Privacy Policy

Privacy Policy

Effective Date: October 30, 2025 | Version: 1.0

At EMail Parrot™, we are committed to protecting your privacy and handling your data with the utmost care. As a US-based email relay service (not a full email provider), we design our operations to minimize data collection and maximize security, aligning with principles of data minimization and transparency. This Privacy Policy explains how we collect, use, share, retain, and protect information when you use our Service, website, or contact us.

We process data in compliance with applicable laws, including the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR) for EU users, and CAN-SPAM Act. As a small startup, we leverage AWS for secure hosting but have not yet pursued formal certifications like SOC 2—our practices emphasize no unnecessary collection or access.

By using EMail Parrot™, you consent to the practices described here. If you have questions, contact us at privacy@emparrot.com.

Information We Collect

We collect only the minimal information necessary to provide and operate the Service. We do not collect sensitive personal data (e.g., health, financial details beyond payments) or track user behavior for marketing.

From Service Use

  • Account and List Data: Admin-entered email addresses for Members (no names, profiles, or other PII unless provided). No personal information about individuals beyond what’s needed for relay.
  • Email Content and Metadata: Temporary during processing (e.g., sender/recipient addresses, timestamps). We do not store emails long-term and cannot access encrypted content.
  • System Logs: IP addresses, device info, and usage metrics for diagnostics and security (anonymized where possible).

From Payments

  • Processed exclusively via Stripe; we do not store card details, transaction history, or access payment data. See Stripe’s Privacy Policy for their practices.

From Website Interactions

  • Contact Form: See dedicated section below.
  • Analytics: None—no cookies, tracking pixels, or third-party tools (e.g., Google Analytics) on our site.

We do not collect data from children under 13 (see Children’s Privacy below).

How We Use Your Information

Your data is used solely for:

  • Operating the Service: Relaying emails, managing lists, handling bounces/complaints.
  • Support and Security: Responding to inquiries, detecting abuse (e.g., spam during trials).
  • Legal Compliance: Retaining logs for required periods.
  • Billing: Via Stripe for subscriptions/overages.

We do not use data for advertising, profiling, personalization, or any non-essential purposes.

Sharing Your Information

EMail Parrot™ does not sell, rent, or share your data with third parties for marketing. Disclosures occur only in limited cases:

  • Service Providers: To trusted partners under strict contracts, e.g., AWS (hosting/security) or Stripe (payments). They cannot use data for their own purposes.
  • Legal Requirements: As required by valid US legal process (e.g., court order, subpoena). We respond only to official requests, challenge overbroad ones where possible, and commit to publishing an annual transparency report on our website detailing request volumes (without specifics to protect users).
  • Business Transfers: In the event of merger/acquisition, with notice to users.

No sharing with advertisers, data brokers, or government entities beyond legal mandates.

Data Retention and Deletion

We retain data only as long as necessary:

  • Emails: Processed temporarily; default storage 30 days (configurable to immediate deletion by Admin). Older emails are unilaterally deleted.
  • Member Lists: Deleted immediately upon list termination; residuals in logs age out after 30 days.
  • Logs: 30 days for diagnostics/security.
  • Contact Form Data: As needed to resolve inquiries (then deleted unless requested otherwise).

Upon account cancellation or request, data is securely purged. Backups are encrypted and follow the same timelines.

Security and Encryption

Protecting your data is a priority. While no system is 100% secure, we implement reasonable measures:

  • In-Transit: TLS encryption for all communications.
  • At-Rest: PII and logs encrypted on AWS servers (leveraging their physical and compliance standards).
  • Content Protection: Supports symmetric end-to-end encryption (E2EE) via shared keys—EMail Parrot™ cannot access, read, or screen email bodies, preserving privacy but relying on trusted senders (no built-in malware detection). Upcoming: Hybrid model combining E2EE for bodies with gateway re-encryption for optional screening.
  • Access Controls: 2FA for admin accounts; role-based permissions. We recommend user-side encryption and secure devices.
  • Incident Response: In case of breach, we notify affected users and authorities as required by law.

As a relay, we strip unnecessary headers (e.g., personal info) from outgoing emails but cannot control body content visibility in groups.

Your Privacy Rights

Under laws like CCPA and GDPR, you (or your authorized agents) have rights regarding your data. These apply to California residents and EU/UK users; others may request similar where feasible.

  • Access: Request details on what data we hold (e.g., Member lists).
  • Correction: Update inaccurate information.
  • Deletion: Request removal (e.g., lists deleted immediately; contact for others). “Right to be forgotten” honored where applicable.
  • Portability: Export data in a structured format (e.g., CSV for lists).
  • Opt-Out/Objection: Limit processing (e.g., no sharing); withdraw consent.
  • Non-Discrimination: No penalties for exercising rights.

To exercise: Email privacy@emparrot.com with verification (e.g., admin credentials). We respond within 45 days (extendable to 90 for complex requests). No fee unless requests are excessive/repetitive. For sales (none occur), opt-out via CCPA mechanisms.

Contact Form Data Collection and Use

1. Purpose of Collection

Our contact form allows you to send us messages, which may include your name, email address and message content. We collect this information to respond to your inquiries, provide support or address your feedback. If inclusion in our EMail Parrot™ discussion list is requested, your email address and first name will be added to the list. Only your first name and last initial will be used to form your user name inside the discussion group.

2. Data Collected

When you submit the contact form, we may collect:

  • Your name (optional)
  • Your email address (required)
  • Your message (required)
  • Any additional information you choose to provide

3. Use of Data

We use the information you provide solely to respond to your inquiry or provide the requested support. We do not use this data for marketing purposes.

4. Data Storage and Retention

We retain contact form submissions only for as long as necessary to respond to your inquiry or your inclusion on the discussion email list. After this period, your data is deleted unless required by law or you request otherwise.

5. Data Security

We use industry-standard security measures to protect your data during transmission to us. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Inclusion in the EMail Parrot™ discussion group implies that you can send emails to the group. EMail Parrot™ strips personal information from email headers, we don’t restrict what information can be shared in the body of the email. Transmitting personal information in the body of an email, such as email address, name, or phone number will be visible to other group members.

6. User Rights

Under applicable data privacy laws (e.g., GDPR, CCPA), you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict our processing of your data
  • Withdraw consent (if applicable) To exercise these rights, contact us at info@emparrot.com

By submitting the contact form, you consent to the collection and use of your data as described in this section and our Privacy Policy. You may withdraw consent by contacting us, but this will not affect data already processed.

8. Compliance with Laws

We comply with applicable data privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). You agree to use the contact form in a manner consistent with these laws.

9. Updates to This Policy

We may update these terms to reflect changes in our practices or legal requirements. Updates will be posted on this page, and the effective date will be noted at the top of the Terms and Conditions.

Children’s Privacy

EMail Parrot™ is not intended for children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from minors. If we learn of such collection, we delete it promptly. Parents/guardians: Contact us to review/delete child’s data.

International Users

As a US service, data is processed in the US (AWS). EU/UK users: We adhere to GDPR via standard contractual clauses for transfers. By using the Service, you consent to US processing.

Changes to This Privacy Policy

We may update this Policy to reflect legal, operational, or Service changes. We will notify you via email or site posting at least 30 days in advance (except for legal mandates). Continued use after changes constitutes acceptance. Check the effective date above.

Contact Us

For privacy questions, rights requests, or concerns:

We aim to respond within 48 hours. For complaints, you may contact supervisory authorities (e.g., under GDPR).

This Policy incorporates our Terms & Conditions by reference. Last reviewed: October 30, 2025.