Privacy Policy

Last updated: March 1, 2026

Dead Simple Email ("we," "us," or "our") operates the deadsimple.email website, the api.deadsimple.email API service, and the app.deadsimple.email dashboard (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Email address
  • Name (optional)
  • Organization or company name (optional)
  • Password (stored in hashed form only)
  • Billing information (processed securely via Stripe; we do not store full payment card numbers)

1.2 Email Content and Data

As an email infrastructure service, we process email messages on your behalf. This includes:

  • Email message content (body, subject, headers) sent or received through our API
  • Email addresses of senders and recipients
  • Email attachments
  • Email metadata (timestamps, message IDs, delivery status)

We process this data solely to provide the Service. We do not read, analyze, or mine your email content for advertising or any purpose unrelated to service delivery.

1.3 API Usage Data

We automatically collect information about your use of our API, including:

  • API requests (endpoints called, request timestamps, response codes)
  • API key identifiers (not the full key)
  • Rate limit usage and quota consumption
  • IP addresses from which API requests originate
  • Error logs and debugging information

1.4 Website Usage Data

When you visit our website, we may collect:

  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent on pages
  • IP address
  • Device identifiers

2. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Functional cookies: Remember your preferences and settings (e.g., dashboard layout, timezone).
  • Analytics cookies: Help us understand how visitors interact with our website so we can improve the user experience. We use privacy-respecting analytics that do not track you across websites.

We do not use cookies for advertising or sell cookie data to third parties. You can control cookies through your browser settings, though disabling essential cookies may prevent you from using parts of the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process and deliver email messages through our infrastructure
  • Process payments and manage your subscription
  • Send you service-related communications (e.g., account verification, billing receipts, security alerts, maintenance notices)
  • Respond to your support requests and inquiries
  • Monitor and enforce our Acceptable Use Policy
  • Detect, prevent, and address abuse, fraud, and security issues
  • Analyze usage patterns to improve the Service
  • Comply with legal obligations

4. Third-Party Services

We use the following third-party services to operate the Service:

  • Stripe: Payment processing. Stripe collects and processes your payment information according to their privacy policy. We do not store your full credit card number.
  • Amazon Web Services (AWS): Cloud infrastructure, including compute, storage (S3 for email attachments), database services, and email sending. Data is processed and stored in AWS data centers in the United States. AWS complies with GDPR and other data protection regulations.
  • Firebase (Google Cloud): Authentication and real-time database services, governed by Google's privacy policy.

We do not sell your personal information to third parties. We only share data with third-party services as necessary to provide the Service.

5. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active. After account deletion, we remove your personal data within 30 days, except as required by law.
  • Email content: Retained according to the retention settings configured in your account. By default, email content is retained for 30 days after delivery. You may configure shorter retention periods. You may delete email content at any time via the API or dashboard.
  • API logs: Retained for 90 days for debugging and abuse prevention, then automatically deleted.
  • Billing records: Retained for 7 years as required by tax and accounting regulations.
  • Aggregated analytics: May be retained indefinitely in anonymized, non-identifiable form.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • API key authentication and secure token management
  • Network segmentation and firewall protections
  • Regular security audits and vulnerability assessments
  • Access controls limiting employee access to customer data on a need-to-know basis
  • Incident response procedures for potential data breaches

While we take reasonable steps to secure your data, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your API keys and account credentials.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data (subject to legal obligations).
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing of your personal data for certain purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

Our legal basis for processing your personal data is typically: (a) performance of a contract (providing the Service), (b) legitimate interests (improving the Service, preventing abuse), or (c) compliance with legal obligations.

To exercise any of these rights, contact us at hello@deadsimple.email. We will respond within 30 days.

8. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: Request deletion of your personal information (subject to certain exceptions).
  • Right to opt-out: Opt out of the sale of your personal information. Note: we do not sell personal information.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at hello@deadsimple.email. We will verify your identity before processing your request and respond within 45 days.

9. International Data Transfers

Our Service is operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at hello@deadsimple.email.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email to the address associated with your account
  • Post a prominent notice on our website

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: