Legal

Privacy Policy

This policy explains what NoticeAPI collects, how we use it, and how we handle customer and recipient data.

Last updated: July 2, 2026

1. Information We Collect

We collect account information such as email address, company name, login method, OAuth profile data when you choose OAuth, session data, support messages, plan details, and administrative actions.

We collect service data needed to operate email sending, including API keys, sending domains, DNS verification records, templates, audiences, contacts, suppressions, broadcasts, automations, message metadata, message bodies, recipients, delivery events, logs, webhook configuration, and usage metrics.

Stripe processes payment details for paid plans. NoticeAPI stores Stripe customer and subscription identifiers but does not store full card numbers.

2. How We Use Information

We use information to provide the API, dashboard, SMTP relay, simulator, webhooks, billing, support, authentication, abuse prevention, security monitoring, deliverability controls, and account administration.

We use delivery events, bounce data, complaint data, suppressions, and usage metrics to enforce quotas, pause risky sending, protect recipients, and maintain platform reputation.

3. Email Recipient Data

Customers decide what recipient data they upload or send through NoticeAPI. NoticeAPI acts as a processor or service provider for that customer data when we transmit, store, analyze, and secure it on the customer's behalf.

We do not sell recipient lists. We do not use customer recipient lists to send our own marketing. We may inspect message and recipient data when needed for support, abuse investigation, security, deliverability, compliance, or legal obligations.

4. Sharing and Vendors

We share data with vendors that help operate the service, including hosting, database, email delivery, payment, analytics, monitoring, authentication, and support providers. These vendors may process data only as needed to provide their services to us.

We may disclose information if required by law, legal process, security incident response, fraud prevention, rights protection, business transfer, or to enforce our terms and acceptable use rules.

5. Cookies and Sessions

NoticeAPI uses cookies and similar storage for authentication, session management, security, and basic product operation. OAuth providers may set their own cookies when you sign in through them.

6. Retention

We retain account, billing, security, abuse, and operational records as long as needed for the service, legal obligations, dispute resolution, and enforcement.

Email logs, message bodies, delivery events, and related records are retained according to plan limits and operational needs, then may be deleted or aggregated. Backups may retain data for a limited additional period.

7. Security

We use administrative, technical, and organizational safeguards designed to protect data, including access controls, signed webhooks, secret handling, provider authentication, and monitoring. No system is perfectly secure.

If you believe your account or API keys are compromised, rotate keys immediately and contact [email protected].

8. Your Choices

You may update account information, rotate API keys, delete templates and audiences, manage suppressions, and request help with export or deletion by contacting support.

Recipients can unsubscribe from marketing messages through the unsubscribe links carried by broadcasts and automations. Customers must honor unsubscribe and suppression status.