Privacy Policy

Last updated: October 7, 2021

We believe the right to privacy is a human right. When using Mailflow, you should know that we do whatever we can to protect that right.

On this page, you'll get an overview of what types of information we collect, for what purpose, and how we keep it safe.

This Privacy Policy applies to information that we collect about you when you use Mailflow.

We've tried to make this Privacy Policy easy to read for ordinary people. Please send us an email at privacy@getmailflow.com if you have any questions or if there is anything you find confusing.

The short version:

  • We never store any content from your emails, unless you actively choose to add it by using one of our features.
  • Your data in Mailflow is private and owned by you, and the people you choose to share it with.
  • We don't sell your data to third parties.
  • Our company is based in Norway and is obliged by law to be GDPR compliant.
  • We follow the Privacy by Design framework. This means that we don't gather any more data than we need, to provide you with the promised functionality.

Who we are

Mailflow is made by No Hands Technologies AS, which is a Norwegian registered company (NO 925251925). We create products that make online collaboration feel effortless and natural. Our headquarters are based in Oslo, Norway.

Processing and storing of data

We never store any content of your emails unless you actively choose to add it by using one of our features.

What we store and why:

Basic account information

When you create an account, we ask for your name, company name, email address, and your Google ID. This info is also used for account purposes and secure login.

Payment information

When you upgrade to a paid plan, we need your payment information like name, credit card info, and billing details to process payments of your Mailflow subscription.

Financial transactions

Whenever you pay a bill from us, we need to keep a record of that transaction. We are obliged by law to keep a record of this information for tax purposes, even if you delete your account.

Email data

When you use a Mailflow-feature on an email, we process and store only the necessary data that Mailflow needs to deliver the promised service. It can be data like subject, recipients, message body, or attachments from that email with the purpose of helping you stay organized or collaborating with others. We never store any email data unless it's for the benefit of your use.

Functional data related to emails you store in Mailflow

When you use one of our features inside an email, we must store the Thread ID, Message ID or Draft ID of that email so that you can access it through Mailflow.

Information you store in Mailflow

Any info you enter into Mailflow like notes, highlights, tasks, contact info, or project names is stored for your reference.

Localization info

We store country, timezone, and language when you create your account to provide you with correct timestamps and proper formatting of currencies or dates.

Log information

We store standard log information like browser type, IP address, unique device identifiers, language preference, the date and time of access, operating system, mobile network information. The purpose of storing this information is to help you in case you would ever experience a problem when using Mailflow. It's also used to detect fraudulent use of our service.

Usage information

The feature you used, and when you used it, is stored for three purposes. The first is to automate onboarding and coaching to help you get into Mailflow. The second is to help you in case you would ever lose any data. In that case, we could access this info with your approval to research what went wrong. Lastly, the usage information forms the basis of anonymized statistics for us to improve our service and offers.

Communication with us

Support emails, answers to surveys, or chat logs. Will be kept for as long as it makes sense.

When you have a Mailflow account, we may send you emails or reach out to you if you have provided us the means to do so. We may also receive a confirmation thanks to a tracking pixel when you open an email from us. This information helps us make our emails more relevant to you.

Sharing of information

We do not sell our users private information. The only time we'll ever share your information is:

  • To provide you with the promised service, with your permission.
  • If we must use subsidiaries or contractors acting on behalf in order to help us provide our service. If we do, we require them to follow this privacy policy.
  • At legal request from country, state or by court order.
  • To prevent, take action or investigate any illegal activities, suspected fraud, potential threats of harm to any persons, violations of our Terms of Service, or as otherwise required by law.
  • If Mailflow is acquired or merged with another company Mailflow, we'll notify you well before any information about you is transferred.

How long we keep information:

  • Your information is stored for as long as you have an account.
  • If you are on a paid plan and then downgrade, we may delete data related to the features you no longer pay for.
  • If you delete your account, your data will be deleted within 30 days.

How we protect your data

We're committed to protecting your data throughout Mailflow.

  • We use Google's OAuth sign-in to verify that you are you on login.
  • All data is encrypted via SSL/TLS when transmitted between our servers and your browser.
  • All personal information is stored and processed using Google Cloud, which is Google's own infrastructure.

Gmail API disclosure

Mailflow's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Subprocessors and storage of data

To provide our services, we use-third party subprocessors for uses such as cloud computing, analytics, and customer support software. We enter into a GDPR-compliant data processing agreement with each subprocessor.

Geographically, our data is stored on Google Cloud infrastructure located in Belgium. Billing details is stored in the USA.

Mailflow uses the following subprocessors:

  • Google - Cloud Infrastructure, Logging, Analytics, Database
  • Twilio Sendgrid - Notification emails
  • GoSquared - Analytics and User Guiding
  • Mailchimp - Sales and Marketing
  • Stripe - Billing & Payments
  • MongoDB Atlas - Data storage provider (Deprecated: Only applies to users of Mailflow Beta)

Changes to the privacy policy

Most changes are likely to be minor, but we may change our Privacy Policy from time to time. If we make any more significant changes, we'll email you well ahead, giving you the opportunity to out-out and transfer your data. If you continue to use our products or services after any change in this Privacy Policy, it will constitute your acceptance of such change.