Privacy Policy
Last updated: March 2026
1. Information We Collect
We collect information you provide when creating an account (email address, name, account slug) and information generated through your use of the Service (email messages, API logs, usage metrics). We also collect IP addresses for rate limiting and security purposes.
2. How We Use Your Information
We use your information to provide and improve the Service, enforce rate limits and acceptable use policies, send transactional emails (password resets, account notifications), and respond to support requests.
3. Email Content
Email messages sent and received through the Service are stored in our database and object storage infrastructure. We do not read, analyze, or use the content of your emails for advertising or any purpose beyond providing the Service. Email content is accessible only to the account holder via the API.
4. Data Storage and Security
Your data is stored on secured infrastructure. API keys are hashed with SHA-256 before storage — we cannot retrieve your raw API key after creation. Webhook payloads are signed with HMAC-SHA256. Attachments are stored in encrypted object storage.
5. Data Sharing
We do not sell your personal information to third parties. We may share your information only in the following circumstances: with third-party service providers who assist in operating the Service (see section 6), when required by law or to comply with legal process, or in connection with a merger, acquisition, or sale of assets, in which case you will be notified of any change in ownership or use of your personal information.
6. Third-Party Services
We use the following third-party services: Stripe for payment processing, AWS SES for outbound email delivery, and Cloudflare R2 for attachment storage. Each operates under their own privacy policies.
7. Data Retention
Account data is retained as long as your account is active. Email messages are retained indefinitely in our database unless you delete them via the API. Messages are purged from the mail server 7 days after processing. You may request deletion of your account and all associated data at any time.
8. Your Rights
You have the right to access, correct, or delete your personal data. You may restrict or object to the processing of your data, and you have the right to data portability. You may export your data via the API at any time. To request account deletion or exercise any of these rights, contact us at the address below.
9. Cookies
We use session cookies for authentication on the dashboard. We do not use tracking cookies or third-party analytics on our marketing pages.
10. Children's Privacy
The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service.
13. Contact
For privacy-related questions, contact us at [email protected].