# Privacy Policy

Last modified: March 8th, 2024

The company EmailJS is delighted that you have visited our website and that you are interested in our company and products. We respect your privacy and take the protection of your personal data seriously. We, therefore, rely on your trustworthy cooperation when you visit our websites.

Compliance with the statutory provisions on privacy and data security is obvious to us. Our employees and agents are obligated to comply with the legal requirements of the provisions under data protection law.

By using the emailjs.com website and making use of EmailJS (the "Service"), you understand that your data in relation to your use of our Service is processed according to the following Privacy Policy.

The Services are offered by EmailJS Pte. Ltd. (the "Company" or "We").

This Privacy Policy explains what information we collect through your access and use of our Services. The use we make of such information, and the security level we provide for protecting such information. This Privacy Policy is to be read and understood as being a complement to our Terms and Conditions.

Any email address and personal name provided to us is considered personal data as defined and protected by the Data Processing Agreement (DPA).

Such data will only be used to contact you with important notifications about the Services, to send you information related to security, to send you an invitation link to create your EmailJS account, to verify your EmailJS account, or to send you password recovery links.

# Data Collection

Our overriding policy is to collect as little user information as possible to ensure a completely private and anonymous user experience when using the Service. We have no technical means to access the content of your information, emails, and files.

Data collection is limited to the following:

  • Visiting our website: We employ Google Analytics tools.
  • Account creation: It is necessary to provide personal information in order to create an account. We do associate the email address with your account (for password recovery, or notifications). The legal basis for processing is consent.
  • Account activity: We store data of requests (that are coming from your website or app to EmailJS). This activity can be deactivated in the Settings tab of the Emails Template.
  • Metadata: We store metadata of requests (that are coming from your website or app to EmailJS). This data can be found in the Events page of the EmailJS dashboard.
  • Email request generating activity: The Service needs to be able to access the account data for each request that is sent to the Service. It is required for email request processing that is sent to your Email Service.
  • Communicating with EmailJS: Your communications with the Company, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of the EmailJS service.
  • IP Logging: By default, we do not keep permanent IP logs in relation with your use of the Services. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (spamming, DDoS attacks against our infrastructure, brute force attacks, etc). The legal basis of this processing is our legitimate interest to protect our Services against nefarious activities.
  • Payment Information: We rely on third parties to process payments. We redirect you to their platform, and you provide your payment information to them. Therefore, we do NOT store your payment information. However, we do store payment confirmations. The legal basis of this is the necessity to the execution of the contract between you and us.

# Cookies

Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

Cookies are used by us to authorize and authenticate Users. These cookies are necessary for the EmailJS dashboard.

# Data Retention

When an EmailJS account is deleted, data is immediately deleted from production servers. Active accounts will have data retained for 30 days. Deleted emails history, files, templates, and email services are permanently deleted from production servers.

# Data Use

We do not have any advertising on our site. Any data that we do have will never be shared except under the circumstances described below in the Data Disclosure Section. We do NOT do any analysis on the private data we do possess.

# Data Storage

All servers used in connection with the provisioning of the Services are located in the USA and operated by Amazon Web Services (AWS). Only employees of Amazon have physical or other access to the servers. Data is always stored in an encrypted format on their servers.

# Users-of-users’ personal information

If you are a visitor, user or customer of any of our Users, please read the following: EmailJS has no direct relationship with Users-of-Users whose Personal Information it processes. If you are a visitor, user or customer of any of our Users, and would like to make any requests or queries regarding your Personal Information, please contact such User(s) directly. For example, if you wish to request access, correct, amend, or delete inaccurate Personal Information processed by EmailJS on behalf of its Users, please direct your query to the relevant User (who is the "Controller" of such data). If EmailJS is requested by our Users to remove any Users-of-Users' Personal Information, we will respond to such requests in a timely manner upon verification and in accordance with applicable law (for example, thirty (30) days under the GDPR or nFADP).

If you are the EmailJS User, you are responsible for the security, integrity and authorized usage of Personal Information about Users-of-Users', and for obtaining consents, permissions and providing any required data subject rights and fair processing notices required for the collection and usage of such Personal Information.

# Data Transfer

When you use our service, personal information of you and your end-users processed by EmailJS may be transferred to the United States (AWS), where our primary processing facilities are located.

Transfer of EU Personal Data: If you are located in Europe, when we transfer your Personal Information to the United States, we will make sure that there is a level of protection deemed adequate by the European Commission or that the relevant Standard Contractual Clauses are in place.

# Third-Party Networks

Your network traffic goes through third-party networks which we do not control. This could enable a third party to record your IP address or see that you are using EmailJS (the same information that your Internet Service Provider is able to see). These third parties cannot see your private data, which remains encrypted.

# Data Subprocessors

To provide the Services, we rely on different data subprocessors, which process different categories of data:

SUBPROCESSOR PURPOSE OF PROCESSING LOCATION
Zendesk, Inc. Provide services in relation to the processing of customer support data The United States
Amazon Web Services, Inc. Infrastructure provider. Provides hosting services and storage The United States
Redis, Ltd. Infrastructure provider. Provides temporary data storage service The United States
Sentry, Inc. Provides error monitoring service The United States
Coralogix, Ltd. Provides logs monitoring service The United States

Processors never store data outside of the scope of their specific purpose.

In no case do we sell, share or rent out your contacts to third parties, nor use them for any purpose other than those set forth in this policy.

# Data Disclosure

We will only disclose the limited user data we possess if we are instructed to do so by a fully binding request coming from the competent Singapore authorities (legal obligation). While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person, and provide a formal response.

We may, from time to time, contest requests if there is a public interest in doing so. In such situations, the Company will not comply with the request until all legal or other remedies have been exhausted. We are also permitted under GDPR, nFADP and Singapore law to disclose data for the purposes of defending against attacks. The legal basis for this is our legitimate interest in protecting our Service and Company against attacks.

# Right to Access, Rectification, Erasure, Portability, and right to lodge a complaint

EmailJS believes that it is imperative that all EmailJS users have control over their Personal Information. Therefore, depending on the way you use the EmailJS Service, you may have the right to request access to, receive a copy of, update, amend or delete, port certain Personal Information to another service, restrict, or object to certain uses of your Personal Information. Further, when we rely on your consent for the processing of your Personal Information you can withdraw your consent at any time, and such withdrawal will take effect from thereon.

EmailJS will not charge you more if you exercise any of these rights and will continue to provide you with the same level of service.

If you are an EmailJS User, you can access and correct a lot of your Personal Information directly through your account.

Before fulfilling your request, we may ask you for additional information in order to confirm your identity and for security purposes. We reserve the right to charge a fee where permitted by law (e.g. if your request is unfounded or excessive).

You have the right to file a complaint with your local supervisory authority for data protection (but we still recommend that you contact us first).

If you are an EmailJS User, and you wish to receive a copy, access and/or request us to make corrections to the Personal Information that you have stored with us (either yours or your Users-of-Users'), please contact us through a "Support" form. We will make reasonable efforts to honor your request promptly (unless we require further information from you in order to fulfill your request), subject to legal and other permissible considerations.

Please note that permanently deleting your EmailJS account erases all of your Personal Information from EmailJS' databases. After completing this process, you can no longer use our Service, your account and all its data will be removed permanently, and EmailJS will not be able to restore your account or retrieve your data in the future. If you contact our support channels in the future, the system will not recognize your account and support agents will not be able to locate the deleted account.

In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.

# Right of Objection

If you no longer want your personal data to be actively used for the internal purposes of EmailJS, in accordance with Section 21 of the EU GDPR you are entitled to object at any time to such use and processing. To do so, it is sufficient to contact us through the dashboard "Support" form.

# California Online Privacy Protection Act Compliance

If you are a California resident using the Services, the California Consumer Privacy Act ("CCPA") grants you the right to request access to and deletion of the Personal Information EmailJS collects about you, as well as to request that we disclose how we collect, use, and share your Personal Information.

California users can exercise their CCPA rights directly or through an authorized agent by signing in to their registered EmailJS account.

If you cannot access your EmailJS account or if you wish to exercise your CCPA rights through an authorized agent operating on your behalf, you, or your authorized agent (as applicable) may send a request through the "Support" form on the EmailJS dashboard. To process your request, in order to protect Users' accounts and Personal Information, we may ask you or your authorized agent for the verifying information detailed above, which may vary according to the circumstances of your request. Authorized agents will also need to provide EmailJS with a copy of the consumer's signed authorization designating them as their agent.

# Children's Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Children's Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products, and services are all directed to people who are at least 16 years old or older.

# Modifications to Privacy Policy

We reserve the right to periodically review and change this policy from time to time. You are responsible for regularly reviewing the Privacy Policy. Continued use of the Service after such changes shall constitute your consent to such changes.