Privacy Policy.

1. What this policy covers

This policy describes how Mailnurse collects, uses, and protects the data of its customers — the account holders who sign in to the Mailnurse dashboard. It does not cover the recipients of cold emails that our customers send: Mailnurse never sees the body of those messages, and we do not track the people who receive them.

With respect to customer data — names, emails, billing information, dashboard usage — Mailnurse acts as a data controller. With respect to authentication credentials and deliverability telemetry drawn from the customer's connected providers (Workspace, Cloudflare, Instantly, Spaceship), Mailnurse acts as a data processor on behalf of the customer.

2. Information we collect

Account information.

Email address, name, company, billing address, and payment method. Payment details are processed by Stripe — Mailnurse never stores full card numbers.

Telemetry from connected services.

OAuth tokens or API keys you authorize us to use (Google Workspace, Cloudflare, Instantly, Spaceship); placement test results; DNSBL listing status; warmup vitals (open and reply rates per mailbox); rule-evaluation logs. All credentials are encrypted at rest in a separate vault namespace and decrypted only at point of use.

Usage data.

IP address, browser type, pages visited, session timestamps. Product analytics are collected via Plausible — a privacy-preserving analytics product that uses no cookies and no device fingerprinting.

3. How we use the information

• To provide the monitoring and auto-rotation service the customer subscribed to.
• To generate placement scores, vitals readings, and rule evaluations.
• To bill subscriptions and issue receipts via Stripe.
• To send transactional emails (alerts, status updates, invoices).
• To improve the product, on the basis of aggregated, de-identified data only.
• To comply with legal obligations and respond to lawful requests.
• To detect and prevent fraud, abuse, and acceptable-use violations.
• To debug incidents — never as a routine practice.

4. What we do NOT do

• We do not sell, rent, or share customer data with third parties for advertising purposes.
• We do not train AI models on customer data.
• We do not read the body of cold emails that our customers send.
• We do not track the recipients of cold emails on behalf of our customers.
• We do not place advertising cookies on our marketing site.

5. Subprocessors

Mailnurse engages a small set of subprocessors to deliver the service. Each is bound by a Data Processing Agreement. Categories and current providers:

• AWS — hosting and storage (us-east-1; eu-west-1 available on request).
• Stripe — subscription billing and payment processing.
• Plausible — privacy-preserving product analytics.
• Cloudflare — CDN and DNS for the marketing site.
• Google Workspace API — read-only telemetry against customer-authorized tenants.
• Microsoft 365 API — read-only telemetry against customer-authorized tenants.

6. Data retention

Customer data is retained for the duration of the active subscription and for thirty days after cancellation, after which it is hard-deleted from production systems. Backups are retained for ninety days, after which they are rotated out. Aggregate analytics retain no personally identifiable information and are retained indefinitely for trend analysis.

7. Your rights

Subject to the GDPR (for EEA customers) and the CCPA (for California residents), you have the right to access, correct, delete, export, and restrict the processing of your personal data. You may also object to processing based on legitimate interests. To exercise any of these rights, email privacy@mailnurse.io or reach us via the contact form. We respond within fourteen days of a documented request.

8. Security

Technical and organizational measures — encryption, access control, credential handling, incident response — are described in detail on our security page.

9. Changes to this policy

When we make material changes to this policy, we notify customers by email and post a banner on the marketing site at least thirty days before the change takes effect. Non-material clarifications (typographical fixes, structural reorganization) may be made without notice. Historical versions are available on request.

10. Contact

Questions about this policy? Email privacy@mailnurse.io or use the contact form.