Mail Opened

Privacy Policy

Effective Date: September 29, 2025 • Controller: Mail Opened • Contact: privacy@mailopened.com
Terms of Service Privacy Policy Cookie Policy Acceptable Use DPA Security Retention Subprocessors DMCA

1) Scope

This Privacy Policy explains how Mail Opened (“we,” “our,” “us”) collects, uses, discloses, and protects personal information relating to: (a) site visitors; (b) customer account users; and (c) email tracking event data processed through our Service on behalf of customers.

Where we process recipient/event data for customers, we act under a data processing agreement. See our Data Processing Addendum (DPA).

2) Data We Collect

Account & Billing

  • Name, email address, hashed password (Argon2id), MFA status, role/permissions.
  • Billing contact and payment details processed via our payment provider.

Service & Device

  • IP address, timestamps, user agent, language, timezone, error logs.
  • Cookies or SDK identifiers as described in our Cookie Policy.

Email Event Data (processed on your behalf)

  • Pixel loads: message/campaign IDs, timestamps, user agent, referrer, language, timezone, IP-derived approximate location (city/region/country; may be truncated/anonymized).
  • Link clicks: destination URL, UTM parameters, timestamps, referrer, user agent, approximate location.
  • Recipient metadata you provide: email address, name, and optional custom fields.

Optional

  • Webhooks/API payloads, exports, and support communications.

3) Purposes & Legal Bases

  • Provide and secure the Service (contract necessity, legitimate interests).
  • Support and billing (contract necessity, legitimate interests).
  • Detect/prevent abuse (legitimate interests, legal obligation).
  • Marketing/analytics where allowed (consent where required by law).

4) Your Role vs. Ours

For recipient/event data, you are typically the controller/business and we act as your processor/service provider, processing only per your instructions. See the DPA.

5) Sharing & Subprocessors

  • Subprocessors: hosting, email infrastructure, analytics, support tools—listed at /subprocessors.
  • Legal disclosures: where required by law or to protect rights, safety, or security.
  • Corporate events: as part of a merger, acquisition, or asset sale with appropriate protections.

6) International Transfers

We may transfer personal data internationally using appropriate safeguards, including Standard Contractual Clauses and applicable UK addenda or other mechanisms as required.

7) Retention

We retain data as long as necessary for the purposes outlined or as required by law. Default event-retention windows are described in our Data Retention & Deletion Policy.

8) Security

Measures include TLS encryption in transit, Argon2id password hashing, access controls, logging/monitoring, backups, and vulnerability management. See our Security Statement.

9) Your Choices

  • Cookies: manage via our banner and browser settings (see Cookie Policy).
  • Marketing: unsubscribe from marketing emails via links provided.
  • Do Not Track: we respond where legally required and feasible.

10) Your Rights

Depending on your location, you may have rights to access, correct, delete, port, or object/restrict processing. To exercise rights, email privacy@mailopened.com. We assist customers in fulfilling recipient requests related to data processed on their behalf.

If you are a California resident, we process Customer Data as a “service provider” and do not sell or share Customer Data for cross-context behavioral advertising.

11) Children

Our Service is not directed to children under 16. Do not deploy tracking pixels in services directed to children without a valid legal basis and your own compliance measures.

12) Changes

We will post updates and revise the effective date above. If changes materially affect your rights, we will provide additional notice where required.

13) Contact

Questions? Contact privacy@mailopened.com or support@mailopened.com.

Related: TermsCookie PolicyAcceptable UseDPASubprocessorsSecurityRetention