Privacy Policy

Last updated: December 18, 2025

1. Introduction

Mailflix, Inc. ("Mailflix," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our newsletter platform service ("Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

  • Account Information: Name, email address, password (stored hashed), and company name
  • Payment Information: Processed securely through Stripe. We do not store credit card numbers
  • Newsletter Content: Email content, subject lines, and templates you create
  • Subscriber Data: Information about your newsletter subscribers that you upload or collect
  • Communications: Information from your communications with us (support requests, feedback)

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage Data: Pages visited, features used, actions taken within the Service
  • Device Information: IP address, browser type, operating system, device identifiers
  • Email Tracking Data: Opens, clicks, bounces, complaints (for emails sent through our Service)
  • Log Data: Server logs including access times, error logs, and referring URLs
  • Cookies: Session cookies for authentication and preferences (see Section 7)

2.3 Information from Third Parties

We may receive information from:

  • Stripe: Payment status, subscription information, payout details for Stripe Connect users
  • Amazon SES: Email delivery status, bounces, and complaints
  • Twilio: SMS/WhatsApp delivery status (if you use these features)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: To operate, maintain, and improve the Mailflix platform
  • Process Transactions: To process payments, manage subscriptions, and prevent fraud
  • Send Communications: To send service-related notifications, updates, and support messages
  • Analytics: To analyze usage patterns and improve user experience
  • Security: To detect, prevent, and address technical issues, fraud, and abuse
  • Legal Compliance: To comply with legal obligations and enforce our terms
  • Customer Support: To respond to inquiries and provide assistance

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

We share data with third-party service providers who assist in operating our Service:

  • Amazon Web Services (AWS): Cloud hosting and email sending (SES)
  • Stripe: Payment processing and Stripe Connect for creator payouts
  • Twilio: SMS and WhatsApp messaging services
  • DeepSeek: AI-powered content generation (email templates, subject lines)

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the safety of users or the public

4.3 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

4.4 With Your Consent

We may share information with third parties when you give us explicit consent to do so.

We do NOT sell your personal information to third parties for marketing purposes.

5. Your Subscriber Data

As a newsletter creator using Mailflix, you are the "data controller" for your subscriber data. We act as a "data processor" on your behalf. This means:

  • You are responsible for obtaining proper consent from your subscribers
  • You must comply with applicable data protection laws (GDPR, CCPA, etc.)
  • You are responsible for responding to data subject requests from your subscribers
  • We process subscriber data only as necessary to provide the Service

5.1 What We Store

For your subscribers, we store:

  • Email addresses (hashed for privacy-preserving deduplication)
  • Subscription status (pending, confirmed, unsubscribed, bounced, complained)
  • Phone numbers (if provided, in E.164 format for SMS/WhatsApp)
  • Custom metadata you provide
  • Email engagement data (opens, clicks, bounces, complaints)

5.2 Data Processing Agreement

By using Mailflix to process subscriber data, you agree to our standard Data Processing Agreement (DPA), available upon request at [email protected].

6. Data Retention

We retain your information as follows:

  • Account Data: Retained while your account is active and for 30 days after deletion request
  • Subscriber Data: Retained while your account is active; deleted within 30 days of account termination
  • Email Analytics: Retained for 2 years for reporting purposes
  • Payment Records: Retained for 7 years for legal and tax compliance
  • Server Logs: Retained for 90 days

You can request deletion of your data at any time by contacting us. Some data may be retained as required by law or for legitimate business purposes.

7. Cookies and Tracking

Mailflix uses the following types of cookies:

7.1 Essential Cookies

Required for the Service to function. These include session cookies for authentication. You cannot opt out of these cookies.

7.2 Email Tracking

For emails sent through our Service, we use tracking pixels (1x1 transparent images) and link rewriting to track opens and clicks. This data is used for analytics and is shared with the newsletter creator. Recipients can disable image loading in their email client to prevent open tracking.

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect your ability to use certain features of the Service.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Data encrypted in transit (TLS) and at rest
  • Password Hashing: Passwords stored using bcrypt hashing
  • API Key Security: API keys are hashed and not stored in plain text
  • Access Controls: Role-based access and audit logging
  • Infrastructure: Hosted on secure AWS infrastructure
  • Signed Tokens: HMAC-SHA256 signed tokens for tracking and unsubscribe links

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 For All Users

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Data Portability: Request your data in a machine-readable format

9.2 GDPR Rights (EEA/UK Users)

If you are in the European Economic Area or UK, you also have the right to:

  • Restrict processing of your personal data
  • Object to processing based on legitimate interests
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your data based on: (a) contract performance, (b) legitimate interests, (c) legal obligations, or (d) your consent.

9.3 CCPA Rights (California Residents)

California residents have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of personal information
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or as required by law).

10. International Data Transfers

Mailflix is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers are located.

For transfers from the EEA/UK, we rely on Standard Contractual Clauses approved by the European Commission and UK authorities, as well as additional safeguards where appropriate.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page with an updated "Last Updated" date
  • Sending an email notification to registered users for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Mailflix, Inc.
Email: [email protected]

Data Protection Officer: For GDPR-related inquiries, contact us at [email protected].