Data Collected and Stored by MailPoet
What data does our plugin collect?
The free and Premium MailPoet plugins do not collect any user data according to the WordPress Plugins Guidelines.
We do collect data if you opt-in to share your data in Settings > Advanced. Here you can see the detailed list of information we collect.
The following user feedback tools will collect some data if you interact with them:
- The contact form at the bottom right of all pages which will identify you;
- The question "Would you recommend this plugin to a friend?" will identify your website and email address;
- The sidebar announcement panel will log your IP but will not identify you;
- Videos guides will track views, but in a non identifiable way.
What data does our sending service collect?
If you have created an account with MailPoet to send emails or to purchase a plan, we collect the following data on our servers in Germany and Finland:
- Email address;
- Billing address.
We ask for consent during the account creation process with a checkbox. A link to this page is provided during this step.
If you send emails with MailPoet, we will keep the following:
- Logs of emails sent;
- Support enquiries by email.
Third-party services and their location
MailPoet relies on third-party services to maintain its own services.
- Linode, England;
- Hetzner, Germany (holds no identifiable data);
- PollDaddy, Ireland;
- SatisMeter, Czech Republic;
- TypeForm, Spain;
- Amazon S3, US (encrypted backups);
- GetBeamer, US;
- Helpscout, US;
- Stripe, US;
- Slack, US;
- MixPanel, US (users who opt-in to share their usage data with us);
- Google Analytics (US).
Length of data collection
MailPoet will keep identifiable data for an undetermined amount of time or until the user asks us to anonymize and/or delete his data.
Logged emails from users sending with our sending service will be automatically erased after 3 months.
Who has access to our data?
Data at MailPoet is not shared with or sold to any third party.
MailPoet staff and contractors have access to users data for the purpose of providing services.
No personal and/or identifiable data is stored on staff or contractor computers on a permanent basis. Contractors are requested to delete this data at the end of their mission.
Your data, your rights
- You can request a copy of their data which we will provide within 30 days;
- You can request your data to be anonymized which we will do within 30 days;
- While we will do everything we can to keep our service secure, in the event of a data breach or misuse, we will inform our users of what happened and what we have done to put it right within 30 days.
Data Processing Agreement
We can provide you with a signed DPA by email request (firstname.lastname@example.org).
You'll need to return a signed copy of this agreement if you would like to have a valid DPA contract with us.
If you have any questions about how to do that, please refer to this article on how to sign PDF documents.