Privacy Policy

Last updated: March 19, 2026

EmailQo operates the EmailQo platform at emailqo.com. This Privacy Policy explains how we collect, use, and protect your information when you use our service. By using EmailQo, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

•Account information: When you sign up, we collect your first name, last name, work email address, company name, job title, and company size.

•Usage data: We collect information about how you use the platform, including campaigns created, emails sent, and features accessed.

•Email credentials: When you connect an email account (SMTP or AWS SES), we store your configuration details. SMTP passwords are encrypted at rest.

•Contact data: We store the prospect lists and contact information you upload to the platform. This data belongs to you.

•Payment information: Payment processing is handled by Dodo Payments. We do not store your credit card details.

•Log data: We collect server logs including IP addresses, browser type, pages visited, and timestamps for security and debugging purposes.

2. Legal Basis for Processing (GDPR)

•We process your personal data on the following legal bases under GDPR Article 6:

•Contract: Processing your account information and email credentials is necessary to provide the service you have contracted with us.

•Legitimate interests: We process usage data and logs to maintain security, prevent abuse, and improve the platform. Our legitimate interests do not override your rights.

•Legal obligation: We may process and retain certain data to comply with applicable laws including tax and financial regulations.

•Consent: Where we send non-transactional communications such as product updates, we do so on the basis of your consent, which you may withdraw at any time.

3. How We Use Your Information

•To provide, operate, and maintain the EmailQo platform.

•To send transactional emails such as email verification, password reset, and billing notifications.

•To send product updates, feature announcements, and important service communications.

•To monitor and analyse usage to improve the platform.

•To detect, prevent, and address technical issues and abuse.

•To comply with legal obligations.

4. Your Contact Data

•The prospect lists and contact data you upload remain your property at all times.

•We do not sell, share, or use your contact data for any purpose other than operating the platform on your behalf.

•You can delete your contact lists and data at any time from within the platform.

•Upon account deletion, all your contact data is permanently deleted within 30 days.

5. International Data Transfers

•EmailQo is operated from India. Your data is stored and processed on servers located in the United States via Supabase, Vercel, and Amazon Web Services.

•By using EmailQo, you consent to the transfer of your data to the United States and other jurisdictions that may have different data protection laws than your country.

•For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) as the legal mechanism for transferring personal data outside the EEA.

•For users in the United Kingdom, transfers are made in accordance with the UK GDPR and applicable transfer mechanisms.

6. Sub-Processors

•We use the following third-party sub-processors to deliver the service. Each has been selected for their security and compliance standards:

•Supabase (United States): Database storage and user authentication.

•Amazon Web Services (United States): Email sending via SES, webhook delivery via SNS, and general infrastructure.

•Vercel (United States): Application hosting and content delivery.

•Dodo Payments: Payment processing and subscription billing.

•Anthropic (United States): AI-powered features including campaign scoring and reply classification. Only content you explicitly submit for analysis is sent to this service.

•We do not sell your data to any third party. Sub-processors are contractually bound to process your data only as instructed by us.

7. Data Storage and Security

•Your data is stored on Supabase infrastructure with encryption at rest and in transit.

•SMTP passwords are encrypted before storage and are never transmitted in plain text after initial setup.

•We use industry-standard SSL/TLS encryption for all data in transit.

•Access to production data is restricted to authorised personnel only.

•Despite our best efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Data Breach Notification

•In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and within 72 hours of becoming aware of the breach, where feasible.

•Notification will be provided by email to the address associated with your account.

•The notification will include the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.

•We will also notify the relevant supervisory authority where required by applicable law.

9. Cookies

•We use cookies solely for authentication and session management.

•We do not use tracking cookies or advertising cookies.

•You can disable cookies in your browser settings, but this may affect your ability to log in.

10. Your Rights

•Access: You can request a copy of all personal data we hold about you.

•Correction: You can update your profile information at any time from account settings.

•Deletion: You can delete your account and all associated data at any time. Email hello@emailqo.com to request account deletion.

•Portability: You can export your contact lists and campaign data from within the platform.

•Objection: You can opt out of non-transactional communications at any time by emailing hello@emailqo.com.

•Restriction: You may request that we restrict processing of your data in certain circumstances.

•Withdrawal of consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

11. CCPA Rights (California Users)

•If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

•Right to know: You may request disclosure of the personal information we collect, use, disclose, and sell.

•Right to delete: You may request deletion of your personal information, subject to certain exceptions.

•Right to opt out: We do not sell personal information. You therefore do not need to opt out of any sale.

•Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

•To exercise your rights, contact us at hello@emailqo.com. We will respond within 45 days.

12. Data Retention

•We retain your account data for as long as your account is active.

•If you delete your account, your personal data is permanently deleted within 30 days.

•Billing records may be retained for up to 7 years for legal and tax compliance purposes.

•Server logs are retained for 90 days.

13. Children's Privacy

•EmailQo is a business tool and is not directed at anyone under the age of 18.

•We do not knowingly collect personal information from anyone under 18. If you believe we have done so, please contact us immediately at hello@emailqo.com and we will delete such information promptly.

14. Changes to This Policy

•We may update this Privacy Policy from time to time.

•We will notify you of significant changes by email and by posting a notice on the platform at least 14 days before the changes take effect.

•Your continued use of EmailQo after changes are posted constitutes acceptance of the updated policy.

15. Contact and Supervisory Authority

•For any questions about this Privacy Policy or your data, contact us at hello@emailqo.com.

•We will respond to all privacy-related requests within 5 business days.

•If you are in the EEA or UK and believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority.