Privacy Policy

Last updated: 2/3/2026

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, subscribe to our services, or contact us for support. We also collect information automatically through analytics and cookies.

  • Account information (email address, display name, password)
  • Profile customization (profile image, display name, profile color)
  • Payment information (processed securely through Stripe)
  • Email campaign reports and metrics you create or import
  • Third-party API credentials you provide (email marketing platform API keys, OpenAI API keys) - stored encrypted
  • Scheduled report preferences (email recipients, frequency, timing)
  • Usage data and analytics (e.g., page views, feature usage, device/browser info)
  • Communication preferences and feedback
  • AI chat history and interactions (when using AI Assistant feature)

Authentication and data storage are provided by Supabase. Payment processing is handled by Stripe. AI features use OpenAI's API with your provided API key. We may use analytics services to understand usage and improve our service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Connect to third-party email marketing platforms using your API credentials
  • Send scheduled email reports at your requested times
  • Enable AI-powered analysis of your email campaigns using OpenAI's API
  • Generate and export reports in various formats (PDF, Word, PowerPoint, etc.)
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and feedback
  • Monitor and analyze trends and usage to improve the platform

3. Information Sharing and Third-Party Services

We do not sell, trade, or otherwise transfer your personal information to third parties except as described in this policy:

  • With your consent or at your direction
  • To comply with legal obligations
  • To protect our rights and safety
  • With service providers who assist in our operations (Supabase for authentication and database, Stripe for payments)
  • With email marketing platforms you connect via API integrations (e.g., Mailchimp, Campaign Monitor, Klaviyo, etc.)
  • With OpenAI when you use the AI Assistant feature - your API key and chat messages are sent to OpenAI's servers

Important: When you connect third-party email marketing platforms or use the AI Assistant, data may be transmitted to those services. We recommend reviewing their privacy policies:

  • OpenAI Privacy Policy: https://openai.com/privacy
  • Supabase Privacy Policy: https://supabase.com/privacy
  • Stripe Privacy Policy: https://stripe.com/privacy

4. Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Encrypted storage of sensitive data including API keys
  • Secure authentication through Supabase
  • HTTPS encryption for all data transmission
  • Regular security audits and updates
  • Limited employee access to personal information

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. API Keys and Third-Party Integrations

Our service allows you to connect third-party email marketing platforms and AI services using your own API keys:

  • Email Marketing Platform APIs: You can connect platforms like Mailchimp, Klaviyo, Campaign Monitor, and 30+ others. Your API credentials are stored encrypted in our database and used only to fetch campaign data on your behalf.
  • OpenAI API: For the AI Assistant feature, you provide your own OpenAI API key. This key is stored encrypted and used to send your questions and campaign data to OpenAI for analysis.
  • Your Responsibility: You are responsible for the security of your API keys and for reviewing the privacy policies and terms of service of third-party platforms you connect.
  • Data Access: We only access data from third-party platforms that you explicitly authorize through API connections.

You can disconnect any third-party integration at any time from your Settings page. Disconnecting will remove the stored API credentials from our systems.

5A. Recipient-Level Data and Deep Dive Feature (GDPR Compliance)

Our Data Deep Dive feature (PRO plan) allows you to view recipient-level engagement data from your email campaigns, including:

  • Recipient email addresses
  • Delivery status (sent, delivered, bounced)
  • Engagement behavior (opened, clicked)
  • Timestamp of last activity
  • Individual link click data

Important Legal Information:

  • Data Controller Role: When you use this feature, YOU are the data controller and we act as a data processor. You are responsible for ensuring you have a lawful basis under GDPR/UK GDPR to process your recipients' personal data.
  • Your Legal Obligations: You must ensure you have appropriate consent or legitimate interest to collect, analyze, and process recipient engagement data. Your recipients should be informed through your own privacy policy that their email engagement may be tracked and analyzed.
  • Purpose Limitation: Recipient data should only be accessed for legitimate email marketing analysis purposes and campaign performance optimization.
  • Data Processing: We fetch recipient data from your connected email marketing platform (e.g., Mailchimp) in real-time and display it to you. We do not permanently store individual recipient engagement data in our database.
  • No Data Retention: Recipient-level data is retrieved on-demand from your email service provider and is not retained by Email Calculator after you close the Deep Dive modal.
  • Security: All recipient data transmission occurs over encrypted HTTPS connections.

⚠️ GDPR Compliance Notice: You must have a valid legal basis (consent, legitimate interest, contract, etc.) to process your email recipients' personal data under GDPR Article 6. Ensure your privacy policy discloses that recipient email engagement is tracked and analyzed. Email Calculator is not responsible for your compliance with data protection laws.

6. Scheduled Reports and Email Communications

If you use our Scheduled Reports feature (PRO plan), we will:

  • Store the email addresses you provide as recipients
  • Send automated email reports at your specified schedule (one-time or recurring)
  • Include your campaign report data in the emails we send
  • Process email delivery through our email service provider

Recipients of scheduled reports are governed by your relationship with them. We recommend only sending reports to individuals who have consented to receive them.

7. Your Rights

You have the right to:

  • Access your personal information and campaign data
  • Correct inaccurate information
  • Request deletion of your information and all associated data
  • Export your data in common formats (PDF, Word, PowerPoint, etc.)
  • Disconnect third-party API integrations at any time
  • Cancel or modify scheduled reports
  • Opt out of marketing communications
  • Delete your account and all associated data

To exercise these rights, please contact us at privacy@emailcalculator.com or manage your preferences in your account settings.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Specifically:

  • Account data is retained until you delete your account
  • Campaign reports and metrics are retained as long as you maintain them
  • API credentials are deleted when you disconnect integrations
  • AI chat history is stored in your Supabase database and can be cleared by you at any time using the "Clear" button in the AI chat interface
  • Payment records are retained as required by law and for accounting purposes

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. You can manage your cookie preferences at any time using our cookie consent banner.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this privacy policy, please contact us at:

Email: privacy@emailcalculator.com