Privacy Policy
Mailaki, Inc. ("Mailaki", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to it. It applies to the Mailaki website, API, and related services (collectively, the "Service").
1. Information We Collect
Account information. When you sign up, we collect your name, email address, company name, and a hashed password. For paid plans we collect billing information (processed by our payment provider — we do not store raw card numbers).
Usage data. We collect logs of API requests including timestamps, endpoints called, status codes, and IP addresses. We use this for billing, rate-limiting, abuse prevention, and debugging.
Email metadata. We store metadata about messages you send through the Service — recipient addresses, subject lines, send timestamps, delivery status, open events, and click events. We do not store the full body of emails beyond the time needed to deliver them.
Technical data. Browser type, operating system, referring URLs, and session data collected when you visit the Mailaki website.
Communications. If you contact us for support or sales, we retain those communications.
2. How We Use Your Information
- To provision and operate the Service
- To process payments and send invoices
- To detect and prevent fraud, abuse, and policy violations
- To enforce our Terms of Service
- To respond to support requests
- To send transactional notifications (e.g. billing alerts, security notices)
- To send product updates — you can unsubscribe at any time
- To analyse aggregate usage trends and improve the Service
We do not sell your personal data to third parties. We do not use your email content for advertising purposes.
3. Data Sharing
We share data only with:
- Service providers — infrastructure (cloud hosting, databases), payment processing, error tracking, and monitoring tools. Each is bound by a data processing agreement.
- Law enforcement — when required by valid legal process (subpoena, court order) or to protect the safety of users or the public. We will notify you where legally permitted.
- Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is subject to a different privacy policy.
4. Data Retention
We retain account data for as long as your account is active. Upon account deletion we delete or anonymise your data within 30 days, except where retention is required by law (e.g. financial records may be retained for up to 7 years). Email delivery logs are retained for 90 days by default; paid plans can configure longer retention.
5. Cookies and Tracking
The Mailaki marketing website uses minimal cookies — a session cookie for the authenticated dashboard and basic analytics to understand aggregate page traffic. We do not use third-party advertising cookies. You can disable cookies in your browser settings; this may impact dashboard functionality.
6. Security
We apply industry-standard security practices including encryption in transit (TLS 1.3), encryption at rest (AES-256), access controls, and regular security reviews. See our Security page for details. No system is perfectly secure; we will notify you promptly in the event of a breach affecting your data.
7. International Transfers
Mailaki is operated from the United States. If you are located outside the US, your data may be transferred to and processed in the US. We rely on standard contractual clauses and other appropriate safeguards for international transfers where required by applicable law (including GDPR).
8. Your Rights
Depending on your location you may have rights including:
- Access — request a copy of the personal data we hold about you
- Correction — request that we correct inaccurate data
- Deletion — request deletion of your personal data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request that we restrict processing in certain circumstances
To exercise any of these rights, email [email protected]. We will respond within 30 days. For GDPR requests, we will respond within the legally required timeframe.
9. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.
10. California Residents (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act including the right to know, delete, and opt-out of sale of personal information. We do not sell personal information. To submit a CCPA request, email [email protected].
11. Changes to This Policy
We may update this Privacy Policy periodically. If we make material changes we will notify you by email or via an in-app notice before the changes take effect. Your continued use of the Service constitutes acceptance of the updated policy.
12. Contact
Questions about this Privacy Policy? Email us at [email protected] or write to:
Mailaki, Inc.
Privacy Team
[email protected]
See also: Terms of Service · Security