Mailbots

Privacy Policy

Last updated: February 24, 2026

Overview

Mailbots (“we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. This policy applies to all users of the Mailbots website and services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials (via Google OAuth). If you opt in to SMS notifications, we collect your phone number.

Order and Payment Information

When you place an order, we collect your sender name, return address, postcard message content, and campaign preferences. Payment is processed by Stripe—we do not store your credit card number on our servers. We receive a transaction ID and payment confirmation from Stripe.

Mailing List Recipient Data

You upload mailing lists containing recipient names and mailing addresses. This data is processed solely to fulfill your order. See Section 3 for how we handle this data.

Automatically Collected Data

We collect standard web usage data including IP address, browser type, pages visited, and referring URLs through our hosting infrastructure. We use essential cookies for authentication and session management.

2. How We Use Your Information

  • Order fulfillment: Processing your mailing list, printing postcards, and depositing mail with USPS.
  • Address verification: Validating recipient addresses against the USPS database to ensure deliverability.
  • Account management: Authenticating your identity, managing your orders, and processing payments.
  • Communications: Sending order status emails and, if you opt in, SMS campaign updates.
  • Service improvement: Analyzing usage patterns to improve the platform. We do not sell your personal information.

3. Mailing List Data

Your mailing list data (recipient names and addresses) receives special protection:

  • We use your mailing list data exclusively to fulfill your order. We will never use your recipient data for our own marketing, sell it to third parties, or share it with other customers.
  • Mailing list data is stored in encrypted, access-controlled databases with row-level security ensuring only you can access your data.
  • We retain mailing list data for 90 days after order completion to support reorders and customer service inquiries. After 90 days, list data is permanently deleted. You may request earlier deletion at any time.
  • Address verification is performed through SmartyStreets (a CASS-certified provider). Addresses are transmitted securely for validation and are not stored by the verification provider beyond the processing request.

4. Third-Party Service Providers

We share data with the following categories of service providers, only as necessary to operate the Service:

  • Payment processing: Stripe (processes payments; receives billing info, not your mailing list data).
  • Cloud infrastructure: Supabase and Vercel (database hosting, file storage, and application hosting).
  • Address verification: SmartyStreets (CASS-certified USPS address validation).
  • Postal delivery: USPS (physical mail delivery; receives only printed postcard content and recipient addresses).

These providers are contractually obligated to protect your data and may not use it for their own marketing purposes.

5. Data Security

We use industry-standard security measures to protect your data, including HTTPS encryption in transit, encrypted database storage, row-level security policies, and secure authentication via Google OAuth. While we take reasonable precautions, no method of transmission or storage is 100% secure.

6. Data Retention

  • Account data: Retained for as long as your account is active. You may request deletion at any time.
  • Order records: Retained for 3 years for tax, accounting, and dispute resolution purposes.
  • Mailing list data: Deleted 90 days after order completion (or upon earlier request).
  • Payment records: Transaction records are retained by Stripe per their data retention policies.

7. Cookies

We use essential cookies for authentication and session management. These are required for the Service to function. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may prevent you from using the Service.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your account and personal data.
  • Request early deletion of mailing list data before the 90-day retention period.
  • Opt out of SMS notifications at any time by replying STOP or unchecking the preference in your account.

To exercise any of these rights, contact us at privacy@mailbots.ai. We will respond within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions (e.g., completing an in-progress order).
  • Right to opt out of sale: We do not sell personal information. No opt-out is necessary.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

10. Children’s Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

Privacy questions or data requests? Contact us at privacy@mailbots.ai.