Privacy Policy

Your privacy is critically important to us at MailsBuddy

GDPR Compliant
CAN-SPAM Compliant
CCPA Compliant
Table of Contents
Overview Information We Collect How We Use Information Third-Party Services GDPR Compliance Email Marketing Compliance Data Security Data Retention Your Rights Cookies Children's Privacy Changes to Policy Contact Information

1. Overview

Effective Date: January 1, 2024

MailsBuddy ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email marketing platform and services.

Our Core Privacy Principles:
  • We never sell, rent, or share your personal data with third parties for their marketing purposes
  • We are fully GDPR, CAN-SPAM, and CCPA compliant
  • We use industry-standard encryption to protect your data
  • You have complete control over your data and can request deletion at any time

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, company name, phone number, and billing address when you register
  • Payment Information: Processed securely through Stripe (we never store credit card numbers)
  • Domain Information: Custom domain names and DNS records for email sending configuration
  • Contact Lists: Email addresses and associated data you upload for your email campaigns
  • Campaign Content: Email templates, images, and content you create
  • Support Communications: Information provided when you contact our support team

2.2 Information Collected Automatically

  • Usage Data: Features used, campaigns sent, email open/click rates
  • Server Logs: IP addresses, browser type, operating system, referring URLs
  • Device Information: Device type, screen resolution, time zone
  • Performance Data: Email delivery rates, bounce rates, spam complaints

2.3 Information from Third-Party Services

  • Payment Information: Transaction details from Stripe (excluding credit card numbers)
  • Analytics Data: Aggregated usage patterns from Google Analytics
  • Server Infrastructure: Server provisioning data from our infrastructure providers

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Provision dedicated email servers for your account
  • Process payments and manage subscriptions
  • Send your email campaigns to your subscribers
  • Provide analytics and reporting on campaign performance
  • Configure custom domains and DNS settings
  • Perform automated IP warming for deliverability

3.2 Service Improvement

  • Monitor and improve platform performance
  • Develop new features and services
  • Analyze usage patterns to optimize user experience
  • Conduct research and analysis

3.3 Communication

  • Send service-related notifications and updates
  • Respond to support requests and inquiries
  • Send billing and account information
  • Notify about policy or terms changes

3.4 Legal and Security

  • Comply with legal obligations and regulations
  • Prevent fraud, spam, and abuse
  • Enforce our Terms of Service
  • Protect the rights and safety of our users

4. Third-Party Services

We integrate with carefully selected third-party services to provide our platform. We do not sell or share your personal data with third parties for their marketing purposes.

4.1 Payment Processing - Stripe

  • Purpose: Secure payment processing and subscription management
  • Data Shared: Name, email, billing address, payment method details
  • Privacy Policy: Stripe Privacy Policy
  • Note: We never store credit card numbers on our servers

4.2 Analytics - Google Analytics

  • Purpose: Understanding platform usage and improving user experience
  • Data Shared: Anonymized usage data, page views, session duration
  • Privacy Policy: Google Privacy Policy
  • Note: IP anonymization is enabled; no personally identifiable information is shared

4.3 Infrastructure Provider

  • Purpose: Provisioning dedicated servers with unique IP addresses
  • Data Shared: Server configuration requirements, domain names
  • Note: Each customer receives an isolated dedicated server for maximum privacy and deliverability

4.4 Email Server Software

  • Purpose: Professional mail server software on your dedicated infrastructure
  • Data Processing: All email data remains exclusively on your dedicated server
  • Note: Enterprise-grade mail server with full isolation and control
Important: We maintain strict data processing agreements with all third-party services to ensure your data is protected according to GDPR standards.

5. GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).

5.1 Legal Basis for Processing

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interests: Improving services, preventing fraud, ensuring security
  • Legal Obligations: Compliance with applicable laws and regulations
  • Consent: Where explicitly provided for optional services

5.2 Data Protection Rights

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw previously given consent

5.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at: dpo@mailsbuddy.com

6. Email Marketing Compliance

We maintain strict compliance with email marketing regulations to protect both our users and their subscribers.

6.1 Your Responsibilities

As a MailsBuddy user, you agree to:

  • Only send emails to recipients who have explicitly consented
  • Maintain accurate records of consent
  • Include unsubscribe links in all marketing emails
  • Honor unsubscribe requests immediately
  • Not purchase or use third-party email lists without proper consent
  • Comply with CAN-SPAM, GDPR, CASL, and other applicable regulations

6.2 Our Compliance Measures

  • Automatic Unsubscribe Management: We automatically process and honor unsubscribe requests
  • Bounce Processing: Invalid emails are automatically removed from future sends
  • Complaint Monitoring: We monitor spam complaints and take appropriate action
  • List Hygiene: Tools to validate and clean email lists
  • Double Opt-In Support: Features to implement confirmed opt-in processes
  • Suppression Lists: Global and list-specific suppression management
Zero Tolerance Policy: We have zero tolerance for spam. Accounts found sending unsolicited emails will be immediately terminated without refund.

7. Data Security

We implement comprehensive security measures to protect your data:

7.1 Technical Safeguards

  • Encryption: All data transmitted using SSL/TLS encryption
  • Password Security: Passwords hashed using Argon2ID algorithm
  • Server Security: Dedicated servers with firewall protection
  • Access Controls: Role-based access with multi-factor authentication for admin accounts
  • Regular Updates: Security patches applied promptly
  • Backup Systems: Regular encrypted backups with secure storage

7.2 Organizational Measures

  • Limited access to personal data on need-to-know basis
  • Employee training on data protection and security
  • Regular security audits and assessments
  • Incident response procedures
  • Vendor security assessments

7.3 Data Isolation

Each customer receives a dedicated server, ensuring:

  • Complete isolation of your data from other customers
  • Dedicated IP addresses for reputation management
  • Independent security configurations
  • No shared resources that could compromise security

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy.

8.1 Retention Periods

  • Account Data: Retained while account is active plus 30 days after closure
  • Campaign Data: 12 months after campaign completion
  • Analytics Data: 24 months for aggregated statistics
  • Financial Records: 7 years as required by law
  • Support Tickets: 2 years after resolution
  • Server Logs: 90 days for security and debugging

8.2 Data Deletion

When data is no longer needed:

  • Personal data is permanently deleted or anonymized
  • Backups are purged according to retention schedule
  • Dedicated servers are securely wiped before decommissioning
  • Deletion certificates available upon request

9. Your Rights and Choices

9.1 Access and Portability

You can:

  • Access your personal data through your account dashboard
  • Export your data in common formats (CSV, JSON)
  • Request a complete copy of all data we hold about you

9.2 Correction and Deletion

You can:

  • Update your account information at any time
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Remove specific campaigns or contact lists

9.3 Communication Preferences

You can:

  • Opt-out of marketing communications
  • Configure notification preferences in account settings
  • Unsubscribe from emails using the link in each message

9.4 How to Exercise Your Rights

To exercise any of these rights:

10. Cookies and Tracking Technologies

10.1 Essential Cookies

Required for platform functionality:

  • Session management and authentication
  • Security tokens and CSRF protection
  • Load balancing and server routing
  • User preferences and settings

10.2 Analytics Cookies

Help us understand platform usage:

  • Google Analytics (with IP anonymization)
  • Internal usage analytics
  • Performance monitoring

10.3 Email Tracking

For campaign analytics:

  • Open tracking pixels (can be disabled)
  • Click tracking (can be disabled)
  • Engagement metrics

10.4 Managing Cookies

You can control cookies through:

  • Browser settings to block or delete cookies
  • Account settings to disable tracking features
  • Our cookie consent banner on first visit

11. Children's Privacy

MailsBuddy is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information immediately.

If you believe we have collected information from a child under 16, please contact us immediately at privacy@mailsbuddy.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

12.1 Notification of Changes

  • Material changes will be notified via email to account holders
  • A notice will be displayed on the platform dashboard
  • The "Effective Date" at the top will be updated
  • Previous versions available upon request

12.2 Continued Use

Continued use of MailsBuddy after changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may close your account and request data deletion.

13. Contact Information

For privacy-related questions, concerns, or requests:

Privacy Team

Email: privacy@mailsbuddy.com

Data Protection Officer

Email: dpo@mailsbuddy.com
For: GDPR and data protection inquiries

Mailing Address

MailsBuddy Privacy Team
MailsBuddy (Side Hustle Mate LLC), 3400 Cottage Way, Sacramento, CA 95825, USA

Supervisory Authority

EU residents have the right to lodge a complaint with their local data protection supervisory authority if they believe their rights under GDPR have been violated.

Last Updated: January 1, 2024 | Version: 2.0