Back to home

Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller responsible for your personal data is Color Vivo Internet, SL, with registered office at Calle Mesones 9, 13640 Herencia (Ciudad Real), Spain, and CIF ESB13340724.

You may contact us regarding any data protection matter through our contact form.

2. Data We Collect

When you use MailCraft (mailcraft.love), we may collect and process the following categories of personal data:

  • Account information: your email address, name, and authentication data provided through magic link login or OAuth providers (Google, GitHub).
  • Template content: email templates you create, including visual JSON data, code, and associated metadata.
  • Brand kit data: logos, colors, fonts, and branding configurations you upload or define.
  • Export and usage logs: records of template exports, compilation events, and feature usage.
  • Usage analytics: pages visited, features used, session duration, and similar usage data collected through Google Analytics or equivalent tools.
  • Technical data: IP address, browser type, device information, and cookies as described in our Cookie Policy.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

  • Contract performance (Art. 6.1.b): processing necessary to provide the MailCraft service, including account management, template storage, and exports.
  • Legitimate interest (Art. 6.1.f): analytics and service improvement, fraud prevention, and security monitoring.
  • Consent (Art. 6.1.a): where applicable, for non-essential cookies and marketing communications.
  • Legal obligation (Art. 6.1.c): compliance with applicable tax, accounting, or regulatory requirements.

4. Data Processors and Third-Party Services

To provide the MailCraft service, we use the following third-party data processors:

  • Neon (PostgreSQL hosting): stores your account data, templates, and application data.
  • Cloudflare: DNS, CDN, and R2 object storage for images and assets.
  • Resend / SMTP provider: sends magic link authentication emails and transactional notifications.
  • Vercel: application hosting and serverless functions.
  • Stripe: payment processing for PRO and TEAM subscriptions (we do not store full payment card details).
  • Google Analytics: website usage analytics (if enabled).

All processors are bound by appropriate data processing agreements and comply with applicable data protection regulations.

5. International Data Transfers

Some of our data processors are located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions where available. Cloudflare and Vercel operate under the EU-U.S. Data Privacy Framework where applicable.

6. Data Retention

We retain your personal data for as long as your account remains active and as necessary to provide the service. Specifically:

  • Account data: retained until you request account deletion.
  • Template content: retained while your account is active; deleted within 30 days of account deletion.
  • Usage logs and analytics: retained for up to 26 months.
  • Billing records: retained as required by Spanish tax law (minimum 5 years).

7. Your Rights

Under the GDPR and applicable Spanish data protection law (LOPDGDD), you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Restriction: request restriction of processing under certain circumstances.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, please contact us through our contact form. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

8. Minors

MailCraft is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

9. Modifications to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the "last updated" date at the top of this page. We encourage you to review this page periodically. For significant changes, we will notify registered users via email.

MailCraft.love© 2026 MailCraft.love v0.1.0 — Color Vivo Internet, SL — All rights reservedMade with ❤️ from Madrid & Herencia (Ciudad Real) — Spain