PRIVACY POLICY

1. Introduction

Welcome to Mailkai (“Mailkai”, “we”, “our”, or “us”). We are committed to protecting the privacy and personal data of everyone who uses our platform. This Privacy Policy explains how we collect, use, store, share, and protect information when you access or use the Mailkai email marketing and automation platform, including our website, web application, APIs, and related services (collectively, the “Service”).

This Policy applies to:

  • Registered users and account holders (businesses, marketers, agencies, and startups)
  • Visitors to our website and marketing pages
  • Contacts whose data is processed through our platform on behalf of our customers

By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

We collect several types of information in order to provide, maintain, and improve the Service.

2.1 Information You Provide Directly

  • Account Registration Data: Name, email address, company name, phone number, billing details, and password when you sign up for Mailkai.
  • Profile & Settings: User preferences, notification settings, time zone, and communication preferences.
  • Payment Information: Credit or debit card details, billing address, and transaction history. Payments are processed by PCI-compliant third-party processors; we do not store full card numbers.
  • Support Communications: Messages, emails, or chat logs when you contact our customer support team.
  • Content You Upload: Email templates, contact lists, images, and campaign content that you create or import into the platform.

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain technical and behavioral data:

  • Usage Data: Pages visited, features used, email campaigns sent, open and click rates, and workflow interactions.
  • Log Data: IP address, browser type and version, operating system, referring URLs, access timestamps, and error logs.
  • Device Information: Device type, screen resolution, language settings, and hardware identifiers.
  • Location Data: General geographic location inferred from your IP address (country/city level).

2.3 Data from Cookies & Tracking Technologies

We use cookies, web beacons, pixel tags, and similar technologies to collect information about your interactions with our platform. See Section 5 for full details.

2.4 Data from Third-Party Sources

  • Integrations: If you connect third-party tools (e.g., CRM systems, e-commerce platforms, or social networks), we may receive data in accordance with those platforms’ permissions.
  • Public Sources: We may collect business information from publicly available directories for verification or enrichment purposes.
  • Referral Partners: Information about how you found Mailkai, if referred by a partner.

2.5 Subscriber / Contact Data (Processed on Your Behalf)

When you use Mailkai to manage email campaigns, you upload or sync data about your own contacts or subscribers. As a Data Controller for your own subscribers, you are responsible for ensuring a valid legal basis for processing their data. Mailkai acts as a Data Processor in this context and processes such data only in accordance with your instructions and this Privacy Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Creating and managing your Mailkai account
  • Sending, scheduling, and tracking your email campaigns
  • Enabling automation workflows, segmentation, and personalization features
  • Processing transactions and sending billing-related communications

3.2 Platform Improvement & Analytics

  • Analysing usage patterns and feature adoption to enhance the platform
  • Diagnosing technical issues and improving system performance
  • Conducting internal research and developing new features
  • Generating aggregated, anonymised analytics reports

3.3 Communications

  • Sending transactional emails (account confirmations, invoices, password resets)
  • Sending platform updates, product announcements, and security alerts
  • Sending marketing communications (where you have consented or where permitted by applicable law)

3.4 Legal & Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms and Conditions and other agreements
  • Detecting, preventing, and responding to fraud, abuse, or security incidents
  • Maintaining appropriate records for tax and audit purposes

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar data protection legislation, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

  • Contractual Necessity (Article 6(1)(b) GDPR): Processing required to provide the Service and perform our agreement with you, including account management, billing, and campaign delivery.
  • Legitimate Interests (Article 6(1)(f) GDPR): Processing for our legitimate business interests, such as fraud prevention, platform security, product improvement, and direct marketing to existing customers, where such interests are not overridden by your rights.
  • Legal Obligation (Article 6(1)(c) GDPR): Processing required to comply with applicable laws, regulations, and lawful government requests.
  • Consent (Article 6(1)(a) GDPR): Processing based on your freely given, specific, and informed consent — for example, for marketing emails to prospects. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Where we process special categories of personal data, we will only do so under the additional conditions specified in Article 9 of the GDPR.

5. Cookies & Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website or use our platform. They enable us to recognise your browser, remember your preferences, and understand how you interact with our Service.

5.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the platform to function correctly. These cannot be disabled, as they enable core features such as login sessions, security, and payment processing.
  • Performance & Analytics Cookies: Help us understand how users interact with the Service. Data collected is aggregated and anonymised.
  • Functional Cookies: Remember your preferences (e.g., time zone, language, dashboard layout) to provide a personalised experience.
  • Marketing & Targeting Cookies: Used to deliver relevant advertisements and track campaign effectiveness across third-party networks. Only deployed where permitted by your consent preferences.

5.3 Third-Party Tracking

We may use third-party analytics and marketing tools (e.g., Google Analytics, Meta Pixel, Intercom) that set their own cookies. These third parties have their own privacy policies, which we encourage you to review.

5.4 Managing Cookies

You can manage cookie preferences through our cookie consent banner presented on your first visit, or through your browser settings. Please note that disabling certain cookies may limit your ability to use some features of the Service.

5.5 Email Tracking Pixels

Our email delivery engine uses invisible tracking pixels embedded in emails to measure open rates and engagement. As a Mailkai customer, you are responsible for disclosing this tracking to your email subscribers in your own privacy disclosures.

6. Data Sharing & Third Parties

We do not sell your personal data. We may share your information with the following categories of recipients:

6.1 Service Providers & Sub-processors

We engage carefully vetted third-party service providers who process data on our behalf, strictly for the purposes outlined in this Policy. These include:

  • Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud)
  • Payment processors (e.g., Stripe, PayPal)
  • Email delivery infrastructure providers
  • Customer support and helpdesk software
  • Analytics and monitoring tools
  • Fraud detection and security services

All service providers are bound by data processing agreements and are required to maintain appropriate security measures.

6.2 Business Partners & Integrations

When you connect Mailkai to a third-party integration (e.g., Shopify, Salesforce, HubSpot, Zapier), data may be shared with those platforms in accordance with the permissions you grant. These integrations are governed by the respective third party’s privacy policy.

6.3 Legal & Regulatory Disclosure

We may disclose your information if required to do so by law, court order, regulatory authority, or to protect the rights, property, and safety of Mailkai, our users, or the public.

6.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or part of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our platform in advance of any such transfer.

6.5 Aggregated & Anonymised Data

We may share aggregated, de-identified data that cannot reasonably be used to identify you with partners, researchers, or the public for industry analysis, benchmarking, or promotional purposes.

7. International Data Transfers

Mailkai operates globally, and your personal data may be transferred to and processed in countries outside your home jurisdiction, including the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your country.

Where we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the relevant authority, we rely on appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The UK International Data Transfer Agreement (IDTA) for transfers from the UK
  • Binding Corporate Rules (BCRs) where applicable
  • Other lawful transfer mechanisms recognised under applicable data protection law

You may request a copy of the transfer safeguards we have implemented by contacting us at the details in Section 14.

8. Data Retention Policy

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, as outlined in this Policy, or as required by applicable law. Our general retention periods are:

  • Account Data: Retained for the duration of your active subscription plus 90 days post-termination to allow for account recovery. After this period, data is deleted or anonymised.
  • Campaign & Subscriber Data: Retained for as long as your account remains active. Following account closure, subscriber data is permanently deleted within 60 days unless a different period is required by law.
  • Billing Records: Retained for a minimum of 7 years in accordance with financial and tax regulations.
  • Usage Logs & Analytics: Retained for up to 24 months, after which they are aggregated and anonymised.
  • Support Communications: Retained for 3 years from the date of last interaction.
  • Legal Hold Data: Where data is subject to a legal hold or regulatory investigation, it is retained until the matter is resolved.

When data is no longer required, we securely delete or anonymise it using industry-standard procedures.

9. Data Security Measures

We implement robust technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. Our security practices include:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
  • Access Controls: Role-based access controls (RBAC) ensure that only authorised personnel can access personal data, strictly on a need-to-know basis.
  • Authentication: Support for multi-factor authentication (MFA) for all user accounts.
  • Regular Security Testing: We conduct regular penetration testing, vulnerability assessments, and code security reviews.
  • Incident Response: We maintain a documented security incident response plan. In the event of a data breach affecting your rights and freedoms, we will notify you and relevant authorities in accordance with applicable law.
  • Sub-processor Security: We require all third-party service providers to maintain appropriate security standards commensurate with the sensitivity of the data processed.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee its absolute security.

10. Your Rights & Choices

10.1 Rights Under GDPR (EEA & UK Users)

If you are located in the EEA or UK, you have the following rights under the GDPR and UK GDPR:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure (‘Right to be Forgotten’): Request deletion of your personal data where there is no legitimate reason for us to continue processing it.
  • Right to Restriction of Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format and transfer it to another controller.
  • Right to Object: Object to processing based on our legitimate interests, including for direct marketing purposes.
  • Rights Related to Automated Decision-Making: Request human review of any automated decisions that significantly affect you.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

10.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.
  • Right to Delete: Request deletion of personal information we have collected about you, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. However, you have the right to opt out should this practice ever change.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

10.3 Other Rights

Residents of other jurisdictions (including India under the DPDP Act, and other applicable laws) may have additional or equivalent rights. We are committed to honouring all applicable privacy rights globally.

10.4 How to Exercise Your Rights

To exercise any of the above rights, please submit a request to [Contact Email] with the subject line “Privacy Rights Request”. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

11. Children's Privacy

The Mailkai Service is intended for use by businesses and professionals. It is not directed to or designed for individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from minors.

If you believe that a minor has provided us with personal data without parental consent, please contact us immediately at [Contact Email] so that we may take appropriate action, including deletion of such data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this Policy
  • Notify registered users via email at least 14 days prior to the changes taking effect
  • Display a prominent notice within the Mailkai platform

Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the changes. If you do not agree, you may close your account before the changes take effect.

13. Data Protection Officer

Where required by law, we have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection obligations. You may contact our DPO at:

DPO Email:privacy@mailkai.com

Subject Line: Data Protection Officer — Mailkai

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Company Name: Mailkai
Address: Parda, Kesklinna linnaosa, 10151 Tallinn, Estonia
Email privacy@mailkai.com
Website https://www.mailkai.com

If you are in the EEA or UK and you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). In Ireland, this is the Data Protection Commission (DPC).