Mailing List Manager

1. Introduction

Welcome to Newsletter Platform ("mailinglist-tech.com"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you subscribe to our newsletter service. By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information You Provide

When you subscribe to our newsletter, we collect the following information:

Email Address (required): Used to send you newsletter campaigns and communications
Name (optional): Used to personalize email content and greetings
Subscription Date: Automatically recorded when you subscribe
Subscription Status: Whether you are an active, unsubscribed, or bounced subscriber

2.2 Automatically Collected Information

When you interact with our emails and website, we automatically collect:

Email Engagement Data: Whether emails were delivered, opened, or bounced
Click Data: Links clicked within our emails (tracked via unique URLs)
Device Information: Browser type, operating system, and device type
IP Address: Used for security and fraud prevention
Timestamps: When you subscribed, unsubscribed, or interacted with emails

Email Tracking Technologies: We track campaign performance using:

Tracking Pixels: Small, invisible images embedded in emails to detect when emails are opened and the email client used
Unique Tracking Links: URLs with unique identifiers to measure click-through rates and attribute clicks to specific subscribers
Bounce Notifications: Delivery status reports from email service providers
Time and Date Stamps: When you interact with our emails

This tracking data helps us measure campaign effectiveness, improve content quality, maintain list hygiene, and comply with email service provider requirements. Individual engagement data is retained for 90 days; aggregate statistics (e.g., "Campaign X had 25% open rate") may be retained indefinitely for historical analysis.

2.3 Information We Do NOT Collect

We do not collect sensitive personal information such as financial data, government identification numbers, health information, or detailed browsing history outside of our service.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide Newsletter Services

Send you email campaigns and newsletters you subscribed to
Personalize email content with your name (if provided)
Manage your subscription preferences

3.2 To Improve Our Service

Analyze email engagement to improve content quality
Monitor delivery rates and fix technical issues
Understand subscriber preferences and interests

3.3 For Security and Compliance

Prevent spam, fraud, and abuse of our service
Comply with legal obligations and regulations
Maintain accurate records for audit purposes

3.4 To Communicate With You

Send subscription confirmation emails
Respond to your inquiries and support requests
Notify you of important service changes

3.5 For Subscriber Segmentation

We use tags to categorize subscribers and deliver more relevant content based on your interests and engagement:

Assign tags based on subscription source, preferences, and engagement patterns
Segment email campaigns to specific tag groups for targeted content
Analyze tag-based performance to improve content relevance and quality

You can view and manage your tags through the Subscriber Portal. Tags are used internally for content optimization and are not shared with third parties.

3.6 For Premium Subscription Services

Process payments for premium subscriptions through Stripe
Manage premium subscription status and access
Send billing-related communications

Note: We do not store credit card information. All payment processing is handled securely by Stripe. See Stripe's Privacy Policy for details.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and context:

Consent: You have given explicit consent for us to process your email address for newsletter purposes when you subscribe
Legitimate Interests: We process data to improve our service, prevent fraud, and ensure security, provided these interests do not override your rights
Legal Obligations: We may process data to comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

5.1 Email Service Providers

We use the following third-party email service providers to deliver newsletters on our behalf:

Mailgun (Mailgun Technologies, Inc.) - Email delivery service
Amazon Simple Email Service (AWS SES) (Amazon Web Services, Inc.) - Email delivery service
Gmail API (Google LLC) - Email delivery service
Google Cloud Platform Simple Email Service (GCP SES) (Google LLC) - Email delivery service

These providers have access to your email address and name (if provided) solely to perform email delivery services on our behalf. They are obligated to protect your information and may not use it for their own purposes. All service providers are bound by data processing agreements (DPAs) that comply with GDPR Article 28 requirements, ensuring appropriate security measures, confidentiality, and data protection standards.

Your data may be processed on servers located in the United States and other countries where these providers operate. We ensure appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, are in place for international data transfers.

5.2 Payment Processor

For premium subscriptions, payment processing is handled by Stripe, Inc. We do not store or have access to your complete credit card information. Stripe collects and processes payment information according to their Privacy Policy. We receive only limited information (last 4 digits of card, expiration date, billing email) necessary to manage your subscription.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or the rights, property, or safety of others.

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and through a prominent notice on our website of any such change in ownership or control of your personal information.

5.5 Subprocessor List

A complete and current list of all subprocessors (service providers who process personal data on our behalf) is available upon request by contacting [email protected].

6. Data Retention

We retain your personal information for as long as necessary to provide our newsletter service and fulfill the purposes outlined in this Privacy Policy. Specifically:

Active Subscribers: Your data is retained as long as you remain subscribed
Unsubscribed Users: We retain your email address to honor your unsubscribe request and prevent re-subscription
Email Logs: Delivery and engagement logs are retained for up to 90 days for operational purposes
Complete Deletion: You can request complete data erasure at any time (see Section 8)

7. Your Data Protection Rights (GDPR)

If you are located in the EEA, you have the following rights regarding your personal data:

7.1 Right to Access

You have the right to request a copy of the personal information we hold about you.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data. See Section 8 for details on how to exercise this right.

7.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal information.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

7.6 Right to Object

You have the right to object to our processing of your personal data based on legitimate interests.

7.7 Right to Withdraw Consent

You can withdraw your consent at any time by unsubscribing from our newsletter.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7.8 California Residents' Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Right to Know

You can request details about the personal information we have collected about you in the past 12 months, including:

Categories of personal information collected: Identifiers (email, name), Internet activity (engagement metrics), Commercial information (subscription status)
Sources: Directly from you (subscription forms), Automatically from your interactions (email tracking)
Business purposes: Providing newsletter service, improving content, security, compliance, and targeted content delivery
Third parties we share with: Email service providers (Mailgun, AWS SES, Gmail, GCP SES) and payment processor (Stripe)

Right to Delete

You can request deletion of your personal information, subject to certain legal exceptions. See Section 8 for our data erasure process.

Right to Opt-Out of Sale

We do not sell your personal information to third parties. If our practices change in the future, we will update this policy and provide a clear "Do Not Sell My Personal Information" link on our website.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will receive the same service quality and pricing whether or not you exercise your rights.

To exercise your CCPA rights: Contact us at [email protected] with the subject line "CCPA Request". We will verify your identity (to prevent fraudulent requests) and respond within 45 days. You may designate an authorized agent to make requests on your behalf.

8. Data Erasure and Unsubscribe

8.1 How to Unsubscribe

You can unsubscribe from our newsletter at any time by:

Clicking the "Unsubscribe" link at the bottom of any email we send you
Visiting the Subscriber Portal and managing your subscription
Emailing us directly at [email protected]

8.2 Complete Data Erasure

When you unsubscribe, your subscription status changes to "unsubscribed" and you will no longer receive emails. However, your email address remains in our system to honor your unsubscribe request.

To request complete data erasure (GDPR "Right to be Forgotten"):

First, unsubscribe using one of the methods above
Send an email to [email protected] with the subject line "GDPR Data Erasure Request"
Include your email address and confirm you want all your data permanently deleted
We will process your request within 30 days and send you confirmation

Important: Complete data erasure means we will permanently delete all records of your email address, name, subscription history, and engagement data. After erasure, you will be able to re-subscribe in the future if you wish.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using SSL/TLS 1.2+ protocols
Encryption of data at rest using industry-standard encryption (AES-256)
Secure database storage with access controls and authentication
Regular security audits and vulnerability assessments
Limited access to personal data by authorized personnel only
Use of reputable third-party service providers with strong security practices
Employee security training and background checks
Incident response plan and monitoring systems

Data Breach Notification: In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by law. For GDPR-covered individuals, we will provide notification within 72 hours of becoming aware of the breach. You will be notified via email at the address we have on file.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information using commercially reasonable means, we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country, where data protection laws may differ. If you are located in the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data during international transfers.

11. Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of our service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Email: [email protected]

Website: mailinglist-tech.com

Physical Address:
123 Newsletter Street, Suite 100, San Francisco, CA 94102, USA

Data Protection Officer:
Email: [email protected]

Our physical mailing address is provided in compliance with the CAN-SPAM Act and other applicable regulations. For GDPR-related inquiries specifically, please contact our Data Protection Officer.

14. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

15. Cookies and Tracking Technologies

Our website and emails use cookies and similar tracking technologies to enhance your experience and understand how our service is used:

Essential Cookies

Required for website functionality, including authentication, session management, and subscriber portal access. These cookies are necessary for the service to function and cannot be disabled.

Analytics Cookies

Help us understand how visitors use our website and subscriber portal, which pages are most popular, and where improvements are needed. This data is aggregated and anonymized.

Email Tracking

As described in Section 2.2, we use tracking pixels and unique links in emails to measure campaign performance and engagement.

Managing Cookies: You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling essential cookies may affect website functionality. Note that browser cookie settings do not affect email tracking pixels; to stop receiving tracked emails, you must unsubscribe from the newsletter.