email·digit
Sign inRequest access
Privacy

Your data is your data.
We just route it.

Email Digit processes customer messages, contact lists, and domain-signing keys on your behalf. That's a lot of trust. This page is the full record of what we collect, why we collect it, where it goes, and what you can do about it — in plain language.

Version v1.0Effective May 28, 2026
01 · Summary

The short version.

If you don't want to read every section, here's what you need to know:

  • We don't sell your data. Not to advertisers, not to data brokers, not to anyone. Ever.
  • Your customer list is yours. Contact data you upload, replies your customers send, and the content of your campaigns stay inside your workspace.
  • We process only what we needto run the product — sending mail, classifying replies, signing with your DKIM key, billing your account.
  • You can export or delete your data at any time. Delete cascades through every system within 30 days.
  • We tell you 30 days in advance before adding a new sub-processor that touches your data.
02 · Who this covers

Scope of this policy.

This policy describes how Email Digit Inc. ("Email Digit," "we," "us") handles personal data when you:

  • Visit any page on emaildigit.com or its subdomains.
  • Sign up for the product, including the free tier and any private-beta access.
  • Use one of our free public tools (deliverability lookup, DMARC analyzer, spam-score checker, render preview).
  • Receive an email sent throughEmail Digit by one of our customers (you are a "message recipient" in that case).

If you're a message recipient, the customer who sent you the message is the "controller" under GDPR / UK GDPR. We're a "processor" acting on their instructions. Requests about the content of those messages should go to the sender; requests about the technical processing can come to us at privacy@emaildigit.com.

03 · What we collect

Data, grouped by why we have it.

The shapeWe collect account data, the messages and contacts you ask us to process, technical metadata about how the service runs, and billing details. Nothing else.
Account dataFrom signup
Name, work email, hashed password, optional workspace name. OAuth identifier if you sign in with Google or Microsoft. Two-factor secrets are stored encrypted and only used to verify codes you submit.
Customer dataUploaded or routed
Contact lists you upload (name, email, phone, custom fields), reply messages routed through connected mailboxes, campaign content you send. This is data you ask us to process; we treat it as confidential.
Sending dataGenerated by use
Message metadata (subject, recipient, timestamp, send status), bounce + complaint signals from receiving providers, DKIM keys we generated for your domains.
OAuth tokensFor mailbox connections
Encrypted refresh + access tokens for Gmail and Microsoft Graph if you connect a mailbox. Used solely to poll for replies and never shared. You can revoke at any time from the dashboard or directly with the provider.
Technical dataAutomatic
IP address, browser user-agent, timestamps, the routes you hit, error traces. We use this for security, abuse detection, and debugging. No third-party trackers, no fingerprinting, no analytics resale.
Billing dataVia Stripe
Billing identity (company, address, tax ID) and the last four digits of your card. Full card numbers are tokenized by Stripe and never reach our servers.
Support dataWhen you write
Any message you send to support@, security@, or privacy@ emaildigit.com, plus the context needed to answer it.
04 · How we use it

Purposes are limited and explicit.

We process the data above only for the purposes listed here. If a use case isn't on this list, we don't do it.

  • Run the product— send your mail, poll your mailboxes, classify your replies, sign with your DKIM key, deliver webhooks to your endpoints.
  • Bill you— invoice, take payment, and meet tax-reporting obligations.
  • Secure the platform— detect abuse, enforce rate limits, investigate incidents, comply with our Acceptable Use Policy.
  • Improve the product— aggregate, anonymized telemetry on which features get used and where errors happen. Never on the content of your messages or contact data.
  • Communicate with you— transactional emails (receipts, security alerts, sub-processor updates), occasional product announcements you can opt out of.
  • Comply with law— respond to valid legal process. We push back on overbroad requests and publish a transparency report annually starting year two.

What we will never do

  • Sell your data to anyone.
  • Share your contact data with advertisers or data brokers.
  • Train external AI models on the content of your messages.
  • Read your replies for marketing purposes.
  • Use cookies to track you across other sites.
05 · Legal bases (GDPR / UK GDPR)

Why processing is lawful, by purpose.

Under GDPR and UK GDPR, every processing activity needs a lawful basis. Ours, by purpose:

  • Contract— running the product you signed up for. Covers sending, mailbox sync, reply classification, billing, support.
  • Legitimate interest— security, abuse prevention, fraud detection, telemetry for reliability. We balance these against your rights and document the assessment.
  • Legal obligation— tax records, responding to lawful requests, retaining audit logs as required by applicable law.
  • Consent— optional product emails you can withdraw at any time. Consent isn't the basis for the product itself; you don't need to consent to marketing to use Email Digit.
06 · Who we share with

Sub-processors, listed and notified.

We use a small set of vendors to run the platform. Every one is listed publicly on the Security page with purpose, region, and the categories of data they touch. We notify customers 30 days in advance before material additions to that list.

Beyond sub-processors we may share data with:

  • Receiving mail servers— obvious but worth saying. When you send an email through Email Digit, it goes to the recipient's mail server. Their privacy policy applies once it arrives.
  • Law enforcement— only with a valid legal process. We require proper jurisdiction, push back on overbreadth, and notify customers unless legally prohibited.
  • Acquirers— in the event of a merger, acquisition, or asset sale, your data may be transferred under equivalent privacy commitments. You'll be notified.

We do not share with advertisers, data brokers, analytics resellers, or any AI vendor for the purpose of training their models on your content.

07 · How long we keep it

Retention windows by data type.

Account data
For the life of your account, plus 90 days after deletion to handle clawback and disputes. Then purged.
Customer + contact data
For as long as you keep it in your workspace. Delete cascades through backups within 30 days.
Sending logs
90 days on Free, 18 months on Starter/Pro, 7 years on Business+ for compliance evidence.
OAuth tokens
Encrypted at rest. Wiped immediately when you disconnect the mailbox or delete the workspace.
Audit log
7 years on Pro+, 90 days on Starter, 30 days on Free. Append-only; not deletable from the UI by design.
Billing records
7 years to satisfy tax-recordkeeping requirements.
Support correspondence
24 months from last contact, then purged.
08 · Security

What we do to protect this data.

The full posture is documented on the Security page. The headline: AES-256 at rest, TLS 1.3 in transit, Fernet envelopes for PII / OAuth tokens / DKIM keys, Postgres Row-Level Security for tenant isolation, encrypted backups with 30-day point-in-time recovery, append-only audit logs, and a published incident-response policy with 15-minute status-page commitments for Sev-1 events.

No system is invulnerable. If we discover a breach affecting your personal data, we notify the relevant supervisory authority within 72 hours and the affected customers without undue delay.

09 · Your rights

What you can ask us to do.

Depending on where you live, you have some or all of the following rights under GDPR, UK GDPR, CCPA / CPRA, the India DPDP Act, and other regional laws:

  • Access— a copy of the personal data we hold about you.
  • Correction— fix inaccurate or incomplete data.
  • Deletion— remove your data, subject to legal-retention obligations.
  • Portability— export your data in a structured, machine-readable format (CSV + JSON).
  • Restriction— ask us to pause certain processing.
  • Objection— object to processing based on legitimate interests.
  • Withdraw consent— at any time, for any processing based on consent.
  • Complain— to a supervisory authority. For the EU, that's the DPA where you live.

Most of these are self-serve from your dashboard. For anything you can't do from the UI, email privacy@emaildigit.com from the address on file. We respond within 30 days (extendable to 90 for complex requests, with notice).

California (CCPA / CPRA): we do not sell or share personal information as those terms are defined in California law. You have the right to know, the right to delete, the right to correct, and the right to non-discrimination for exercising any of them.

10 · Cookies + similar tech

What we set and why.

We use a minimal set of first-party cookies and localStorage values. No third-party tracking, no advertising pixels, no session replay tools.

  • Authentication— an HTTP-only session cookie + a JWT in localStorage so you stay logged in.
  • Active workspace— we store the ID of your active workspace in localStorage so the dashboard remembers which one to load.
  • CSRF token— short-lived, set on forms that mutate state.
  • Operational telemetry— basic error rate + performance markers. Aggregated; no cross-site identifiers.

You can clear all of these from your browser at any time; you'll just be logged out and need to sign in again.

11 · International transfers

Where your data lives.

Today, customer data lives in the United States — us-west-2 for application hosting (Render) and us-east-2 for the database (Neon). EU residency in eu-west-1 and India residency in ap-south-1 are on the roadmap for Q4 2026.

For EU + UK customers, transfers outside the EEA / UK rely on the European Commission's Standard Contractual Clauses incorporated into our DPA, plus the UK Addendum where required. We conduct a transfer-impact assessment for each material sub-processor.

12 · Children

This is a business product.

Email Digit is not directed at anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@emaildigit.com and we'll delete it.

13 · Changes to this policy

How we notify you.

Material changes are emailed to account owners at least 30 days before they take effect. Non-material clarifications (typo fixes, structural cleanup) are published with an updated version number at the top of this page. Every revision is kept in our public changelog.

If you keep using the product after a material change takes effect, that constitutes acceptance. If you don't accept, you can export your data and close your account at any time.

14 · Contact

Talk to a human.

Privacy questions, deletion requests, DPA requests, anything else — reach us at privacy@emaildigit.com. Security disclosures should go to security@emaildigit.com instead; the security page has the PGP key.

Controller of record: Email Digit Inc., operating from the United States. Mailing address available on request for legal correspondence.

See also

The trust posture
behind this policy.

The Security page documents encryption, access control, sub-processors, residency, incident response, and disclosure. The Terms page covers the commercial agreement.

Read the Security page Read the Terms