Privacy Policy
Last updated: [DATE]
1. Introduction
MailBuddy ("the Company", "we", "us") operates the MailBuddy platform ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Service.
2. Information We Collect
We collect the following types of information:
- Account Information: Name, email address, and authentication credentials provided during registration
- Contact Data: Customer and supplier contact information imported from connected accounting platforms (QuickBooks Online, Xero) or uploaded manually (CSV, Excel)
- Email Data: Email content, templates, campaign metadata, delivery status, and engagement data
- Integration Data: OAuth tokens and connection metadata for linked accounting platforms and email providers
- Usage Data: Service usage patterns, feature interactions, and technical logs
- Payment Data: Subscription and billing information processed through PayPal (we do not store payment card details)
3. How We Use Your Information
We use collected information to:
- Provide and maintain the Service
- Process and deliver email campaigns on your behalf
- Synchronize contact data from connected accounting platforms
- Process subscriptions and payments
- Send service-related notifications
- Monitor and improve the Service
- Comply with legal obligations
4. Data Sharing
[PLACEHOLDER] We do not sell your personal information. We share data only with:
- Email Providers: Amazon SES, Gmail, and Outlook for email delivery as configured by you
- Accounting Platforms: QuickBooks Online and Xero for contact synchronization as authorized by you
- Payment Processor: PayPal for subscription billing
- Infrastructure Providers: AWS for hosting and data storage
- Legal Requirements: When required by law or to protect our rights
5. Data Storage and Security
[PLACEHOLDER] Your data is stored on servers hosted by Amazon Web Services (AWS). We implement industry-standard security measures including:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for sensitive data (Vault Transit encryption for OAuth tokens)
- Role-based access controls
- Regular security audits
6. Data Retention
[PLACEHOLDER] We retain your data for as long as your account is active or as needed to provide the Service. After account deletion, we will remove your personal data within [TIMEFRAME], except where retention is required by law.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Data portability
- Withdraw consent at any time
8. POPIA Compliance (South Africa)
[PLACEHOLDER] In accordance with the Protection of Personal Information Act (POPIA):
- We process personal information lawfully and in a reasonable manner
- We collect information for specific, explicitly defined purposes
- We take reasonable measures to ensure information quality
- We implement appropriate security safeguards
- Our Information Officer can be contacted at: [CONTACT EMAIL]
9. Cookies
[PLACEHOLDER] The Service uses essential cookies for authentication and session management. We do not use advertising or tracking cookies on this landing page.
10. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.
11. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
12. Changes to This Policy
[PLACEHOLDER] We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top indicates the most recent revision.
13. Contact Us
For questions or requests regarding this Privacy Policy or your personal data, contact us at: [CONTACT EMAIL]