Privacy Policy

When you create an account, we collect your name, email address, and password (hashed). When you connect a mailbox, we collect your email provider credentials (encrypted with AES-256-GCM), SMTP/IMAP server settings, and mailbox configuration preferences.

We also collect usage data such as pages visited, features used, warm-up performance metrics, and session duration. This data is used to improve the product and is never sold to third parties.

If you subscribe to a paid plan, Stripe processes your payment information directly. We do not store your credit card number, expiration date, or CVC on our servers.

We use your data to provide the Stekpad warm-up service, including sending and receiving warm-up emails, calculating health scores, running DNS checks, and performing inbox placement tests.

We use aggregated, anonymized usage data to improve our AI models, optimize sending patterns, and enhance the overall product experience. We may use your email address to send you product updates, security notices, and billing communications. You can opt out of non-essential communications at any time.

We do not read, analyze, or store the content of your real business emails. Warm-up conversations are AI-generated and exist solely to build sender reputation.

Your data is stored on secure servers located in the European Union. All email credentials are encrypted at rest using AES-256-GCM. Data in transit is protected with TLS 1.3.

We maintain automated daily backups with 30-day retention. Backups are encrypted and stored in a separate, geographically distinct location from our primary servers.

Access to production systems is restricted to authorized personnel only, with multi-factor authentication and audit logging enabled on all administrative interfaces.

We use the following third-party services to operate Stekpad:

Stripe for payment processing. Stripe's privacy policy governs how they handle your payment data. We share only the minimum information necessary to process your subscription.

PostHog for product analytics. We use PostHog to understand how users interact with Stekpad so we can improve the product. Analytics data is anonymized and does not include email credentials or warm-up content.

Groq and Mistral for AI content generation. Warm-up email content is generated via API calls to these providers. No user credentials or personal data are included in AI requests.

Under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), you have the following rights:

Access: You can request a copy of all personal data we hold about you at any time.

Deletion: You can request the permanent deletion of your account and all associated data. Upon deletion, we remove your data from our active systems within 30 days and from backups within 90 days.

Export: You can export your warm-up data, health scores, and mailbox configurations in machine-readable format from your dashboard settings.

Rectification: You can update or correct your personal information from your account settings at any time.

Objection: You can object to the processing of your data for specific purposes by contacting our privacy team.

We use strictly necessary cookies for authentication and session management. These cookies are essential for the service to function and cannot be disabled.

We use analytics cookies (PostHog) to understand product usage. You can opt out of analytics cookies at any time through your browser settings or our cookie preferences panel.

We do not use advertising cookies or share cookie data with advertisers.

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data from active systems within 30 days.

Warm-up email logs are retained for 90 days for performance analysis and then automatically deleted. Health score history is retained for 12 months.

Billing records are retained for the period required by applicable tax and accounting laws (typically 7 years).

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email and by posting a notice on our website at least 30 days before the changes take effect.

Your continued use of Stekpad after the effective date of any changes constitutes your acceptance of the updated policy.

If you have any questions about this privacy policy or how we handle your data, please contact our privacy team at privacy@stekpad.com.

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@stekpad.com.

Stekpad SAS, Paris, France.