Privacy Policy

EmailQA ("we," "our," or "us") is an HTML email review and collaboration platform operated as a sole proprietorship based in Cumberland County, Pennsylvania, United States. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at emailqa.live.

For the purposes of data protection laws, we are the "data controller" of personal data we collect directly from you (for example, when you create an account). When you use EmailQA as part of a team, the team's administrator is typically the controller of content they upload, and we act as a "processor" on their behalf.

Account Information

• Email address (required for account creation)
• Name (optional, for display purposes)
• Profile image (if using GitHub OAuth)

Project Content

• HTML email files you upload for review
• Comments and annotations you create
• Version history of your email designs

Guest Reviewer Information

• Name and email address (when leaving comments as a guest)
• Comments and feedback provided

Integration Credentials

• OAuth tokens for services you connect (Slack, GitHub)
• API keys for email service providers you connect (encrypted at rest)

Usage Information

• Browser type and version
• Pages visited and features used
• Time and date of visits

We use the following third-party services to operate EmailQA. A maintained list of sub-processors is available on our Legal page.

Stripe (Payment Processing)

We use Stripe to process payments for Pro subscriptions. Stripe collects and processes your payment information directly. We do not store your credit card details on our servers.

View Stripe's Privacy Policy

Amazon Web Services (File Storage)

Your uploaded HTML email files are stored securely on Amazon S3. Files are stored in encrypted form and access is restricted to authorized users only.

Railway (Hosting)

Our application and database are hosted on Railway infrastructure in the United States.

GitHub (Authentication)

If you choose to sign in with GitHub, we receive your basic profile information (name, email, profile image) from GitHub. We do not access your repositories or code.

Slack (Integration)

If you connect EmailQA to Slack (Pro feature), we store OAuth tokens to post comments to your selected Slack channels and receive replies from Slack threads. We only access channels you explicitly connect and do not read your other Slack messages or data.

Slack Data We Access:

• Workspace name and ID
• List of channels (to let you choose which to connect)
• User information (for displaying reply author names)
• Messages in threads started by EmailQA (to sync replies)

View Slack's Privacy Policy

Anthropic (AI Features)

When you use our AI assistant or AI device-explanation features, the relevant content you submit (your prompts, email HTML, and related comments) is sent to Anthropic's API to generate a response. Anthropic does not use commercial API inputs to train its models. AI features are currently available to a limited beta group.

View Anthropic's Privacy Policy

Email Service Provider Integrations

If you connect EmailQA to an email service provider (Mailchimp, Klaviyo, SendGrid, or Campaign Monitor), we store the API key or OAuth credentials you provide (encrypted at rest) and transmit approved project content to that provider on your instruction. We only perform actions you explicitly authorize through the Service.

• Mailchimp Privacy Policy
• Klaviyo Privacy Notice
• SendGrid (Twilio) Privacy Policy
• Campaign Monitor Privacy Policy

• To provide and maintain the EmailQA service
• To process your subscription payments
• To send transactional emails (comment notifications, team invites)
• To sync comments with connected Slack channels
• To improve our service and develop new features
• To respond to your support requests
• To detect and prevent fraud or abuse

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contract (Art. 6(1)(b)): To provide the Service you signed up for — account creation, project hosting, comments, team collaboration, and payment processing.
• Legitimate Interests (Art. 6(1)(f)): To improve our Service, prevent fraud and abuse, maintain security, and respond to support requests. You may object to this processing at any time.
• Consent (Art. 6(1)(a)): For optional integrations you connect (Slack, GitHub, ESPs, AI features) and any marketing communications. You may withdraw consent at any time.
• Legal Obligation (Art. 6(1)(c)): To comply with tax, accounting, and lawful government requests.

We do not sell your personal information. We share data only in these cases:

• Team Members: Project content is shared with team members you invite. When you are a team administrator inviting others, you act as the data controller for team content; EmailQA acts as your processor.
• Guest Reviewers: Anyone with a project link can view the email preview and comments.
• Service Providers: Sub-processors listed in §3 that help us operate EmailQA.
• Legal Requirements: If required by law, valid legal process, or to protect our rights, property, or safety.
• Business Transfer: If EmailQA is acquired, sold, or reorganized, your data may be transferred to the successor entity, subject to this Privacy Policy.

• Account Data: Retained while your account is active.
• Email HTML and Projects: Retained while your account is active. We periodically review active retention and will notify you before any bulk deletion of long-inactive content.
• Email Client Renders: Screenshots from email client testing are retained according to your plan (7 days for Free, 90 days for Pro).
• Comments: Retained with the associated project version.
• Integration Tokens: Retained while the integration is connected; deleted when disconnected.
• Billing Records: Retained for up to 7 years to meet US tax and accounting requirements.

You can delete your projects and account at any time. Upon account deletion, we remove your personal data from production systems within 30 days, and from routine backup systems within 90 days, except where retention is required by law.

EmailQA is operated from the United States. Our sub-processors (including AWS, Stripe, Anthropic, Railway, and others listed in §3) may process data in the US or other jurisdictions. If you access EmailQA from the European Economic Area, United Kingdom, or Switzerland, your data will be transferred to and processed in the US.

Where required, these transfers are governed by the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or a Swiss equivalent. A copy of the applicable safeguards is available on request at [email protected].

We implement appropriate technical and organizational measures to protect your data:

• All data transmitted over HTTPS encryption
• Database hosted on secure, access-controlled infrastructure
• Sensitive credentials protected with application-level encryption
• API keys and authentication tokens are protected using industry-standard cryptographic methods before storage
• Regular security reviews and updates

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify affected users and the appropriate supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach where feasible, consistent with GDPR Art. 33–34, UK DPA 2018, and applicable US state breach-notification laws.

Depending on your location, you have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data
• Deletion: Delete your account and associated data
• Portability: Export your project data in a structured, machine-readable format
• Restriction and Objection: Restrict or object to certain processing (GDPR/UK GDPR)
• Withdraw Consent: Disconnect third-party integrations at any time
• Lodge a Complaint: With your local data protection authority (EEA/UK)

To exercise these rights, contact us at [email protected]. We respond within 30 days and may ask you to verify your identity first.

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, disclose, and the categories of sources and third parties (see §2 and §3).
• Right to Delete: Request deletion of personal information we have collected.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell or share your personal information as defined by the CCPA. There is nothing to opt out of.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes requiring a limit-right notice.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

We do not offer financial incentives in exchange for personal information. To exercise California rights, email [email protected]. We will verify your identity before fulfilling the request.

We use essential cookies to maintain your login session and remember your preferences. We do not use tracking cookies or third-party advertising cookies. See our Cookie Policy for the list of cookies we set.

EmailQA is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date, and for significant changes will also notify you by email.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Website: https://emailqa.live
• Mailing Address: EmailQA, 123 N Hanover Street, Carlisle, PA 17013, United States