Privacy Policy
We built Mailgridder on the principle that your data belongs to you. This policy explains exactly what we collect, how we use it, and the protections we put in place.
Who We Are
Mailgridder (“we,” “our,” or “us”) operates the email infrastructure platform accessible at mailgridder.com and its associated subdomains. For the purposes of applicable data protection law, Mailgridder acts as the data controller for information collected directly from users of our website and as a data processor for any personal data you (the client) store within your private Mautic instance.
This Privacy Policy applies to all users of mailgridder.com and all clients of the Mailgridder platform.
What Data We Collect
We collect the minimum data necessary to provide and improve the Service. The data we collect falls into two categories:
Account & Billing Data (Data You Provide)
| Data Type | Purpose | Stored By |
|---|---|---|
| Name | Account identification | Mailgridder database |
| Business email address | Account login, transactional communications | Mailgridder + Mautic instance |
| Company name | Account labeling, billing | Mailgridder database |
| Sending domain | SES identity setup, DNS configuration | Mailgridder + AWS SES |
| Payment information | Subscription billing | Paystack (never stored by Mailgridder) |
| Plan selection | Resource provisioning | Mailgridder database |
Usage & Technical Data (Automatically Collected)
| Data Type | Purpose |
|---|---|
| IP address | Security, fraud prevention |
| Browser type & OS | Compatibility & technical support |
| Pages visited on mailgridder.com | Website analytics (aggregate only) |
| Container resource metrics | Infrastructure monitoring, billing accuracy |
| Email sending metrics | Reputation monitoring, AUP compliance |
How We Use Your Data
We use the data we collect only for the following purposes:
- Service delivery: Provisioning your container, configuring SES identities, and managing your subscription
- Account communications: Sending transactional emails such as login credentials, CNAME verification records, invoices, and service notifications
- Security & compliance: Detecting and preventing abuse, monitoring for AUP violations, and responding to legal requirements
- Platform improvement: Analyzing aggregate usage patterns (not individual content) to improve infrastructure performance and features
- Billing: Processing payments and managing subscription lifecycle through Paystack
Your Client Data (Contacts & Campaigns)
The data you store within your Mailgridder instance — including your subscriber lists, email content, campaign results, and any other business data — is entirely yours.
- This data is stored exclusively within your isolated Docker container on our Hetzner-hosted infrastructure
- Mailgridder employees do not access your contact data or email content except in rare circumstances when you explicitly request technical support that requires it, and only with your permission
- Your data is never shared with other Mailgridder clients or third parties for any commercial purpose
- Our AI writing assistant processes your prompts and brand materials entirely locally within your container. No data is sent to external AI providers (such as OpenAI or Anthropic)
- When you send email through your instance, it is relayed through Amazon SES. Amazon’s privacy policy governs the processing of message metadata (headers, delivery records) at the relay layer. Message content is not stored by Amazon SES beyond the transmission period
In acting as your data processor for client data, we commit to processing it only on your documented instructions and in accordance with applicable data protection law.
Third-Party Services
Mailgridder integrates with the following third-party services to deliver the platform. Each governs its own data handling:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (SES / SNS) | Email delivery, bounce/complaint handling | Sending domain, email headers, delivery metadata |
| Hetzner Online GmbH | Cloud infrastructure hosting | Container workloads (encrypted at rest) |
| Paystack | Payment processing | Name, email, payment card details (never stored by us) |
| Zoho Mail | Mailgridder staff inbox (info@mailgridder.com) | Email content of messages sent to our support address |
We do not integrate analytics platforms (such as Google Analytics) in a manner that exposes individual user behavior. Any analytics we use are privacy-first and collect only aggregate, anonymized data.
Cookies & Tracking
The mailgridder.com marketing website uses minimal cookies:
- Essential cookies: Required for basic website functionality and WordPress session management. Cannot be disabled.
- Mautic form cookies: Set by our beta application form to track form submission state and prevent duplicate submissions. These are first-party, session-scoped, and do not track across sessions.
- Analytics cookies: If enabled, these are anonymized and do not contain personally identifiable information. You may opt out at any time.
We do not use third-party advertising cookies, cross-site tracking pixels, or retargeting technologies on our marketing site.
Within your Mailgridder instance (mailgridder.xyz subdomain), Mautic uses cookies to track contact engagement for your own campaigns. You are responsible for disclosing this to your subscribers in your own privacy notices.
Data Retention
- Active account data is retained for the duration of your subscription
- Billing records are retained for 7 years as required by applicable accounting regulations
- Container data (your contacts, campaigns, templates) is retained in your isolated environment for the duration of your subscription, plus a 30-day grace period after termination during which you can export your data
- After the 30-day grace period post-termination, container data is permanently and irrecoverably deleted
- Server logs (IP addresses, access logs) are retained for up to 90 days for security purposes, then deleted
Security
We take the security of your data seriously and implement industry-standard protections:
- Encryption in transit: All data transmitted between your browser, your Mautic instance, and our infrastructure uses TLS 1.2 or higher (HTTPS)
- Container isolation: Your instance runs in an isolated Docker network environment. Inter-container communication is blocked by default
- IAM scoping: Each client container connects to AWS SES using its own scoped IAM credentials with minimum required permissions only
- Access controls: Administrative access to infrastructure is protected by multi-factor authentication and restricted to authorized personnel
- No shared credentials: Your Mautic admin credentials are generated uniquely at provisioning time and are not accessible to Mailgridder staff
Despite these measures, no system is completely immune to security risks. In the event of a data breach that affects your personal data, we will notify you as required by applicable law, typically within 72 hours of becoming aware of the incident.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct any inaccurate or incomplete personal data we hold
- Erasure (“right to be forgotten”): Request deletion of your personal data, subject to our legal retention obligations
- Restriction: Request that we restrict processing of your data in certain circumstances
- Portability: Receive your personal data in a structured, machine-readable format
- Objection: Object to processing of your data for certain purposes
- Withdrawal of consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at info@mailgridder.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
GDPR & International Data Transfers
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent legislation.
Legal basis for processing: We process your personal data on the following legal bases:
- Contract performance: Processing necessary to deliver the Service you’ve subscribed to
- Legitimate interests: Security monitoring, fraud prevention, and platform improvement
- Legal obligation: Compliance with applicable laws, including tax and accounting requirements
- Consent: Where we ask for and receive explicit consent (e.g., marketing communications)
International transfers: Your data may be processed in countries outside the EEA, including the United States (AWS infrastructure) and Germany (Hetzner). Where such transfers occur, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission.
If you have concerns about our GDPR compliance, you have the right to lodge a complaint with your local data protection authority.
Children’s Privacy
Mailgridder is a business-to-business (B2B) platform intended exclusively for use by adults operating in a professional capacity. We do not knowingly collect personal data from individuals under the age of 18.
If we become aware that we have inadvertently collected data from a minor, we will delete that data promptly. If you believe we may have such data, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the “Effective Date” at the top of this page
- Send an email notification to the address associated with your account at least 14 days before the changes take effect
- Display a prominent notice on our website
Your continued use of the Service after the effective date of any changes indicates your acceptance of the updated Privacy Policy.
Contact Us
For privacy-related inquiries, data subject requests, or concerns about how we handle your personal data, please contact our privacy team:
Mailgridder Privacy
We aim to respond to all privacy inquiries within 5 business days, and data subject requests within 30 days.
info@mailgridder.com