is an email filtering service that detects and quarantines AI-generated cold outreach emails from your Gmail inbox. It connects to your Gmail account via Google OAuth and analyzes incoming emails to classify them as legitimate or cold outreach.

2. Data we collect

When you sign in with Google, we store:

  • Account information: your name, email address, and profile picture from Google.
  • OAuth tokens: access and refresh tokens to interact with the Gmail API on your behalf.
  • Email metadata: sender address, subject line, and classification results (score, reasons) for each analyzed email.
  • Settings: your filtering preferences, whitelist entries, and digest preferences.

We do not store full email bodies. Email content is analyzed in memory during classification and discarded immediately after.

3. How we process emails

The vast majority of email classification happens through rule-based analysis that runs entirely on our server:

  • Header analysis (35%): checks email headers for outreach platform signatures. No email content leaves the server.
  • Domain analysis (15%): looks up sender domain age and patterns. No email content is shared.
  • Content analysis (30%): regex pattern matching against known outreach templates. Runs locally on the server.
  • AI analysis (20%): only triggered when the above stages are inconclusive. When it runs, only the sender name, subject line, and a short body snippet (first ~500 words) are sent to Anthropic's API for analysis. Full email threads, attachments, and personal details are never sent.

Over 80% of cold outreach is caught by the first three stages without AI involvement.

4. Sub-processors

We use the following third-party services to operate Coldblock:

  • Google (Gmail API): to read your emails, apply labels, and move messages. Governed by Google API Services User Data Policy.
  • Anthropic (Claude API): for AI-based email classification when rule-based analysis is inconclusive. Only minimal email snippets are sent. Anthropic does not use API inputs for training.
  • Resend: to send daily digest emails to your registered email address.
  • Hetzner (hosting): our servers and database are hosted in Germany, within the EU.

5. Legal basis for processing

We process your data based on your consent, provided when you sign in with Google and grant Coldblock access to your Gmail account. You can withdraw consent at any time by deleting your account.

6. Data storage and security

All data is stored in a PostgreSQL database hosted on Hetzner servers in Germany. OAuth tokens are stored encrypted at rest. We do not transfer your data outside the EU for storage. Sub-processor API calls (Anthropic, Resend) may be processed outside the EU, but only minimal data is shared as described above.

7. Data retention

Email classification records are kept for as long as your account is active. When you delete your account, all associated data (classification records, whitelist entries, settings, and OAuth tokens) is permanently deleted immediately.

8. Your rights

Under the GDPR, you have the right to:

  • Access your data — view your classification history and settings in the dashboard.
  • Delete your data — delete your account from the Settings page. This permanently removes all your data.
  • Rectify your data — correct false positives via the quarantine page or digest emails.
  • Object to processing — disable filtering or delete your account at any time.
  • Portability — contact us to receive a copy of your data.

9. Cookies and tracking

Coldblock uses only essential session cookies for authentication. We do not use analytics, advertising cookies, or any third-party tracking software.

10. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@kumpan.se.