Privacy Policy
Last Updated: 22/02/2026
This Privacy Policy describes how MB Wizemails, a company registered in Lithuania ("wizeMails," "we," "us," or "our"), collects, uses, shares, and protects information when you use our website (wizemails.com, app.wizemails.com) and managed email infrastructure services (collectively, the "Services").
wizeMails provides services to businesses only. This Privacy Policy applies to:
- Information we collect about our customers (business subscribers and their authorized users) — governed by this policy.
- Personal data that our customers process through our Services (i.e., recipient data in customer campaigns) — governed by our customers' privacy policies and our Data Processing terms (Section 8).
1. Information We Collect
1.1 Information You Provide to Us
| Category | Examples | Purpose |
|---|---|---|
| Account information | Business name, contact name, email address | Account creation and authentication |
| Billing information | Payment card data, billing address | Payment processing |
| Configuration data | Domains, subdomain preferences, sending tool selection, number of email accounts | Service provisioning |
| Support communications | Messages sent via support chat or email | Customer support |
| Identity verification | Company information provided for account setup | Fraud prevention, compliance |
1.2 Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Usage data | Dashboard page views, feature usage, API call logs | Service improvement, abuse detection |
| Log data | IP addresses, browser type, OS, access timestamps | Security, debugging |
| Infrastructure telemetry | Server provisioning status, domain health scores, blacklist monitoring data | Service delivery |
| Authentication events | Login timestamps, session tokens | Security |
1.3 Information from Third Parties
- Payment processor(s): Payment confirmation, subscription status, billing history
- Reputation monitoring provider: Blacklist monitoring results, reputation scores for your provisioned IPs and domains
- Google Postmaster Tools: Domain reputation data for monitored domains
2. How We Use Your Information
We use information collected for the following purposes, each with a lawful basis under GDPR:
| Purpose | Lawful Basis (GDPR Art. 6) | Details |
|---|---|---|
| Providing and managing the Services | Performance of a contract (Art. 6(1)(b)) | Account management, infrastructure provisioning, dashboard access |
| Processing payments | Performance of a contract (Art. 6(1)(b)) | Billing, invoicing, refund processing |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) | Detecting abuse, preventing unauthorized access, protecting infrastructure |
| Compliance monitoring | Legal obligation (Art. 6(1)(c)) | Monitoring for ToS violations, responding to legal requests |
| Service communications | Performance of a contract (Art. 6(1)(b)) | Transactional emails: account setup, password reset, infrastructure alerts |
| Product updates and announcements | Legitimate interests (Art. 6(1)(f)) | Notifying of new features, material changes; you may opt out |
| Legal compliance | Legal obligation (Art. 6(1)(c)) | Responding to law enforcement, regulatory inquiries, court orders |
| Improving the Services | Legitimate interests (Art. 6(1)(f)) | Aggregated, anonymized analytics on feature usage |
We do not use your information for advertising, sell it to third parties, or use it to build advertising profiles.
3. Information Sharing and Disclosure
We share personal data only in the following circumstances:
3.1 Sub-Processors (Service Providers)
We engage the following sub-processors to operate the Services. Each is bound by data processing agreements and authorized to process data only as necessary to provide their service:
| Sub-Processor | Role | Data Shared | Location |
|---|---|---|---|
| Cloud infrastructure provider | Server infrastructure hosting | Server configuration data, provisioning parameters | US / EU |
| Domain registrar | Domain registration and DNS | Domain names, contact details (for WHOIS) | US / EU |
| Email service software | Email server running on your provisioned infrastructure | Runs on your provisioned server; processes your email data | Customer server (US / EU) |
| Reputation monitoring provider | Blacklist monitoring | IP addresses and domains being monitored | US / EU |
| Payment processor(s) | Payment processing (may include multiple providers based on customer requirements) | Name, email, payment details, billing address | US / EU |
| Supabase | Database, authentication, edge functions | Account data, provisioning records, session tokens | EU |
| Transactional email provider | Transactional email | Email address, email content (account setup, alerts) | US / EU |
WHOIS Note: Domain registration may result in your contact information being published in public WHOIS records unless you opt for WHOIS privacy. wizeMails enables WHOIS privacy by default where available.
3.2 Legal and Compliance Disclosures
We may disclose your information if required by law, regulation, court order, or at the request of government authorities with jurisdiction. We will notify you of such requests where legally permitted.
3.3 Business Transfers
If wizeMails is involved in a merger, acquisition, or sale of assets, customer data may be transferred as part of that transaction. We will notify affected customers via email before data is transferred and subject to a different privacy policy.
3.4 Protection of Rights
We may share information where necessary to protect the rights, property, or safety of wizeMails, our customers, or others.
3.5 With Your Consent
We may share information for other purposes with your explicit prior consent.
4. Your Rights Under GDPR (EU/EEA Residents)
If you are located in the EU or EEA, you have the following rights regarding your personal data:
| Right | What It Means | How to Exercise |
|---|---|---|
| Access (Art. 15) | Receive a copy of personal data we hold about you | Email support@wizemails.com |
| Rectification (Art. 16) | Correct inaccurate or incomplete data | Update in dashboard or email us |
| Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten") | Email support@wizemails.com |
| Restriction (Art. 18) | Request we restrict processing of your data | Email support@wizemails.com |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format | Email support@wizemails.com |
| Objection (Art. 21) | Object to processing based on legitimate interests | Email support@wizemails.com |
| Withdraw Consent | Withdraw consent where processing is consent-based | Email support@wizemails.com |
| Lodge a Complaint | File a complaint with a supervisory authority | State Data Protection Inspectorate of Lithuania (www.vdai.lrv.lt) |
We respond to all verified requests within 30 days. We may request identity verification before fulfilling requests.
5. Your Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you may have the following rights under the CCPA and CPRA:
- Right to Know: Request disclosure of categories and specific pieces of personal information collected about you.
- Right to Delete: Request deletion of personal information (subject to exceptions).
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information as defined under CCPA. No opt-out is necessary.
- Right to Limit Sensitive PI Processing: We do not process sensitive personal information beyond what is necessary for the Services.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your rights, contact support@wizemails.com. We will verify your identity before fulfilling requests.
Categories of personal information collected (past 12 months): Identifiers (name, email, IP address); commercial information (purchase history); internet activity (log data, dashboard usage); geolocation (coarse, from IP); professional information (company name, job context).
Business purpose for collection: Service provisioning, payment processing, security, compliance. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
6. Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Account and profile data | Duration of account + 2 years after termination | Legal obligations, dispute resolution |
| Billing and payment records | 7 years from transaction | Tax and accounting obligations (EU law) |
| Provisioning and infrastructure logs | 1 year after order completion | Debugging, compliance |
| Support communications | 2 years from last interaction | Quality assurance, dispute resolution |
| Security and access logs | 90 days | Security incident investigation |
| Health monitoring data | 1 year of rolling history | Trend analysis, alerting |
After retention periods expire, data is securely deleted or anonymized. You may request early deletion subject to legal retention obligations.
7. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction, including:
- Encryption in transit: All data between your browser and our Services uses TLS 1.2+.
- Access controls: Principle of least privilege; administrative access requires multi-factor authentication.
- Infrastructure isolation: FastAPI backend is accessible only via reverse proxy; no direct public access.
- JWT authentication: All authenticated endpoints require valid signed tokens.
- Database security: Row-Level Security (RLS) enforced in Supabase; service role keys stored as environment secrets.
- Vendor security: Sub-processors are evaluated for security practices before engagement.
No method of transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and in compliance with GDPR Art. 33-34.
8. wizeMails as Data Processor — Customer Campaign Data
8.1 Processor Role
When you use our infrastructure to conduct email campaigns, you (the Customer) act as the data controller for any personal data of your recipients (e.g., recipient names and email addresses). wizeMails acts as a data processor under GDPR Article 28 with respect to such data.
8.2 Our Obligations as Processor
As your data processor, wizeMails commits to:
- Process recipient personal data only on your documented instructions
- Ensure that authorized personnel processing the data are bound by confidentiality
- Implement appropriate technical and organizational security measures (Art. 32)
- Assist you in fulfilling data subject rights requests where applicable
- Delete or return personal data at the end of service provision
- Notify you without undue delay upon becoming aware of a personal data breach
- Provide information necessary to demonstrate compliance with Art. 28
8.3 Your Responsibilities as Controller
You are responsible for:
- Establishing a lawful basis for processing recipient personal data
- Providing adequate privacy notices to recipients
- Ensuring recipient data provided to wizeMails is legally obtained
- Complying with all applicable data protection laws
- Executing a Data Processing Agreement (DPA) with wizeMails if required by law
8.4 DPA Requests
To obtain a signed GDPR Data Processing Agreement (Article 28 compliant), contact support@wizemails.com.
8.5 Sub-Processors for Campaign Data
Recipient personal data processed through our Services is handled on infrastructure provided by the Sub-Processors listed in Section 3.1. By using the Services, you authorize wizeMails to engage these Sub-Processors.
9. International Data Transfers
wizeMails is registered in Lithuania (EU). Some Sub-Processors are located in the United States or other countries outside the EEA that may not provide the same level of data protection as EU law.
Where we transfer personal data outside the EEA, we rely on appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
Some of our third-party processors are US-based.
10. Cookies and Tracking
Our website and dashboard use the following tracking technologies:
| Type | Examples | Purpose |
|---|---|---|
| Strictly necessary cookies | Session tokens, CSRF tokens | Authentication, security (cannot be disabled) |
| Analytics (optional) | Aggregated page view data | Understanding how the dashboard is used |
We do not use advertising or tracking cookies. We do not sell cookie data.
You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in.
11. Children's Privacy
The Services are not directed at children under 16 years of age, and we do not knowingly collect personal data from children. If you become aware that a child has provided personal data without parental consent, please contact us and we will delete it.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you of material changes via email or dashboard notice at least 14 days before the change takes effect. The "Last Updated" date at the top indicates when this policy was last revised. Your continued use of the Services after the effective date constitutes acceptance.
13. Contact and Data Protection Inquiries
Privacy requests, DPA requests, and data subject rights:
support@wizemails.com
Regulatory authority (Lithuania):
State Data Protection Inspectorate
L. Sapiegos str. 17, 10312 Vilnius, Lithuania
ada@ada.lt | www.vdai.lrv.lt
Company registered address:
MB Wizemails
Siauliu 50, Kaunas, Lithuania