Privacy Policy

Last updated: December 2, 2025

1. Introduction

WarmySender ("we," "us," or "our") operates warmysender.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cold email outreach platform.

By using WarmySender, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name and profile information (via Replit authentication)
• Workspace details and team member information
• Payment information (processed securely through Stripe)

2.2 Email Account Credentials

To provide our email warmup and sending services, you grant us access to your connected email accounts through:

• OAuth connections: Gmail and Outlook accounts (we store access tokens, not passwords)
• IMAP/SMTP credentials: Encrypted using AES-256-GCM encryption for custom email providers

2.3 Campaign and Prospect Data

We store:

• Email templates and campaign sequences
• Prospect lists and contact information
• Email content, subject lines, and personalization variables
• Campaign performance metrics and analytics

2.4 Email Message Data

For warmup and deliverability tracking purposes, we access and store:

• Email headers and metadata
• Delivery status and folder placement (Inbox, Spam, Promotions)
• Open rates, click rates, and reply data
• Warmup conversation history between connected mailboxes

2.5 Usage Information

We automatically collect:

• IP addresses and device information
• Browser type and operating system
• Pages visited and features used
• Session duration and interaction patterns

3. How We Use Your Information

We use the collected information to:

• Provide core services: Email warmup, campaign management, deliverability tracking
• Process payments: Handle subscription purchases through Stripe
• Improve deliverability: Monitor inbox placement and adjust warmup strategies
• Prevent abuse: Detect spam, enforce sending limits, and maintain platform integrity
• Customer support: Respond to inquiries and troubleshoot issues
• Analytics: Understand usage patterns and improve our Service
• Legal compliance: Comply with applicable laws and regulations

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit: All data transmitted using HTTPS/TLS
• Encryption at rest: Email credentials encrypted with AES-256-GCM
• Database security: PostgreSQL with role-based access controls
• OAuth security: Secure token storage with automatic refresh
• Session management: Secure cookies with 1-week expiration
• Infrastructure: Hosted on secure Replit infrastructure

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services:

5.1 Authentication

Replit Auth: User authentication and identity management via OpenID Connect (OIDC)

5.2 Payments

Stripe: Payment processing for subscription purchases. Stripe's privacy policy governs payment data: stripe.com/privacy

5.3 Email Providers

We connect to email providers (Gmail, Outlook, custom IMAP/SMTP) on your behalf. Their respective privacy policies apply to your email accounts.

5.4 Hosting

Replit: Application hosting and infrastructure

Neon: PostgreSQL database hosting

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data only in these circumstances:

• With your consent: When you explicitly authorize sharing
• Service providers: Third parties that help us operate (Stripe, Replit, Neon) under strict confidentiality agreements
• Legal requirements: When required by law, court order, or government regulation
• Business transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
• Protection: To protect our rights, property, safety, or that of others

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention policies:

• Account data: Retained until account deletion
• Campaign data: Retained for the lifetime of your account
• Email credentials: Deleted immediately upon mailbox disconnection
• Analytics data: Aggregated data may be retained indefinitely
• Payment records: Retained for 7 years for tax and legal compliance

8. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Data portability: Receive your data in a machine-readable format
• Withdrawal of consent: Disconnect email accounts or revoke permissions
• Object: Object to processing of your personal data

To exercise these rights, contact us at privacy@warmysender.com

9. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: Session cookies to keep you logged in
• Preferences: Remember your settings (theme, workspace selection)
• Analytics: Understand how users interact with our Service
• Security: Prevent fraud and unauthorized access

You can control cookies through your browser settings, but this may limit functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Children's Privacy

WarmySender is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or through a prominent notice on our Service. Continued use after changes constitutes acceptance of the updated policy.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to delete personal information
• Right to equal service and price

We do not sell personal information. To exercise your CCPA rights, contact us at privacy@warmysender.com

14. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

• Legal basis: We process data based on contract performance, legal obligations, and legitimate interests
• Data protection officer: Contact dpo@warmysender.com
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

WarmySender
Email: privacy@warmysender.com
Website: warmysender.com