Legal · PrivacyEffective May 3, 2026

    Privacy Policy

    What MailerMonk collects, why we collect it, who we share it with, and how you can exercise your rights over your data.

    Heads up — this is a starting template. MailerMonk is pre-launch and these terms have not been reviewed by a lawyer. Treat this as a good-faith summary of how we operate, not as a finalized legal agreement. We will publish a reviewed version before charging customers and notify users when we do.

    01Who we are

    MailerMonk is a deliverability monitoring service for B2B email senders. The service is operated by Afsan, an individual based in Bangladesh, as a sole proprietor. References to "we", "us", or "MailerMonk" in this policy refer to that operator.

    For any privacy or data-protection question, contact us at [email protected].

    02What data we collect

    We collect only what we need to operate the service:

    • Account information — your email address, name, password hash (we never store passwords in plaintext), and the OAuth identity returned by Google when you sign in with Google.
    • Domain configuration — the domains you add, DNS records we look up on your behalf (DMARC, SPF, DKIM, MX), and the results of blacklist lookups.
    • Usage analytics — anonymized pageviews and feature-use events captured by PostHog. This is used to understand which parts of the product are useful.
    • Third-party tokens — when you connect Gmail or GoHighLevel, we store the OAuth tokens those providers issue, encrypted at rest. We use them only for the scopes you authorized.
    • Communications — messages you send to support, kept for as long as needed to resolve your issue.
    • Cookies — a session cookie to keep you signed in, and a PostHog analytics cookie. See the cookies section below.

    03Why we collect it

    We process this data to operate the deliverability monitoring you asked for, debug issues, secure the service, bill you (when paid tiers are live), and improve the product. We do not use your data to train AI models or to target advertising.

    04Who we share it with

    We share data with a small set of vendors that help us run the service. We do not sell your personal data, ever.

    • Hetzner (Finland, EU) — primary application hosting and database storage.
    • Cloudflare (global edge) — DNS, CDN, DDoS protection.
    • PostHog (US instance) — product analytics.
    • Google (US) — OAuth sign-in and, where you have authorized it, the Gmail API.
    • GoHighLevel (US) — only when you explicitly connect a GHL account.
    • Stripe (US) — when paid plans launch, Stripe will process payments. Card details never touch our servers.

    We may also disclose data when required by law, to investigate fraud or abuse, or to protect the safety of our users.

    05Where data is stored

    Primary application data lives on Hetzner servers in Finland (EU). Analytics events flow to PostHog's US instance. Cloudflare serves static assets from its global edge.

    06How long we keep it

    For active accounts, we keep your data for as long as your account exists. After you delete your account, we purge your data within 90 days — that window covers backup rotation. Application logs are retained for 30 days. Anonymized aggregate analytics may be retained indefinitely.

    07Your rights

    Depending on where you live, you have rights over your personal data. We extend these rights to all users regardless of jurisdiction:

    • Access — ask us for a copy of the data we hold about you.
    • Correction — ask us to fix inaccurate data.
    • Deletion — ask us to delete your account and the data attached to it.
    • Portability — ask for an export of your data in a machine-readable format.
    • Objection & restriction — ask us to stop or limit certain processing.
    • Opt out of sale — we do not sell your data, so this is automatic.

    To exercise any of these rights, email [email protected]. We will respond within 30 days.

    08Cookies

    We use a small number of cookies. None of them are used for advertising.

    • Session cookie — keeps you signed in. Expires when you sign out or after a period of inactivity. Strictly necessary; cannot be disabled if you want to use the dashboard.
    • PostHog analytics cookie — anonymized usage tracking. You can disable analytics in browser tracking-protection settings (Brave, Firefox strict, Safari ITP, etc.) without breaking the product.

    09Security

    Traffic to and from MailerMonk is served over TLS. Application data on Hetzner volumes is encrypted at rest. OAuth tokens (Gmail, GHL) are additionally encrypted at the application layer with a secret known only to the application. We follow standard practices for credential rotation and least-privilege access. No system is perfectly secure; if we discover a breach affecting you, we will notify you without undue delay.

    10Children

    MailerMonk is a B2B service intended for adults running businesses or working at one. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, contact us and we will delete the account.

    11International data transfers

    Because our subprocessors include providers based in the US, your data may be transferred outside your country of residence. Where applicable, we rely on Standard Contractual Clauses or equivalent legal mechanisms to protect data in transit between regions.

    12Changes to this policy

    We may update this policy as the product evolves. We will update the "Effective" date at the top, and for material changes we will notify you by email and in-app banner. Continued use of MailerMonk after a change means you accept the updated policy.

    13Contact

    Questions, requests, or complaints about your data? Email [email protected]. We are based in Bangladesh; full mailing address available on request.