Privacy Policy

Last updated: Oct 10, 2025

Key Privacy Commitments

  • We do not store uploaded attachments; they are deleted after every send attempt (success or failure), and any upload older than 24 hours is automatically purged.
  • We do not store any email content you compose, including the subject and body.
  • In Guest Mode, none of the data you enter is stored on our servers; it lives only in your browser’s local storage/cache.
  • In Logged‑in Mode, we only store the sender information and custom signatures you configure; these are strictly required to enable outbound email functionality.

0. How We Process Your Uploaded Files

Attachments you upload are handled transiently for sending. We receive them securely, use them only to attach to your email, and delete them immediately after each send attempt (success or failure).

We do not store uploaded attachments. Additionally, any file left in the uploads directory is automatically purged after 24 hours to protect your privacy.

These safeguards apply in both Guest Mode and Logged‑in Mode and are enforced by our system-level cleanup and in-app deletion logic.

We are CycleMail (hereinafter referred to as "Platform Operator," "we," or "our"). The present privacy policy applies to the Platform Operator's website and all affiliated websites operated by the Platform Operator that link to this policy (individually referred to as a "Service" or collectively as the "Services").

Within this document, we clearly identify ourselves, explain our approaches to collecting, using and disclosing your personal data, and detail how you can exercise your privacy rights. Our team is committed to answering any questions, suggestions, or complaints regarding data protection. Should you have any concerns, we encourage you to contact us using the information provided at the bottom of this page.

1. How We Process Your Personal Data

1.1 Information You Provide Directly

Throughout various sections of our Services, you may be asked to voluntarily provide personal data: for instance, we might request your name, email address, marketing preferences, subscription type, and brand when registering an account with us, subscribing to our marketing communications, and/or submitting inquiries or completing surveys. The specific data requested and the rationale behind the request will be clearly explained at the point of collection.

Additionally, we gather any messages you send to us. This information enables us to operate, maintain, and provide our services' features and functionality, to communicate with you, and to address any issues you raise about our Services.

Should you choose to withhold your personal data from us, you might find yourself unable to access or use certain features of our Services, or your experience using our Services may be less satisfactory.

1.2 Information We Receive From Third Parties

In certain scenarios, we may obtain information about you from third parties. As an example, if you access our Services through a third-party connection or login (e.g., through Facebook or Google), that third party might pass certain information about your use of their service to us. Such information could include your name, email address, and any other information you've permitted the third party to share with us. It's advisable to always review and, if necessary, adjust privacy settings on third-party services before linking or connecting them to our Services. You also have the option to unlink your third-party account from our Services by adjusting settings on the third-party service. Upon unlinking your third-party account, we will cease receiving information about you in connection with that service.

1.3 Information We Collect Through Your Use of Our Services

The technical infrastructure of our web server collects data transmitted by your Internet browser, including the requesting computer's IP address, time, request details, requested file (name and URL), message about whether the request was successful, browser and operating system identification data, and the website from which access was made (if access occurred via a link). For security purposes, server logs are stored for a maximum of 3 months. We do not store your email subject, body, or attachments; those exist only transiently for processing and are deleted as described above.

Should you choose to withhold your personal data from us, you might find yourself unable to access or use certain features of our Services, or your experience using our Services may be less satisfactory.

1.4 Cookies Information

During your use of our Services, our system deploys cookies—small text files containing alphanumeric character strings—to your device that uniquely identify your browser, facilitate faster logins, and enhance navigation through our services. These cookies may also transmit information about how you use our Services (e.g., pages viewed, links clicked, and other actions taken on the Services), and allow us or our business partners to track your usage patterns.

You maintain control over cookies and similar technologies through your web browser settings, which allow you to customize cookie preferences and refuse all cookies or indicate when a cookie is being sent. Be aware, however, that some Service features may not function properly if cookies are disabled.

As part of our analytics strategy, we use cookies provided by Google Analytics to collect limited data directly from you to better understand your use of our Services, including Google Analytics' demographics and interests reporting services. For more detailed information about how Google collects and uses this data, visit www.google.com/policies/privacy/partners/. Should you wish to opt out of all Google-supported analytics within the services, you can do so by visiting https://tools.google.com/dlpage/gaoptout.

2. Legal Basis for Processing Personal Data (GDPR Compliance)

For every instance of data collection, use, and disclosure of your personal data, we require a legal basis. The specific legal foundation depends on the nature of the data concerned and the context of processing. As a general rule, we typically only process your data when it's necessary to perform a contract with you, when it serves our legitimate interests, or when we have secured your consent. In certain instances, we may also have a legal obligation to process your data to comply with applicable regulations.

2.1 Data Processing Related to Contacting Us

Whenever you reach out to us (e.g., by email or phone), your submitted data is processed to carry out pre-contractual measures, fulfill our contractual obligations to you, or because such processing serves our legitimate business interests in providing responsive service.

2.2 General Data Processing in Our Business Relationship

In situations where your information is processed for business transactions and processing sales of our Services, such processing is conducted to carry out pre-contractual measures, fulfill our contractual obligations to you, or because it aligns with our legitimate business interests in maintaining effective commercial relationships.

2.3 Data Processing for Direct Marketing Purposes

In instances where we initiate contact to inform you about company news, offers, events, or to promote our services, your data is processed based either on your explicit consent or because such communication serves our legitimate interests in growing and sustaining our business.

2.4 Data Processing for Security Management, Data Analysis, and Service Improvement

The security of our systems requires us to process your data to ensure system integrity, technically manage the website, optimize service quality, and analyze usage patterns to improve our Services where such processing aligns with our legitimate business interests. It's important to note that we refrain from relying on this legal basis in situations where our legitimate interests are outweighed by your interest in protecting your personal data.

2.5 Data Processing to Comply with Legal Obligations

In accordance with various regulations, we may need to process your data when necessary to comply with our legal obligations, such as those related to tax filings, accounting procedures, and audit requirements mandated by law.

3. Never Share Your Personal Data

We do not share your personal data with anyone.

4. How We Transfer, Store, and Protect Your Data

The infrastructure supporting our services means your data will be stored and processed in countries where cloud service operators, their affiliates, or service providers maintain facilities.

As a consequence of our global operations, your data may be transferred to and processed in countries other than your own. It's important to understand that these countries may have different data protection laws, which in some cases may offer less protection than your home country.

To address these variations, we have implemented appropriate safeguards and security measures to ensure your data remains protected in accordance with this privacy policy and applicable data protection laws, regardless of where it is processed.

5. Your Rights Regarding Personal Data (GDPR & CCPA Compliance)

As a user of our services, you are entitled to the following rights:

  • Right to Access: You have the right to access your personal data and obtain a copy of it.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You can request restriction of processing of your personal data.
  • Right to Data Portability: You can request transfer of your personal data to another controller.
  • Right to Object: You can object to processing of your personal data based on legitimate interests.
  • Right to Withdraw Consent: You can withdraw your consent at any time where processing is based on consent.
  • Right to Know About Personal Information Sold or Disclosed (CCPA): You have the right to know what personal information is sold or disclosed and to whom.
  • Right to Say No to the Sale of Personal Information (CCPA): You have the right to opt-out of the sale of your personal information.

To exercise any of these rights, you can contact us using the information provided under the "How to Contact Us" section at the bottom of this page. We are committed to responding to all requests in accordance with applicable data protection laws and within reasonable timeframes.

Beyond data access rights, you retain the right to opt out of marketing communications at any time. This right can be exercised by simply clicking the "unsubscribe" or "opt-out" link in our marketing emails or by contacting us through the information provided under the "How to Contact Us" section.

As an additional protection, you have the right to file a complaint with a regulatory authority if you believe your data protection rights have been violated.

For transparency, we confirm that we don't engage in automated decision-making processes. Furthermore, if we need to process your personal data for purposes different from those for which we originally collected it, we will proactively inform you of this change and explain the new purpose.

6. How Long We Keep Your Personal Data

We retain personal data only as long as necessary to provide the Services or comply with legal obligations. Message content (subject and body) and attachments are not retained: attachments are deleted immediately after each send attempt and purged automatically if any upload exceeds 24 hours. In guest mode, none of the data you enter is stored server-side.

The duration of our data retention depends on our business needs. We retain personal data collected from you as long as we have an ongoing legitimate business requirement (e.g., to provide requested services or comply with applicable legal, tax, or accounting requirements).

Once the legitimate business need for your data expires, we take action to either delete or anonymize it. In cases where immediate deletion isn't possible (e.g., because your personal data is stored in backup archives), we implement security measures to store your personal data safely and isolate it from further processing until deletion becomes technically feasible. For legal compliance purposes, we may retain certain account information even after service termination to comply with our legal obligations (e.g., for accounting and audit purposes).

7. Changes to This Policy

To maintain accuracy and legal compliance, we may periodically update this policy to reflect our current practices and ensure adherence to applicable laws. With each revision, we'll update the "Last Updated" date at the top of this policy document. For significant changes affecting how we collect, use, store, and/or share your personal data, we commit to taking appropriate measures to notify you directly when possible. As a best practice, we recommend checking this page occasionally to stay informed of any policy modifications.

8. How to Contact Us

For matters concerning your personal data, the designated data controller responsible is CycleMail.

Should you have any questions, suggestions, or concerns regarding our use of your personal data or this privacy policy, we welcome your communication through the following channel: