arrow_back Back to home
Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy describes how mountsite.be collects, uses, and protects your personal information when you use our AI-powered email automation service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Belgian data protection law.

1. Who We Are

MountSite, operating under the domain mountsite.be, is an AI-powered email automation service for professionals. As the entity responsible for this service is in the process of formal registration, users may direct all privacy-related inquiries through the contact form on our website at mountsite.be/contact.html.

2. What Data We Collect

Account data

When you register for an account, we collect your name, email address, and professional details such as your profession and company name. This information is necessary to provide the service.

Calendar data

With your explicit permission, MountSite accesses your calendar to check availability slots. We only read availability (free/busy) information — we never read the content of your calendar events.

Email metadata and content

To provide email summarisation and reply drafting, MountSite accesses your email inbox. This includes:

  • Email metadata: sender address, subject line, timestamp — stored temporarily for session processing
  • Email content: the body of emails is processed in memory by our AI systems and immediately discarded — it is never stored permanently on our servers

Payment data

All payment processing is handled entirely by Stripe, Inc. (PCI DSS Level 1 certified). We never see or store your card number, CVV, or other sensitive payment credentials. We retain only the subscription status and Stripe customer identifier required to manage your account.

Usage data

We collect anonymised information about how you use MountSite, including features accessed and session duration, to improve the service. This data does not identify you individually.

3. How We Use Your Data

  • To provide and operate the email automation service
  • To check calendar availability on your behalf
  • To send WhatsApp notifications about incoming emails and suggested actions
  • To process your subscription payments via Stripe
  • To communicate important service updates and policy changes

We never sell your data to third parties. We never use your email content or personal data to train AI models.

4. Where Your Data Is Stored

  • Account and subscription data is stored in our Supabase database hosted on European infrastructure
  • AI processing is performed via the Anthropic API with a zero data retention policy enabled — Anthropic does not store or log processed content
  • Payment data is stored and processed by Stripe on their PCI-compliant infrastructure
  • No personal data is transferred outside the European Economic Area without appropriate safeguards

5. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the data we hold about you
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data ("right to be forgotten")
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing of your data for specific purposes
  • Right to restrict processing: request that we limit how we use your data

To exercise any of these rights, please use the contact form on our website. We will respond within 30 days.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) at www.dataprotectionauthority.be.

6. Data Retention

  • Account data: retained for the duration of your subscription, plus 90 days after cancellation to allow reactivation
  • Email content: never stored — processed in memory only and discarded immediately after each operation
  • Payment records: retained for 7 years as required by Belgian accounting and tax law
  • Usage analytics: anonymised data retained for up to 24 months

7. Cookies

We use only essential cookies that are strictly necessary for the service to function:

  • Authentication session cookies — required to keep you logged in
  • CSRF protection tokens — required for security

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can manage your cookie preferences at any time by clicking "Cookie Settings" in the footer.

8. Third-Party Services

MountSite integrates with the following third-party services to deliver the product:

  • Stripe — payment processing (PCI DSS compliant)
  • Anthropic — AI processing with zero-retention policy
  • Supabase — database and authentication infrastructure
  • Meta (WhatsApp Business API) — notification delivery

Each of these providers operates under their own data processing agreements and privacy policies. We have data processing agreements in place with all sub-processors where required by GDPR Article 28.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify all registered users by email of any material changes at least 30 days before they take effect. The date at the top of this page indicates when the policy was last revised.

10. Contact

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please use the contact form on our website. We aim to respond to all privacy inquiries within 5 business days.

gavel Terms of Service verified_user GDPR Compliance mail Contact Us