Privacy Policy of Mailbox Mixer

1) Scope & who we are

Mailbox Mixer is a Software-as-a-Service platform available at mailboxmixer.com. We provide software to help businesses manage mail advertising operations. This policy covers personal information we process when you visit our website, create an account, use our app, receive our communications, or interact with us in any other way.

Age restrictions: No age restrictions apply to using the website or service. However, we do not knowingly collect personal information from children under 13 without verifiable parental consent.

2) What we collect

A. Information you provide

• Account & profile: name, email address, password (hashed), role, and business details (e.g., company name, mailing address, billing contact).
• Business content: campaign information, customer lists you import, route/area selections, notes, attachments, and any other data you add to the service.
• Billing: purchase history, subscription plan, and limited billing details (e.g., billing name and address). Card data is handled by our payment processors (see Payments).
• Support & communications: messages you send us, feedback, and issue reports.

B. Information collected automatically

We collect only what’s needed to run the service and keep it secure. We do not use analytics or behavioral tracking tools.

• Service logs: basic technical logs related to app performance and security (e.g., error events, request timestamps, IP address at time of request). We do not build behavior profiles from this data.
• Essential cookies: see Cookies for details.

C. Information from third parties

• Payment processors (Square, Lemon Squeezy) share limited transaction metadata with us (e.g., payment status, last 4 digits of card, expiration month/year, billing country) so we can activate your service and keep records.

3) How we use your data

• Provide the service: create and manage accounts, run core features, process orders, and deliver support.
• Billing & account management: handle subscriptions, invoices, refunds, and account changes.
• Security & integrity: detect, prevent, and investigate fraud, abuse, or security incidents; maintain service reliability.
• Communications: send service messages (e.g., receipts, important updates). You can control non-essential messaging preferences where offered.
• Legal & compliance: meet tax, accounting, and regulatory obligations; enforce our terms; respond to lawful requests.

We do not sell your personal information. We do not share it for cross-context behavioral advertising.

4) How we share information

We share personal information only as needed to operate the service, or when legally required:

• Service providers (processors): e.g., hosting, payment processing, email delivery, customer support tools. They must follow our instructions and protect your data.
• Business transfers: if we merge, sell, or reorganize, your data may transfer as part of that transaction, subject to this policy.
• Legal: to comply with law, enforce our terms, or protect rights, safety, and security.

We do not allow service providers to use your data for their own marketing.

5) Payments (Square & Lemon Squeezy)

We use Square and Lemon Squeezy to process payments. When you enter payment details, you do so directly with these providers. We never receive or store full card numbers or CVV codes.

These providers share limited information back to us—such as payment status—so we can activate and manage your subscription. Your use of their checkout experiences is subject to their own privacy and security practices.

6) Cookies & similar technologies

We keep cookies simple and minimal:

• Essential cookies: required for sign-in, session continuity, CSRF protection, and core app features.
• No analytics cookies: we do not use Google Analytics or similar analytics tools.
• No advertising cookies: we do not use ad or tracking pixels.

You can control cookies in your browser settings. If you block essential cookies, the service may not work properly.

7) Legal bases for processing (GDPR/UK GDPR)

Where applicable, we process personal data under one or more of these legal bases:

• Contract: to provide the service you asked for and manage your account.
• Legitimate interests: to secure and improve the service, prevent abuse, and support customers, provided these interests do not override your rights.
• Legal obligation: to meet tax, accounting, and regulatory requirements.
• Consent: where we ask for it. You can withdraw consent at any time.

8) Your privacy rights

A. If you are in the EEA, UK, or similar jurisdictions

You may have the right to request: (i) access to your data; (ii) correction; (iii) deletion; (iv) restriction; (v) portability; and (vi) to object to certain processing. You also have the right to lodge a complaint with your local data protection authority.

B. California (CCPA/CPRA)

California residents can request to:

• Know the categories and specific pieces of personal information we collected about you.
• Delete personal information, subject to exceptions (e.g., legal obligations).
• Correct inaccurate personal information.
• Opt-out of “sale” or “sharing” of personal information. We do not sell or share your personal information as those terms are defined by California law.
• Limit use of sensitive personal information (where applicable). We do not use sensitive personal information to infer characteristics.
• Non-discrimination: We will not discriminate against you for exercising your rights.

C. How to exercise your rights

Send your request to the contact listed in Contact us. We will verify your identity before fulfilling requests. You may designate an authorized agent where the law allows.

9) Security

We use reasonable technical and organizational measures to protect personal information, including encryption in transit (HTTPS), access controls, and least-privilege practices. No method of transmission or storage is 100% secure; if we learn of a breach that affects you, we’ll notify you as required by law.

10) Data retention

We keep personal information only as long as needed for the purposes described in this policy, including to provide the service and meet legal, accounting, or reporting requirements. Typical retention periods:

• Account & business content: for the life of your account, then deleted or anonymized within 90 days after closure (unless we must keep it longer by law or to resolve disputes).
• Billing records: retained for up to 7 years (or longer if required by applicable law).
• Service logs: typically 12 months or less, unless needed for security or investigations.
• Cookies: session-based cookies expire when you sign out or close your browser; any persistent essential cookies follow their defined lifetimes.

11) International data transfers

We may process and store information in countries other than where you live. When transferring personal data internationally, we rely on appropriate safeguards (for example, standard contractual clauses where applicable) to protect your information according to this policy.

12) “Do Not Track”

Some browsers send a “Do Not Track” (DNT) signal. Because no consistent industry standard exists, we do not respond to DNT signals. We also do not run analytics or advertising trackers on our site/app.

13) Changes to this policy

We may update this Privacy Policy to reflect changes to our practices or for legal, technical, or regulatory reasons. If we make material changes, we’ll take reasonable steps to notify you (for example, by posting a notice in the app or sending an email). The “Effective date” above shows when this policy last changed.

14) Contact us

If you have questions or want to exercise your privacy rights, please contact us:

• Email: hey@mailboxmixer.com
• Mailing address: Mailbox Mixer, 9235 N Union Blvd Ste 150, Rm 134 Colorado Springs, CO 80920

If you are in a region with a dedicated data protection authority, you may also contact or file a complaint with that authority.