Last updated: June 18, 2026
This Privacy Policy explains how SignalMail ("SignalMail", "we", "us", or "our") collects, uses, and shares information when you use the SignalMail application, the website at getsignalmail.com, and related services (the "Service"). It applies to people who sign up for and use SignalMail ("you" or "users").
SignalMail handles two kinds of personal data, in two different roles:
Account information. When you register, we collect your name, email address, a securely hashed password, and your team and workspace details. We also store your settings and preferences.
Billing information. Subscriptions are sold and processed by our Merchant of Record, Lemon Squeezy. They handle checkout and payment, and we receive subscription status and limited records (such as plan, billing email, and customer/subscription identifiers). We do not store your full payment card number.
Data you process through SignalMail. To use the Service you import and create contact and company records — which may include names, email addresses, company names, job titles, and any custom fields you add — along with message templates and campaigns. This data, and the recipients you email, are controlled by you; we process it on your behalf to provide the Service.
Connected mailbox data. When you connect a mailbox, we store access credentials (OAuth tokens or, for SMTP/IMAP, the credentials you provide) encrypted at rest, and we access message metadata and content as needed to send your messages and to detect replies, bounces, and out-of-office responses. We do not read your mailbox for any purpose other than operating the Service for you.
Engagement and signal data. As your campaigns run, the Service records engagement events — such as message sends, email opens (via a tracking pixel), link clicks, replies, unsubscribes, and bounces — and derives signal scores and reports from them.
Technical and usage data. Like most web applications, we automatically collect log and device data such as IP address, browser type, pages viewed, and timestamps, and we use cookies and similar technologies (see Cookies below).
We use information to:
If you use AI features, the relevant content — such as the text of a reply you are classifying, or the context you provide for a follow-up draft — is sent to our AI provider, Anthropic (Claude), to generate the result, which is returned to you for review. We use AI providers that act as processors and do not train their public models on your data through our integration. AI output is a suggestion only and is not sent on your behalf without your action.
On our website and app, we use strictly necessary cookies for authentication and security, and we use Google Tag Manager and Google Analytics to understand site usage and improve the Service. Depending on your location, you may have choices about analytics cookies; you can also control cookies through your browser settings.
In the emails you send, the Service offers open- and click-tracking that you, as the sender, choose to enable on your campaigns. That tracking measures your recipients' engagement. You are responsible for disclosing this tracking to your recipients where the law requires it.
We share information only as needed to run the Service:
We may also disclose information to comply with the law, enforce our agreements, protect our rights, prevent fraud or abuse, or in connection with a merger, acquisition, or sale of assets (with continued protection of your data). We do not sell your personal data, and we do not sell or rent your contacts.
We and our providers may process and store data in countries other than yours. Where we transfer personal data internationally, we rely on appropriate safeguards as required by applicable law.
We retain account and Your Content for as long as your account is active and as needed to provide the Service. After you delete data or close your account, we delete or anonymize personal data within a reasonable period, except where we must keep certain records to meet legal, tax, accounting, security, or dispute-resolution obligations. Suppression and unsubscribe records may be retained as needed to honor opt-outs. You can export or delete data from within the Service.
We take reasonable technical and organizational measures to protect personal data, including encryption of mailbox credentials at rest, hashed passwords, optional two-factor authentication, team-level access scoping, and encrypted connections. No system is perfectly secure, so we cannot guarantee absolute security; please use a strong, unique password and keep your credentials safe.
Depending on where you live (for example, under the EU/UK GDPR or US state privacy laws), you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. You can exercise many of these directly in the app, or contact us at [email protected]. You also have the right to complain to your local data-protection authority.
Because you control the contacts you upload and the people you email, requests from your recipients (such as access, deletion, or unsubscribe requests) are, in the first instance, your responsibility as the controller of that data. We will assist you in responding to such requests as your processor, and our processing of recipient data is limited to providing the Service to you and to legal compliance.
The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.
We may update this Privacy Policy from time to time. If we make material changes, we will update the date above and may notify you in the app or by email. Your continued use of the Service after changes take effect means you accept the updated policy.
Questions, or want to exercise a privacy right? Email us at [email protected].