Legal

Privacy Policy

Review how NoticeAPI collects, uses, shares, retains, and protects account data, service data, and recipient email data.

Last updated: July 3, 2026

1. Information We Collect

We collect account information such as your email address, company or workspace name, login method, OAuth profile details if you choose OAuth, session data, support messages, plan details, billing status, and administrative actions.

We collect service data needed to run the email platform, including API keys, sending and receiving domains, DNS verification records, templates, audiences, contacts, suppressions, broadcasts, automations, message metadata, message bodies, recipients, inbound email metadata, inbound message bodies and attachments, delivery events, logs, webhook configuration, and usage metrics.

We collect technical data such as IP address, user agent, request metadata, authentication events, rate-limit events, error logs, and security or abuse signals.

If you enable open or click tracking, NoticeAPI records first-party engagement events such as opens, clicks, timestamps, recipient identifiers, message identifiers, and related request metadata.

Stripe processes payment details for paid plans. NoticeAPI stores Stripe customer, subscription, invoice, and checkout identifiers but does not store full card numbers.

2. Sources of Information

We receive information directly from you when you create an account, configure the service, contact support, or use the dashboard and API.

We receive recipient and message data from customers who send, receive, test, or manage email through NoticeAPI.

We receive operational signals from service providers, mailbox providers, payment processors, OAuth providers, hosting infrastructure, analytics, monitoring, and email delivery systems.

3. How We Use Information

We use information to provide the API, dashboard, SMTP relay, simulator, webhooks, billing, support, authentication, abuse prevention, security monitoring, deliverability controls, and account administration.

We use delivery events, bounce data, complaint data, suppressions, and usage metrics to enforce quotas, pause risky sending, protect recipients, troubleshoot delivery, and maintain platform reputation.

We may use account and product usage information to improve NoticeAPI, communicate with account owners, prevent fraud, enforce our terms, comply with law, and protect the service.

4. Customer Recipient Data

NoticeAPI is generally the controller or business for account, billing, authentication, support, security, abuse-prevention, and product-operations data. Customers decide what recipient and message data they submit to the service.

For customer recipient data and customer-controlled email content, NoticeAPI generally acts as a processor or service provider when we transmit, store, analyze, and secure that data on the customer's behalf.

Customers are responsible for the legal basis, consent, notices, and recipient rights workflows that apply to the recipient data they submit to NoticeAPI.

We do not sell customer recipient lists. We do not use customer recipient lists to send our own marketing. We may inspect message and recipient data when needed for support, abuse investigation, security, deliverability, compliance, or legal obligations.

5. Sharing and Vendors

We share data with vendors that help operate the service, including hosting, database, email delivery, payment, analytics, monitoring, authentication, and support providers. These vendors may process data only as needed to provide their services to us.

We may disclose information if required by law, legal process, security incident response, fraud prevention, rights protection, business transfer, or to enforce our terms and acceptable use rules.

6. Cookies and Sessions

NoticeAPI uses cookies and similar storage for authentication, session management, security, and basic product operation. OAuth providers may set their own cookies when you sign in through them.

NoticeAPI email tracking, when enabled by a customer, is separate from dashboard cookies and is used to record message engagement events for that customer's emails.

7. Retention

We retain account, billing, security, abuse, and operational records as long as needed for the service, legal obligations, dispute resolution, and enforcement.

Email logs, message bodies, delivery events, inbound email data, and related records are retained according to plan limits and operational needs, then may be deleted, de-identified, or aggregated. Backups may retain data for a limited additional period.

Suppression, unsubscribe, complaint, security, and abuse records may be retained longer when needed to prevent unwanted email, investigate misuse, meet legal obligations, or protect the platform.

8. Security

We use administrative, technical, and organizational safeguards designed to protect data, including access controls, signed webhooks, secret handling, provider authentication, and monitoring. No system is perfectly secure.

If you believe your account or API keys are compromised, rotate keys immediately and contact [email protected].

9. Your Choices and Rights

You may update account information, rotate API keys, delete templates and audiences, manage suppressions, and request help with export, correction, or deletion by contacting support.

Recipients can unsubscribe from marketing messages through the unsubscribe links carried by broadcasts and automations. Customers must honor unsubscribe and suppression status.

Depending on where you live, you may have rights to access, delete, correct, restrict, object to, or receive a copy of personal information. If your request concerns data controlled by a NoticeAPI customer, we may direct you to that customer or help the customer respond.

10. Sale or Sharing of Personal Information

NoticeAPI does not sell customer recipient lists. We also do not share customer recipient lists for cross-context behavioral advertising.

If our practices change in a way that requires additional privacy choices, we will update this policy and provide the required notice.

11. International Use

NoticeAPI is operated from the United States and uses infrastructure and vendors that may process information in the United States and other countries. Customers are responsible for using NoticeAPI in a way that satisfies transfer, notice, and consent requirements that apply to their own users.

12. Children and Sensitive Data

NoticeAPI is not directed to children. Customers should not submit children's data or regulated sensitive data such as protected health information, payment card numbers, government identifiers, or highly sensitive personal data unless NoticeAPI has expressly agreed in writing.

13. Contact

Privacy questions, data-processing questions, and rights requests can be sent to [email protected].