Privacy Policy

We collect information you provide directly when creating an account: name, email address, organization name, and billing details. When you connect mailboxes, we collect IMAP/SMTP credentials (encrypted with AES-256-GCM at rest), OAuth tokens for Gmail and Outlook integrations, and basic mailbox metadata.

We automatically collect usage data including IP addresses, browser type, device information, pages visited, and feature usage patterns. Our backend logs API requests for security auditing and rate limiting purposes.

We do not read, store, or analyze the content of your personal emails. Warmup emails are generated by our AI engine and are clearly distinguishable from your regular correspondence.

We use your information to operate and improve the WarmupSleuth platform: executing email warmup campaigns, calculating sender reputation scores, generating AI-powered warmup emails, and providing deliverability analytics.

Your email and account data are used to send transactional notifications (welcome emails, password resets, warmup alerts, billing receipts) and, with your consent, product updates and tips.

We use aggregated, anonymized usage data to improve our warmup algorithms, optimize the warmup network matching system, and develop new features. This data cannot be traced back to individual users.

We do not sell, rent, or trade your personal data to third parties. Period.

We share data only with sub-processors essential to operating our service: cloud infrastructure providers for hosting and data storage, Stripe for payment processing and subscription management, and transactional email delivery services for platform notifications.

We may disclose information if required by law, to protect our legal rights, or to prevent fraud or security threats. In agency/white-label mode, organization administrators can access data for their sub-accounts as configured by their permissions.

Account data (profile, organization, mailbox configurations) is retained for as long as your account is active. Warmup email logs and daily statistics are retained for 12 months to provide historical analytics.

Upon account closure, we delete your personal data within 30 days. Encrypted email credentials are purged immediately upon mailbox disconnection. Anonymized, aggregated analytics data may be retained indefinitely for service improvement.

Backup data is retained for up to 90 days after deletion to allow for disaster recovery, after which it is permanently purged.

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction with similar data protection laws, you have the following rights under GDPR and applicable regulations:

Right to Access: Request a copy of all personal data we hold about you. Right to Rectification: Request correction of inaccurate or incomplete data. Right to Erasure: Request deletion of your personal data ("right to be forgotten"). Right to Data Portability: Receive your data in a structured, machine-readable format.

Right to Restrict Processing: Request that we limit how we use your data. Right to Object: Object to processing based on legitimate interests. Right to Withdraw Consent: Withdraw consent for optional data processing at any time. To exercise any of these rights, contact us at privacy@warmupsleuth.com. We respond to all requests within 30 days.

We use essential cookies only by default. These are strictly necessary for authentication, session management, and security (CSRF protection). They cannot be disabled without breaking core functionality.

Analytics cookies are opt-in only. When you consent, we use privacy-respecting analytics to understand feature usage and improve the platform. We do not use third-party advertising cookies or tracking pixels.

You can manage cookie preferences at any time through your browser settings or our cookie consent banner. Disabling optional cookies will not affect your ability to use WarmupSleuth.

WarmupSleuth processes data on servers located in the European Union. When data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Our sub-processors (cloud hosting, Stripe, email delivery) maintain their own GDPR compliance programs and Data Processing Agreements (DPAs) with us. We regularly review their compliance status.

We take data security seriously. Email credentials are encrypted with AES-256-GCM. Passwords are hashed with Argon2id (memory_cost=32MB, time_cost=2). All API communication uses TLS 1.3 in production.

Additional measures include two-factor authentication (2FA/TOTP), JWT-based session management with RS256 signing, comprehensive audit logging, per-plan API rate limiting, and role-based access control with 50+ granular permissions.

WarmupSleuth is a business-to-business platform not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children.

If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@warmupsleuth.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email and display a prominent notice on the platform at least 14 days before the changes take effect.

Your continued use of WarmupSleuth after the effective date constitutes acceptance of the updated policy. We recommend reviewing this page periodically.