Privacy Policy

• We don't sell personal data. Not now, not as a future business model. Our revenue comes from subscriptions.
• You own your data. Export it, correct it, delete it — at any time, free of charge, in machine-readable formats.
• We tell you who touches it. Our sub-processor list is public, and material changes get 30 days' notice with an opt-out window.
• AI features are opt-in for sensitive content. AI prompts never train shared models. Customer-managed keys and local model endpoints available on Enterprise.
• Data residency. EU customers can pin storage and processing inside the EU.
• Security. TLS 1.3 in transit, AES-256 at rest, quarterly key rotation, least-privilege access with full audit trail.

This Privacy Policy describes the practices of Mailapp ("Mailapp", "we", "us", or "our") in relation to the personal information we collect, use, store, share, and otherwise process when you:

• Visit our marketing websites, including mailapp.app, status.mailapp.app, docs.mailapp.app, and any sub-domain under our control;
• Create or use a Mailapp account, including all features within the product (campaigns, automations, audience, forms, analytics, AI assistant, inbox, integrations, and the customer portal);
• Communicate with us through email, support tickets, in-product chat, scheduled calls, surveys, or social channels;
• Attend a Mailapp event, webinar, partner workshop, or office tour;
• Are a recipient of an email, SMS, or notification sent through Mailapp by one of our customers (we are a Processor for that data — see Section 18).

Our two roles, side by side

Personal Information / Personal Data

Any information relating to an identified or identifiable natural person — name, email, IP address, behavioural identifier, etc.

Sensitive Personal Information

Categories given special protection by law (e.g., precise geolocation, biometric data, government IDs, health, religion, race, sexual orientation, financial account credentials).

Processing

Any operation performed on personal data — collection, storage, alteration, retrieval, disclosure, erasure.

Controller

The party that determines the purposes and means of processing.

Processor

The party that processes personal data on behalf of the Controller.

Customer

An organization or individual with a Mailapp account.

End-Recipient

An individual to whom our Customer sends communications using Mailapp.

Sub-processor

A third party Mailapp engages to help deliver the service (e.g., AWS, Cloudflare, Stripe).

Services

The Mailapp web application, APIs, SDKs, and marketing properties.

3.1 Information you provide directly

• Account information: name, work email address, password (stored as a salted Argon2id hash), workspace name, role/title, team size, country and time zone, profile photo if you upload one.
• Billing information: billing email, company legal name, postal address, VAT/Tax ID, purchase orders, signatory name. We never see or store full payment card numbers — those are tokenized by Stripe, our PCI-DSS Level 1 processor.
• Communications: messages you send to support, sales, or partnerships; survey responses; webinar registrations; signed agreements (MSA, DPA, BAA, NDA).
• Content you upload: email templates, copy, images, attachments, audience lists, automation logic, form definitions, AI prompts, brand assets, custom domains and DNS records.
• Identity verification: for fraud-sensitive accounts (high-volume sending, financial services), we may ask for business documentation. We do not retain government IDs after verification.

3.2 Information collected automatically

• Device and connection data: IP address, ASN, approximate city-level location derived from IP, device type, OS, browser, language, timezone, screen resolution.
• Product usage data: pages visited, features used, clicks, search queries, error events, performance traces, session durations, integrations connected.
• Cookies and similar technologies: session cookies, preference cookies, security cookies, analytics cookies (where consented), and a small number of essential first-party cookies. See our Cookie Policy for the full table.
• Email engagement data on your behalf: when you send through Mailapp, we record opens (with MPP-honest accounting — see Section 17), clicks, bounces, complaints, and unsubscribes. As Processor.

3.3 Information from third parties

• Single sign-on providers (Google Workspace, Microsoft Entra, Okta, SAML IdPs) — name, email, group memberships, and IdP user ID.
• Payment processor (Stripe) — billing status, last four digits of card, card brand, country of issuance, dispute and refund status.
• Public business databases for sales prospecting (e.g., Crunchbase, official company registers) — we only contact business email addresses with a legitimate-interest basis and an immediate, working unsubscribe.
• Anti-abuse providers — reputation signals on IPs, domains, and email addresses used to prevent fraud and phishing on the platform.
• Integrations you connect (Shopify, HubSpot, Segment, Salesforce, etc.) — the data they send is governed by the scopes you authorize.

3.4 Sensitive personal information

We do not intentionally collect sensitive personal information about our customers. If you choose to upload sensitive categories about your end-recipients, you do so under your responsibility as Controller. We do not use sensitive personal information for any purpose other than the one you instructed.

6.1 Sub-processors

We use a vetted list of sub-processors to deliver hosting, payment, support, monitoring, AI, and email delivery features. The complete list, with purpose and region for each, is published at /landing/subprocessors and is also exported via the DPA.

In particular, every outbound email sent through Mailapp — marketing, lifecycle, and transactional — is relayed by Amazon Simple Email Service (Amazon SES), operated by Amazon Web Services, Inc. Amazon SES receives, on a per-message basis, the recipient's email address, the message envelope (From, Reply-To, headers), and the rendered HTML and plain-text body of the message, solely to relay the message and to return delivery, bounce, and complaint signals. We consume those signals back through AWS SNS, write them to our delivery log, and apply them to a per-workspace suppression list. AWS's processing is governed by the AWS Customer Agreement, the AWS GDPR Data Processing Addendum, and the AWS Service Terms (including the SES-specific terms).

6.2 Professional advisors and acquirers

Lawyers, auditors, accountants, insurers, and bankers may receive limited personal data under confidentiality agreements. If Mailapp is involved in a merger, acquisition, financing, or reorganisation, personal data may be transferred — but only subject to a continued confidentiality obligation at least equivalent to this policy, and you will receive notice.

6.3 Authorities and legal disclosures

We disclose data only when we are legally required to (subpoena, court order, lawful warrant) or when necessary to prevent imminent harm. We push back on overbroad demands, require legal process where appropriate, and — unless legally prohibited — give you notice so you can challenge the request. We publish a semi-annual transparency report.

6.4 No sale, no behavioural-ad sharing

We do not sell personal information. We do not share personal information with third parties for cross-context behavioural advertising. Under California law (Cal. Civ. Code § 1798.140(ad)–(ah)), our practice is "no sale, no share." A clearly-titled Do Not Sell or Share My Personal Information link is provided in the footer for symmetry with California requirements, even though the answer is already "no."

• Sub-processor vetting includes encryption posture, breach history, and contract terms equivalent to the EU SCCs.
• We sign a written agreement with each sub-processor that flows down the relevant DPA obligations.
• We publish the live list at /landing/subprocessors; you can subscribe to RSS or email updates.
• Material changes (new categories of data, new region, replacement of a primary sub-processor) require at least 30 days' advance notice. If you object, you may terminate the affected service for a pro-rated refund.

Our primary data centres are located in the United States (Northern Virginia) and the European Union (Ireland). For transfers out of the EEA/UK/Switzerland we rely on:

• The EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) — Module Two for Controller-to-Processor and Module Three for Processor-to-Processor;
• The UK International Data Transfer Addendum (IDTA, version A1.0) issued by the ICO;
• The Swiss Federal Data Protection and Information Commissioner's recognition of the EU SCCs.

We perform Transfer Impact Assessments for material transfers and publish a redacted summary on request.

• Encryption in transit: TLS 1.3 for all connections, HSTS preload, modern cipher suites only.
• Encryption at rest: AES-256-GCM via AWS KMS, customer-managed keys on Enterprise.
• Key management: hardware-backed, quarterly rotation, separation of duties.
• Access controls: SSO, mandatory hardware-key MFA for all employees, just-in-time elevation with audit trail, no "break glass" accounts.
• Network: private VPCs, IDS/IPS, WAF, automated DDoS mitigation, micro-segmentation between services.
• Application security: SAST and DAST in CI, dependency-vulnerability scanning, periodic third-party penetration testing.
• Operational security: background checks for all engineers, mandatory security training quarterly, tabletop incident drills.
• Incident response: 24/7 on-call, customer notification within 72 hours for confirmed personal-data incidents.

No system is perfectly secure. If you discover a vulnerability, please report it to hello@mailapp.app or via our public bug bounty.

• Right of access — get a copy of the personal data we hold about you.
• Right to rectification — fix anything that is wrong.
• Right to erasure — delete your data when we no longer need it.
• Right to data portability — receive your data in a machine-readable format and transmit it elsewhere.
• Right to restrict — pause certain kinds of processing while a question is resolved.
• Right to object — including to direct marketing (always honoured, immediately) and to processing based on legitimate interest.
• Right to withdraw consent — at any time, without affecting the legality of prior processing.
• Right to lodge a complaint with a supervisory authority.
• Right not to be discriminated against for exercising any privacy right.

Submit any request via our Data Rights portal, or by emailing hello@mailapp.app. We will respond within 30 days (extendable by 60 days for complex requests, with notice). We will verify your identity before acting.

Categories of personal information collected in the past 12 months

Your CCPA / CPRA rights

• Right to know what we collect, use, disclose;
• Right to delete (subject to statutory exceptions);
• Right to correct;
• Right to opt out of sale or sharing — already "no" for us;
• Right to limit use of sensitive personal information — we don't collect any, so this is moot;
• Right to non-discrimination for exercising rights.

Submit a request via our Data Rights portal or by emailing hello@mailapp.app. You may authorize an agent to act on your behalf; we will verify their authority.

• How to contact us: email hello@mailapp.app for any privacy-related request — access, rectification, erasure, restriction, portability, or objection.
• Right to lodge a complaint: with your local supervisory authority. We'd appreciate the chance to resolve concerns first via hello@mailapp.app.

We've designed our processes to satisfy the substantive obligations of the major global privacy regimes. If you're outside the US, EU, or UK and want a written summary of how a specific local law applies to your account, email hello@mailapp.app with the law name and we will respond with a tailored explanation.

The Services are not directed to children under the age of 16, and we do not knowingly collect personal information from anyone under 16. If we learn that we have collected personal information from a child under 16, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact hello@mailapp.app.

We use a small number of essential first-party cookies for authentication, security, and remembering your preferences. We use first-party analytics cookies (no fingerprinting) only with your consent, where consent is required by law (EU/EEA/UK/Switzerland/Brazil/California for sensitive categories). The full inventory, including third-party tags and how to opt out, is documented in our Cookie Policy.

• No training on customer data, ever. Whether you use the default Anthropic-backed model, a regional endpoint, or your own model key, your prompts and completions are not used to train shared models. We hold contractual guarantees from each AI sub-processor to that effect, available on request.
• PII redaction default-on. Where the AI assistant is processing free-form text, we redact common PII patterns (emails, phone numbers, payment-card-shaped strings) before sending the prompt, unless you explicitly opt out per-workspace.
• Regional endpoints. EU customers can pin AI processing to an EU endpoint.
• Local model option. Enterprise customers may host the model in their own VPC; we orchestrate prompts via signed tunnels without taking custody of the content.
• Auditable. Every AI invocation is logged with prompt hash, model ID, latency, and outcome. Logs export to your SIEM if you connect one.
• MPP-honest open accounting. Apple Mail Privacy Protection prefetches images, inflating opens. We separate real opens from prefetches and label them in analytics so AI features and human decisions aren't fooled.

When one of our Customers sends an email, SMS, or notification through Mailapp, that Customer is the Controller of the data they uploaded about you. Mailapp acts as a Processor and processes only on the Customer's documented instructions, under the terms of our Data Processing Agreement.

Every commercial email sent via Mailapp contains a clear, one-click unsubscribe link (per CAN-SPAM, CASL, GDPR, and the Yahoo/Google 2024 bulk-sender requirements). The unsubscribe is honoured at the platform level — even if the Customer hasn't configured a suppression list — and a global suppression list ensures the sender cannot re-add you.

If you cannot identify the sender, or you believe a message you received violated our Anti-Spam Policy, report it to hello@mailapp.app. We investigate every report.

For a request to access, correct, or delete personal data the Customer holds about you, you should contact the Customer directly. We will assist them, and you, in connecting and responding. If we cannot reach the Customer within 30 days of a verified request, we will, where lawful, act on the request ourselves to honour the spirit of the underlying law.

We do not engage in automated decision-making with legal or similarly significant effects on you within the meaning of Article 22 GDPR. The only automated decision we make that could affect access to the service is anti-abuse blocking (e.g., detecting that an account is sending phishing). When that happens:

• The block is reversible and notified in-product;
• A human reviewer is on call to investigate within four business hours;
• You have the right to obtain human intervention, express your point of view, and contest the decision (Art. 22(3) GDPR).

Modern browsers can transmit a Global Privacy Control (GPC) signal. We treat a GPC signal received on our marketing properties as a valid opt-out of any sale or share (which is already "no") and a valid opt-out of non-essential analytics. The legacy Do Not Track (DNT) header is not standardised; we do not respond to it specifically, though our default analytics behaviour requires consent in jurisdictions where consent is required.

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, or new legal requirements. For material changes, we will:

• Post the updated policy with a new "Effective" date at least 30 days in advance;
• Notify account administrators by email;
• Show an in-product banner that requires acknowledgement before the change takes effect;
• Maintain an archive of prior versions at /landing/privacy?archive=1.

For anything privacy-related — questions, access requests, rectification, erasure, portability, complaints, security reports, or abuse reports — email hello@mailapp.app.

If you believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority.