Get Started

Privacy Policy

Effective date: April 1, 2026

1. Information We Collect

Account Data

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google OAuth, we receive your name, email address, and profile picture from Google. We do not store your Google password.

Email Content

When you send emails through our Service, we temporarily process and store the email content, including subject lines, body text, attachments, and recipient addresses. This data is necessary to deliver your emails and provide delivery status information.

Usage Data

We collect information about how you interact with the Service, including API requests, dashboard page views, feature usage patterns, and error logs. This data is used to improve the Service and diagnose technical issues.

Cookies

We use essential cookies to maintain your authentication session and remember your preferences. We do not use third-party advertising or tracking cookies. You can configure your browser to block cookies, but this may affect your ability to use the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Deliver emails on your behalf and provide delivery status and analytics.
  • Authenticate your identity and secure your account.
  • Communicate with you about service updates, security alerts, and support requests.
  • Monitor for abuse and enforce our Terms of Service and Acceptable Use Policy.
  • Generate aggregated, anonymized usage statistics to improve the Service.

We do not sell your personal information to third parties. We do not use your email content for advertising, profiling, or any purpose other than delivering the Service.

3. Data Storage and Security

Your data is stored on servers hosted by DigitalOcean in data centers located in the United States. All data is encrypted at rest using AES-256 encryption. All data transmitted between your applications and our Service is encrypted in transit using TLS 1.2 or higher.

We implement industry-standard security measures including network firewalls, intrusion detection systems, regular security audits, and access controls. API keys are hashed before storage and cannot be retrieved in plain text after creation.

While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

4. Data Retention

We retain your account data for as long as your account is active. Email content is retained for up to 30 days after delivery to support delivery troubleshooting and analytics. After 30 days, email content is permanently deleted.

Delivery logs and analytics data (metadata such as timestamps, delivery status, and open/click events) are retained for up to 12 months. When you delete your account, we remove your data within 30 days, except where retention is required by law.

5. Third-Party Services

We use the following third-party services to operate Mailngine:

  • DigitalOcean -- Cloud infrastructure hosting for our servers and databases.
  • Google OAuth -- Authentication provider for user sign-in. Google receives your authentication request but does not receive your Mailngine usage data.
  • Cloudflare -- DNS management and CDN services for domain verification and asset delivery. When you enable auto-DNS, Cloudflare receives your domain configuration data.

Each third-party service operates under its own privacy policy. We encourage you to review their policies to understand how they handle your data.

6. Your Rights

Under applicable data protection laws, including the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of Access -- You can request a copy of the personal data we hold about you.
  • Right to Rectification -- You can request that we correct inaccurate or incomplete personal data.
  • Right to Erasure -- You can request that we delete your personal data, subject to any legal obligations requiring retention.
  • Right to Data Portability -- You can request your data in a structured, machine-readable format for transfer to another service.
  • Right to Object -- You can object to the processing of your personal data for certain purposes.
  • Right to Restrict Processing -- You can request that we limit the processing of your personal data under certain circumstances.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Effective date" above. For significant changes, we will also send a notification to the email address associated with your account.

Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

9. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at [email protected] or visit our contact page.