Legal

Privacy Policy

Effective May 16, 2026

What we collect

To provide the Mailgrid service we collect the minimum necessary data:

• Account data — your email, name, company, and API key hashes.
• Email metadata — sender, recipient, subject, message id, send time, lifecycle events (sent / delivered / bounced / opened / clicked / complained / unsubscribed).
• Message content — stored encrypted in R2 for 30 days for replay/audit, then purged.
• Operational logs — request ids, response codes, latency. Retained 14 days.
• Billing data — handled by our payment processor; we don't store card numbers.

What we don't collect

• We do not sell, rent, or share customer or recipient data with third parties.
• We do not scan message contents for advertising or model training.
• We do not use third-party analytics scripts on this website.

Sub-processors

We rely on these vetted sub-processors:

• Cloudflare — compute, storage, CDN, DDoS protection
• Amazon Web Services (SES) — outbound mail delivery
• Stripe — payments (Enterprise plans)

Data retention

• Email metadata + event log: 12 months by default (configurable).
• Raw message archive (R2): 30 days.
• Suppression lists: kept indefinitely for deliverability.
• Account data: until you delete the account, then 30 days for backup integrity.

Your rights (GDPR / CCPA)

You can request access, correction, or deletion of your data at privacy@mailgrid.space. We respond within 30 days.

Security

TLS 1.3 in transit. AES-256 at rest (Cloudflare). HMAC-signed API keys. Per-tenant rate limits. Audit log of every admin action.

Contact

Questions? privacy@mailgrid.space