MailStrike logoMailStrike.ai
Home

Legal

Privacy Policy

How MailStrike collects, uses, and protects your data, and the rights you have over it.

Last updated 23 May 2026

1. Introduction

MailStrike (“we”, “us”, “our”) operates mailstrike.ai and provides email deliverability and warmup services (the “Service”). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights under applicable data protection laws including the EU General Data Protection Regulation (GDPR).

By using the Service, you agree to the practices described in this Policy. If you do not agree, do not use the Service.

2. Information we collect

Account information

When you sign up, we collect your name, email address, company name, and password. Passwords are stored as a one-way cryptographic hash and never in plain text.

Mailbox connection data

To provide email warmup, we connect to the mailboxes you choose to warm. For Google Workspace and Microsoft 365, we use OAuth and store the access and refresh tokens issued by your provider. For custom IMAP/SMTP connections, we store the server hostname, port, username, and an application password. We never ask for or store your main account password.

Email content (limited)

The Service sends warmup emails from your connected mailbox and reads warmup-specific replies in dedicated labels or folders. We do not read, store, index, or process your real business email outside of those warmup folders. Warmup email content (the AI-generated threads we produce and the engagement signals they generate) is stored for analysis, reporting, and quality improvement.

Warming activity and engagement data

Opens, replies, marks-as-important, link clicks, spam rescues, and other engagement signals produced during warming, alongside inbox placement metrics, reputation scores, and historical performance data series.

Usage of free tools

Our free tools (SPF/DKIM/DMARC generators, Email Auth Checker, Blacklist Checker, Email Template Analyser, Email Signature Builder) accept input from you, such as domain names, DNS record content, template text, and signature details. We store the input you submit, along with a timestamp, to operate the tools and to improve them.

Demo and contact form submissions

When you complete the Book a Call form or contact us, we collect your name, email address, company, and any notes or context you provide.

Technical data

IP address, browser type and version, device type, referrer URL, and page interactions, for security, debugging, abuse prevention, and analytics purposes.

3. How we use your information

We use personal data to:

  • Provide, maintain, and improve the Service.
  • Send warmup emails on your behalf and process the engagement signals they generate.
  • Compute and surface reputation scoring, inbox placement metrics, and reporting.
  • Bill your account and process payment through our payment processors.
  • Respond to support requests, demo bookings, and other inbound messages.
  • Send service announcements, security notifications, billing notices, and feature updates.
  • Detect, prevent, and address fraud, abuse, and other security issues.
  • Comply with our legal and regulatory obligations.

4. How we share your information

We do not sell your personal data.

We share personal data with:

  • Service providers and sub-processors. Hosting (Vercel), data storage, transactional email delivery, payment processing (Stripe), analytics, and customer support tooling. Each operates under contractual data protection terms.
  • Mailbox providers. When you connect a Google Workspace or Microsoft 365 mailbox, we exchange OAuth tokens with Google or Microsoft as required to perform warming actions.
  • Other warming participants. Our network operates by exchanging warming emails between participating mailboxes. The metadata of these exchanges (sender domain, subject, timestamp) is visible to receiving mailboxes by design, since that is how engagement signals propagate.
  • Legal authorities. Where required by law, court order, or to protect our rights, users, or the public.

We do not share your mailbox content, your real campaign content, your contact lists, or your business email with anyone outside MailStrike.

5. Cookies and tracking

We use a small number of cookies to understand how visitors use the Service. We do not use cookies for advertising or cross-site tracking. Analytics cookies are only set if you accept them via the consent banner displayed on your first visit.

Cookies we set:

  • _ga — set by Google Analytics 4 to distinguish unique visitors. Expires after 2 years.
  • _ga_BJVQ4V952F — set by Google Analytics 4 to persist session state for our measurement property. Expires after 2 years.

Third-party analytics provider: Google Analytics 4 (operated by Google LLC). The data collected includes pages viewed, approximate location derived from IP address (truncated by Google), device type, and referrer. We have enabled IP anonymisation and do not share analytics data with Google advertising products.

Your control: Analytics cookies are opt-in. On your first visit, the consent banner asks whether you accept analytics cookies. Until you accept, no analytics cookies are set. You can change your choice at any time by clearing your browser's storage for mailstrike.ai (this will re-trigger the banner) or by using your browser's “Do Not Track” or analytics opt-out features.

We do not currently use any other cookies. Authentication and session cookies will be introduced when the customer dashboard launches; this Policy will be updated with those details before that happens.

6. Data retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete or anonymise your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as financial records).

OAuth tokens and mailbox credentials are deleted when you disconnect a mailbox or close your account.

7. Data security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit (TLS 1.2 or higher) and at rest.
  • Secret management for credentials and OAuth tokens.
  • Access controls based on the principle of least privilege.
  • Regular security review of our infrastructure and dependencies.
  • Incident response procedures.

No system is fully secure. In the event of a breach affecting your personal data, we will notify you and any applicable regulators in accordance with applicable law.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data, subject to legal retention obligations.
  • Restrict or object to processing of your data.
  • Data portability: receive your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@mailstrike.ai. We will respond within 30 days.

9. International transfers

MailStrike is operated from servers in the European Union and the United States. By using the Service, you consent to your data being transferred to and processed in these jurisdictions. Where personal data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses or other lawful transfer mechanisms approved by the European Commission.

10. Children's privacy

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@mailstrike.ai and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated by email or via a notice on the Service before they take effect.

12. Contact us

Questions about this Policy or our data practices? Contact our privacy team at privacy@mailstrike.ai.