MailBeast

Privacy Policy

Last updated: January 2026

1. Introduction

Mark-Digital, LLC (“MailBeast,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered email marketing platform, including our website, applications, and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and billing information. If you sign up via OAuth (Google or Microsoft), we receive basic profile data from those providers.

Email Account Credentials

To send emails on your behalf, we store SMTP and IMAP credentials for your connected email accounts. These credentials are encrypted at rest using AES-256 encryption and are never shared with third parties.

Campaign Data

We store your campaign content, lead lists, email sequences, and associated metadata. This includes recipient email addresses, names, and any custom fields you provide for personalization.

Usage and Analytics Data

We collect engagement metrics (opens, clicks, replies, bounces) to provide analytics and optimize your campaigns. We also collect service usage data such as feature interactions, session duration, device information, IP addresses, and browser type.

Payment Information

Payment details are processed by our payment processor, Stripe. We do not store complete credit card numbers on our servers. We retain transaction records for billing and accounting purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain the Service, including sending emails, managing campaigns, and processing replies
  • To power AI features such as reply classification, OOO detection, and content optimization
  • To provide analytics and performance reporting on your campaigns
  • To manage email warmup and deliverability optimization
  • To process payments and manage your subscription
  • To communicate with you about your account, updates, and support requests
  • To detect and prevent fraud, abuse, or violations of our Terms of Service
  • To improve our Service through aggregated, anonymized usage analysis
  • To comply with legal obligations

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases for processing your personal data:

  • Contractual Necessity: Processing necessary to perform our contract with you (providing the Service)
  • Legitimate Interests: Processing for our legitimate business interests, such as improving the Service, fraud prevention, and marketing (where these interests are not overridden by your rights)
  • Legal Compliance: Processing necessary to comply with applicable laws
  • Consent: Where you have given consent for specific processing activities

5. AI Processing

Our AI features process email content to classify replies, detect out-of-office messages, and optimize sending patterns. AI processing occurs on our secure servers and through our AI service providers.

  • We do not use your email content to train general-purpose AI models
  • AI-generated insights (classifications, confidence scores) are stored as part of your campaign data
  • Third-party AI providers (such as OpenAI) process data under data processing agreements that prohibit use for model training

6. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Infrastructure hosts (AWS), payment processors (Stripe), and email delivery partners necessary to operate the Service
  • AI Providers: We use OpenAI for certain AI features. Data sent to AI providers is subject to their data processing agreements and is not used for model training
  • Analytics Partners: We may use analytics services to understand Service usage
  • Legal Requirements: When required by law, subpoena, court order, or to protect our rights, property, or safety
  • Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets, where your information may be transferred to the successor entity

7. International Data Transfers

We are based in the United States, and your information may be transferred to and processed in the United States or other countries where our service providers are located. When we transfer personal data from the EEA, UK, or Switzerland, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs).

For more details on our data processing practices as a processor, see our Data Processing Addendum.

8. Data Security

We implement industry-standard security measures including:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Role-based access controls and multi-factor authentication
  • Regular security audits and vulnerability assessments
  • Isolated data environments per organization
  • SMTP credentials stored with additional encryption layers
  • Continuous monitoring and intrusion detection

9. Data Retention

We retain your data according to the following schedule:

  • Account Data: Retained while your account is active and for 30 days after deletion request
  • Campaign Analytics: Retained for 24 months after campaign completion
  • Payment Records: Retained as required by tax and accounting laws (typically 7 years)
  • Support Communications: Retained for 3 years after resolution

Upon account deletion, we remove your personal data within 30 days, except where retention is required by law. You may request earlier deletion by contacting support.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Restriction: Request that we limit processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
  • Lodge Complaints: File a complaint with a supervisory authority

To exercise these rights, contact us via MailBeast Support Chat. We will respond within the timeframes required by applicable law.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the “sale” or “sharing” of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Non-Discrimination: You will not be discriminated against for exercising your rights

We do not sell personal information as defined by the CCPA. To exercise your rights, contact us via MailBeast Support Chat.

12. Cookies and Tracking Technologies

We use cookies and similar technologies for authentication, preferences, analytics, and marketing. For detailed information about our cookie practices and your choices, see our Cookie Policy.

Email Tracking: Our tracking pixels in emails are used solely to measure campaign performance for our customers (open rates, click rates). This data is provided to our customers as campaign analytics.

Do Not Track: Our Service does not currently respond to Do Not Track browser signals, as there is no industry-standard interpretation of such signals.

13. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

14. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before the changes take effect. The “Last updated” date at the top of this policy indicates when it was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us via MailBeast Support Chat.

For data protection inquiries related to our processing as a data processor, please refer to our Data Processing Addendum.

Send Smarter. Land in Inboxes.
Close More Deals.
MailBeast
AI-powered email marketing platform for cold outreach at scale.
Product
CampaignsAI Sending ModeInboxHubSMTP ManagementAnalyticsPricing
Resources
BlogPricing
Use Cases
Lead Generation AgenciesB2B Sales TeamsStartups
Legal
Privacy PolicyTerms of ServiceCookie PolicyFair Use PolicyDPA
2026 MailBeast. All rights reserved.