EmailSonic [ RETURN TO ROOT ]

Legal Document // v2.4.0

Privacy
Policy

Last updated: January 1, 2026 // SYSTEM_ID: ESM-LEGAL-002

01 // Overview

EmailSonic Corp ("we", "us", or "our") operates the EmailSonic platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data with transparency.

02 // Data We Collect

We collect the following categories of data to operate and improve the Service:

Data Type Examples Purpose
Account Data Name, email, password hash Authentication, account management
Usage Data Feature interactions, session logs Product improvement, analytics
Campaign Data Prospect lists, email templates Service delivery
Telemetry Data Open rates, reply rates, deliverability metrics Engine optimization
Billing Data Payment method (tokenized), invoices Subscription management
Technical Data IP address, browser type, device info Security, fraud prevention

03 // How We Use Your Data

  • Provide, operate, and maintain the Service
  • Process transactions and send related information
  • Improve, personalize, and expand the Service
  • Understand and analyze usage patterns
  • Detect, prevent, and address technical issues and fraud
  • Send operational communications (system alerts, security notices)
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your campaign data or prospect lists to train any AI models.

04 // Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination:

  • Account data is deleted within 30 days
  • Campaign and telemetry data is deleted within 90 days
  • Billing records are retained for 7 years as required by law
  • Anonymized aggregate analytics may be retained indefinitely

05 // Data Security

We implement industry-standard security measures to protect your data:

  • AES-256 encryption for data at rest
  • TLS 1.3 for all data in transit
  • SOC 2 Type II compliant infrastructure
  • Regular third-party penetration testing
  • Zero-knowledge architecture for campaign data
  • Multi-factor authentication for all internal access

06 // Third-Party Services

We use the following categories of third-party processors to operate the Service. Each is bound by data processing agreements consistent with this Policy:

  • Cloud infrastructure providers (compute and storage)
  • Payment processors (billing and invoicing)
  • Analytics platforms (anonymized usage data only)
  • Security and fraud detection services

07 // Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Portability — receive your data in a machine-readable format
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, use our contact form. We will respond within 30 days.

08 // Cookies

We use essential cookies only — those strictly necessary for the Service to function. We do not use tracking, advertising, or third-party analytics cookies. You can disable cookies in your browser settings, though this may affect Service functionality.

09 // Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of the Service after updates constitutes acceptance of the revised Policy.

10 // Contact

For privacy-related inquiries:
Contact Form
EmailSonic Corp // Data Protection Office // SYSTEM_ID: ESM-994