Who We Are
Emailingo is an outbound email platform operated by Tiny Electrons LLC ("we", "us", "our"). The Service consists of:
- A web application where you manage sending domains, contact lists, templates, campaigns, and analytics.
- A backend API and PostgreSQL data store hosted on our infrastructure.
- Outbound email delivery infrastructure that sends campaigns from sending domains you connect and authenticate.
- Optional public unsubscribe and preference pages presented to your recipients on links generated by the platform.
Together these are referred to as the "Service".
Roles
Emailingo is provided to businesses that send their own outbound email using our platform. The business that subscribes to Emailingo (the "Customer") is the data controller for the personal data of their recipients (names, email addresses, lead attributes, custom fields) that the Customer uploads or imports into the Service. Emailingo acts as the data processor on the Customer's instructions for that data.
For account-holder data — administrators, team members, and end-users who sign in to Emailingo directly — Emailingo is the controller.
The Customer is the sender of record for every campaign and is responsible for having a lawful basis to email each recipient (consent, prior business relationship, public business contact, or another applicable basis under their jurisdiction).
Data We Collect
From account holders (Emailingo users)
- Account profile: name, email address, password hash, role (owner / admin / viewer), time zone, profile photo (optional), MFA enrollment status, organization membership.
- Authentication artifacts: signed session cookies (see Cookie Policy), TOTP secrets (encrypted at rest where MFA is enabled), CSRF tokens.
- Audit log entries: sign-in events, role changes, settings changes, sending-domain changes, campaign sends, with timestamp, actor, and originating IP.
Customer Data (entered into the app)
- Sending domains: the domain name you connect, generated SPF/DKIM/DMARC verification status, custom tracking subdomain, warmup state.
- Contacts & segments: recipient name, email, company, role, custom fields you define, tags, opt-in status, suppression flags, bounce history, unsubscribe timestamps.
- Templates: subject lines, body HTML/text, merge-tag mappings, attachments, and brand assets you save for re-use.
- Campaigns: targeting rules, A/B variants, schedule, throttling settings, send progress, per-recipient delivery state.
- Engagement events: opens, clicks, replies, bounces (hard/soft with SMTP code), unsubscribes, complaint flags. Engagement is recorded at the recipient level so you can see which contacts engaged.
- Webhook configuration: destination URLs, signing secrets (encrypted at rest), retry state.
From recipients (your contacts)
- The fact that a tracking pixel or click-redirect link was loaded, and the IP and user-agent that loaded it. Used for engagement metrics, list hygiene, and basic abuse prevention.
- If a recipient uses an unsubscribe or preference link, we record the timestamp and the resulting suppression state. The recipient's email address is added to the Customer's suppression list and to a global suppression list scoped to that Customer's account.
- If a recipient replies, the reply lands in the inbox of the sending mailbox the Customer configured — Emailingo does not store full reply bodies on its servers unless the Customer has explicitly enabled reply-capture.
Automatically
- HTTP request metadata (method, path, status code, IP, user-agent) for security and operations logs.
- Device fingerprint: a low-entropy summary (browser, platform, masked IP) attached to admin sessions for anomaly detection.
- Aggregate, non-identifying usage metrics for service health (request counts, queue depth, send rates, latency).
- Domain reputation signals fetched from public DNS and public blacklist services (RBLs) for the sending domains and IPs you have connected.
What we do NOT collect: the contents of your recipients' inboxes, your recipients' device fingerprints across the wider web, payment-card numbers, banking credentials, or any cross-site tracking. We do not sell, rent, or share Customer recipient lists with third parties for marketing.
How We Use Your Data
- Operate the Service: store your contacts, render and deliver your campaigns, follow your sending schedule and throttling rules, record engagement, retry transient bounces, and honor unsubscribe requests.
- Deliverability protection: enforce per-domain warmup, suppress addresses that hard-bounced or complained, monitor blacklist status of your sending domains, and warn you about content patterns that commonly trigger spam filters.
- Security: detect anomalous sign-in patterns, throttle abusive endpoints, validate MFA codes, and rotate session tokens.
- Audit & compliance: maintain a record of who did what inside your account so admins can review activity, and keep delivery records sufficient to respond to abuse complaints and recipient data requests.
- Notify users of plan changes, security events, billing issues, and product updates relevant to their account.
- Billing for the Emailingo subscription based on the active plan and any usage above included quotas.
Legal Bases (GDPR / UK GDPR)
- Performance of a contract with the account holder — operating the Service the user subscribed to.
- Legitimate interests — security monitoring, fraud prevention, abuse detection, deliverability protection of our shared sending infrastructure.
- Compliance with legal obligations — tax records, lawful disclosure requests, abuse-complaint records.
- Consent — for optional analytics cookies on our marketing site (the consent banner). You can withdraw consent at any time via Cookie settings.
For recipients, the lawful basis for processing is the Customer's instructions as data processor; the Customer is responsible for ensuring they have an appropriate basis under applicable law (e.g., consent, legitimate interest, prior business relationship) for emailing each recipient.
Sub-Processors
We use a small set of vetted sub-processors to operate the Service:
- Cloud hosting — for the API, database, queue, and static assets.
- Stripe — for processing payment for the Emailingo subscription itself. Card data is collected directly by Stripe; Emailingo never stores card numbers.
- Email-delivery providers — upstream MTAs and SMTP relays used to physically deliver outbound campaigns from the sending domain you authenticate.
- Public DNS & RBL lookups — used to verify SPF/DKIM/DMARC and to monitor blacklist state for your sending domains.
- Error monitoring — for diagnostic stack traces; PII is redacted before transmission.
A current sub-processor list is available on request to privacy@emailingo.com.
International Transfers
Our primary infrastructure is hosted in the United States. Where personal data is transferred from the EEA, the UK, or Switzerland to the United States, we rely on Standard Contractual Clauses or adequate-decision frameworks where applicable.
Retention
- Active session data: until logout or session expiry.
- Audit log: retained for the lifetime of the account and for 90 days after account closure.
- Contacts, templates, and campaigns: retained for the lifetime of the account. Account holders can delete individual records at any time.
- Per-recipient delivery and engagement events: 365 days. After that, records are aggregated to per-campaign totals and per-recipient PII (email, IP, user-agent) is removed.
- Suppression list (unsubscribed / hard-bounced / complained): retained indefinitely while the account is active so we never re-mail a recipient who has opted out. The recipient's email address is the only field retained.
- Security event logs (with full IPs): 90 days.
- Billing records (Emailingo subscription): 7 years for tax/audit compliance.
- Marketing-site analytics (if enabled and consented to): per analytics-provider defaults.
On account closure, customers can export their data via the API or CSV exports in the app. After 30 days, account data is deleted from production systems; backup copies are deleted on the next backup-rotation cycle. The suppression list may be retained longer where required to comply with anti-spam laws.
Security
- TLS 1.2+ in transit; AES-256 at rest.
- Argon2 password hashing.
- HttpOnly, Secure, SameSite session cookies (see Cookie Policy).
- Optional MFA (TOTP) on every account.
- Tenant-scoped data access — your contacts, templates, and campaigns are isolated to your account.
- Webhook signing secrets and DKIM private keys are encrypted at rest with envelope encryption.
- Continuous SAST and dependency scanning in CI; no payment card data ever touches Emailingo servers.
Your Rights
Subject to applicable law, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request erasure ("right to be forgotten").
- Restrict or object to processing.
- Data portability — most account data is exportable as CSV from inside the app.
- Withdraw consent (e.g., for analytics cookies).
- Lodge a complaint with your supervisory authority.
If you are a recipient of email sent through Emailingo by one of our Customers and you wish to be removed from a list, the fastest path is the unsubscribe link in the message you received — that is honored automatically and immediately. For broader requests (access, deletion, correction) the Customer that sent the message is the data controller and the most direct route. You can also contact us at privacy@emailingo.com and we will route the request to the relevant Customer.
Children
The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal data from children.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced inside the app and via email to account owners. The "Last updated" date at the top of this page reflects the latest revision.
Contact
Tiny Electrons LLC (Emailingo)
Privacy inquiries: privacy@emailingo.com
General contact: hello@emailingo.com
Effective Date: 2026-05-01