Privacy Policy
How we handle data — written without dark patterns, written as if you'll actually read it.
Last updated: 2026-01-15
1. Summary
This Privacy Policy explains how Mailers.io, Inc. ("Company", "we") collects, uses, and protects information in connection with the Mailers.io service. It covers the information we collect from account holders, from their end users (subscribers), and from visitors to our website.
2. Our role
For subscriber data uploaded by customers to send email, the customer is the data controller and we act as a processor. For account information, website analytics, and customer-facing telemetry, we act as a controller as described below.
3. Data we collect
Account data: name, email address, organisation, billing details, and workspace settings. Subscriber data: information customers upload to their mail lists, such as names, emails, and custom fields — processed only to deliver sends on the customer's behalf. Sending telemetry: delivery, bounce, complaint, open/click events where collected, provider responses, and timestamps. Product usage: pages viewed, features used, IP address, device and browser data, for product analytics and security.
4. How we use data
To operate, secure, and improve the Service; to route and deliver sends through the providers customers connect; to provide support and communicate about the Service; to enforce Terms and prevent abuse; and to comply with legal obligations.
5. Legal bases (GDPR)
We rely on contract (providing the Service), legitimate interests (security, abuse prevention, product improvement), consent (where required, including some marketing and cookies), and legal obligations.
7. Sending providers you connect
When you connect an ESP or SMTP server, sends routed through it transfer subscriber data to that provider for delivery. Those providers process data under their own agreements with you. Mailers.io does not resell provider sending.
8. Data retention
Account data is retained while your account is active and for a reasonable period after for legal and audit purposes. Sending telemetry retention is plan-specific. Subscriber data is retained according to customer instructions and deleted on customer request or workspace termination, subject to backup cycles.
9. Security
We use TLS for data in transit and encryption at rest for sensitive data, including provider credentials. Access is controlled via RBAC and audit logs. No system is perfectly secure; we work to respond quickly to incidents and notify affected customers as required.
10. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict processing, or port your personal data, and to object to certain processing. For subscriber-data requests, contact the customer who controls the list. For account data, email us directly.
11. International transfers
We may process data in regions other than your own. Where required, we rely on appropriate safeguards such as standard contractual clauses.
13. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from children.
14. Changes to this policy
We may update this Privacy Policy periodically. Material changes will be communicated through the Service or by email.
15. Contact
Privacy questions or rights requests: [email protected]. Security matters: [email protected].