Privacy Policy
Effective: July 18, 2026
This Privacy Policy explains what information SubsiMail ("we," "us," "our") collects through the subsimail.com account and billing service (the "Account Service"), and how we use it. Please read the scope note below first — it matters more than usual for how SubsiMail works.
1. Scope: what this policy does and doesn't cover
SubsiMail's product is self-hosted: it runs entirely on infrastructure you control. Your contacts, campaign content, email messages, and connected-account credentials are stored and processed only on your own server — never sent to us, and never covered by this policy. The only thing your self-hosted instance ever sends us is a periodic license check: your license key and a randomly generated install ID, nothing else.
This policy covers only the data collected by the Account Service (subsimail.com itself) — the site where you sign up, manage billing, and generate your license.
2. Information we collect
| Account information | Name, email address, and password (stored as a salted hash, never in plain text) |
| License information | The domain you activate your license against, your connected-account count, and a randomly generated install ID from your self-hosted instance |
| Billing information | Handled by our payment processor when billing is enabled — we do not store full card numbers ourselves |
| Support communications | Anything you send us via email or a support form |
| Standard web logs | IP address, browser/user-agent, timestamps — ordinary server logs kept for security and troubleshooting |
3. What we do not collect
We do not collect, receive, or have access to: your contacts or their information; your campaign content or sending activity; the content of any email you send or receive through the software; your connected email account's OAuth tokens, SMTP/IMAP credentials, or messages; any data stored in your self-hosted instance's database. All of that lives solely on your own infrastructure, and it stays there.
4. How we use information
We use Account Service data to: create and maintain your account; issue and periodically re-validate your license; process billing (once enabled); send transactional email (verification links, invite links, receipts, security notices); respond to support requests; comply with legal obligations; and maintain the security of the Account Service itself.
We do not sell your information, and we do not use it for third-party advertising.
5. Cookies
The Account Service uses one essential, first-party session cookie to keep you logged in. We don't use tracking or advertising cookies.
6. Third-party service providers
We use third-party providers to operate the Account Service — for example, an email delivery provider for transactional email, and (once billing is enabled) a payment processor for handling payments. These providers process data only as needed to provide their service to us and are bound by their own privacy commitments.
7. Data retention
We keep account data for as long as your account is active, and for a reasonable period after closure to comply with legal, tax, and security obligations. You can request deletion at any time (see Section 9).
8. Your rights
Depending on where you're located, you may have rights to access, correct, export, or delete your personal data, or to object to or restrict certain processing (for example under GDPR or CCPA). To exercise any of these, contact contact@subsimail.com. We'll respond within the time required by applicable law.
Note again: these rights apply to your Account Service data. Data in your self-hosted instance (your contacts, campaigns, etc.) is entirely under your own control, since we never receive it — requests about that data should go to whoever operates that instance, which for most SubsiMail users is you.
9. Who is the data controller
For Account Service data (Section 2), SubsiMail is the data controller. For any personal data you process through your self-hosted instance, you are the data controller, not SubsiMail — we have no visibility into or control over that processing. See our Terms of Service, Section 4, for how this affects responsibility.
10. Security
We use reasonable technical and organizational measures to protect Account Service data, including hashed passwords and encrypted connections. No method of transmission or storage is completely secure, and we can't guarantee absolute security. Security of your self-hosted instance and the data on it is your responsibility — see the documentation for setup and hardening guidance.
11. International users
The Account Service may be accessed from, and its infrastructure may be located in, various countries. By using it, you understand your information may be processed outside your own country, including in jurisdictions with different data protection laws than where you live.
12. Children's privacy
The Service isn't directed at children, and we don't knowingly collect personal information from anyone under the age required by applicable local law to consent to data processing. Contact us if you believe a child has provided us information and we'll delete it.
13. Changes to this policy
We may update this policy from time to time. We'll post the updated version here with a new effective date; material changes will be notified via your account email where practicable.
14. Contact
Questions about this policy or your data: contact@subsimail.com.