Privacy Policy

Last updated: June 11, 2026

1. Who We Are

Maily ("we", "us", "our") is an email marketing platform that helps businesses create, send, and track email campaigns. We are committed to protecting your personal data and respecting your privacy.

2. What Data We Collect

We collect the following types of data:

  • Account data: Name, email address, password (hashed), and profile information you provide on registration.
  • Business data: Business name, website, logo, and other information you enter in your business profile.
  • Contact data: Email addresses and names of your subscribers that you import or collect through us.
  • Usage data: Campaign performance metrics, open rates, click rates, and other analytics.
  • Payment data: Billing information processed securely by Stripe. We do not store card details.
  • Technical data: IP addresses, browser type, and access logs for security and debugging.

3. How We Use Your Data

  • To provide and operate the Maily service
  • To process payments and manage your subscription
  • To send transactional emails (receipts, password resets, verification)
  • To generate AI-assisted email content on your behalf
  • To improve the platform and fix bugs
  • To comply with legal obligations

4. Your Subscribers' Data

When you import or collect subscriber email addresses through our platform, you are the data controller for that data. We act as a data processor on your behalf. You are responsible for ensuring you have the legal right to contact those subscribers and that your email practices comply with applicable laws (CAN-SPAM, GDPR, etc.).

5. Data Sharing

We do not sell your data. We share data only with:

  • Stripe – for payment processing
  • Amazon SES – for email delivery
  • OpenAI – for AI content generation (no personal data is sent, only business context you provide)

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance reasons (e.g., billing records for 7 years).

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability – receive your data in a machine-readable format
  • Object to processing

To exercise these rights, visit your Profile Settings or contact us at privacy{{ parse_url(config('app.url'), PHP_URL_HOST) }}.

8. Cookies

We use session cookies required for authentication and a CSRF token cookie for security. We do not use tracking or advertising cookies.

9. Security

We use industry-standard security measures including HTTPS encryption, hashed passwords, signed URLs, and regular security audits. However, no system is 100% secure. Please use a strong, unique password.

10. Contact Us

For privacy-related questions, contact us at privacy{{ parse_url(config('app.url'), PHP_URL_HOST) }}.