Privacy Policy

1. Introduction

Boring Marketing, LLC ("VibeMail," "we," "us," or "our") operates the VibeMail service located at vibemail.com (the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Information We Collect

Information You Provide

• Account information (email address, name, company name)
• Payment information (processed securely through Stripe)
• Campaign content and email templates you create
• Recipient email addresses you upload
• Communication preferences and settings

Information Automatically Collected

• Usage data (features used, campaigns created, emails sent)
• Device information (browser type, operating system)
• IP address and approximate location
• Email engagement metrics (opens, clicks, bounces)
• Log data and analytics

AI-Generated Content

When you use our AI features, we process your prompts and context to generate email content. This data is processed through Anthropic's Claude API under their privacy policy.

3. How We Use Your Information

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send administrative information and service updates
• Respond to comments, questions, and customer service requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations
• With your consent, send marketing communications

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information:

• With Service Providers: Stripe (payments), Mailgun (email delivery), Vercel (hosting), Neon (database), Anthropic (AI)
• For Legal Reasons: To comply with laws, regulations, or legal requests
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• With Consent: When you explicitly agree to sharing
• Aggregated Data: Non-identifiable aggregate data for analytics

5. Data Security

We implement industry-standard security measures including:

• SSL/TLS encryption for data in transit
• Encryption at rest for sensitive data
• Regular security audits and monitoring
• Access controls and authentication
• Secure data centers with SOC 2 compliance
• Regular backups and disaster recovery procedures

6. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records

You may request deletion of your account and associated data at any time. Some information may be retained in our backup systems for up to 90 days after deletion.

7. Your Rights and Choices

GDPR Rights (EU Residents)

• Access your personal data
• Correct inaccurate data
• Request deletion ("right to be forgotten")
• Object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with supervisory authorities

CCPA Rights (California Residents)

• Know what personal information is collected
• Know if personal information is sold or disclosed
• Say no to the sale of personal information
• Access your personal information
• Request deletion of personal information
• Equal service and price, even if you exercise privacy rights

8. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will promptly delete the information.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside your jurisdiction. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

10. Third-Party Services

Our Service integrates with these third-party services:

• Clerk: Authentication and user management
• Stripe: Payment processing (PCI compliant)
• Mailgun: Email delivery infrastructure
• Anthropic: AI content generation
• Vercel: Application hosting
• Neon: Database services

Each service has its own privacy policy that governs their data practices.

11. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze Service usage and performance
• Provide security features

You can control cookies through your browser settings, though some Service features may not function properly without them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, for significant changes, providing additional notice through the Service or via email.

13. Contact Information