Skip to content
EmailMate
Log inGet Started
Draft. This is a pre-launch draft. Update with legal counsel before production launch.

Privacy Policy

Last updated: 2026-04-14

Introduction

EmailMate (“we”, “us”) is an email infrastructure platform. This policy explains what personal data we collect, why we collect it, and what you can do about it. It applies to emailmate.dev and the EmailMate API/MCP services.

Data we collect

Account information

When you sign up we collect your email address, name, and (for paid plans) billing details handled by our payment processor. We never store raw payment card numbers.

Email metadata

For every email sent through EmailMate we record: sender, recipient, subject, message ID, timestamps, delivery status, bounce and complaint signals, and open/click events (when tracking is enabled).

Send logs & content

We temporarily retain rendered email content for debugging, webhook replay, and bounce forensics. See retention below.

Operational telemetry

We use PostHog for product analytics and Sentry for error tracking. We log API calls, MCP tool invocations, and authentication events for abuse prevention and support.

How we use your data

  • Delivering the service (sending email, rendering dashboards, running MCP tools).
  • Protecting deliverability (bounce/complaint handling, reputation monitoring).
  • Billing and fraud prevention.
  • Customer support and product improvement.
  • Legal compliance and responding to lawful requests.

We do not sell personal data. We do not train machine learning models on your emails.

Subprocessors

  • Amazon Web Services (AWS SES) — email delivery, us-east-1 by default.
  • Vercel — hosting, edge delivery, serverless functions.
  • Convex — primary application database and realtime layer.
  • Stripe — payment processing.
  • PostHog — product analytics.
  • Sentry — error tracking.

Data retention

  • Email send logs (metadata, events): 90 days.
  • Rendered email body content: 7 days, then purged.
  • Suppression list entries (bounces, complaints, unsubscribes): retained for the life of the account to protect deliverability.
  • Audit logs: 1 year.
  • Account records: until you close your account plus 30 days for billing reconciliation.

Data location

Primary infrastructure runs in US-East (Virginia). EU-region SES tenants are available on request. Convex and Vercel may replicate data across regions for availability.

Your rights (GDPR / CCPA)

  • Access — request a copy of your data.
  • Deletion — request account and data deletion.
  • Portability — export your send logs and contacts.
  • Correction — fix inaccurate data via the dashboard or support.
  • Objection — object to processing or withdraw consent.

DSAR contact

Send data subject access requests to privacy@emailmate.dev. We respond within 30 days.