privacy policy

last updated july 28, 2021

this privacy policy describes how bubble.email (we", "our" or "us") collects, uses, and shares information in connection with your use of our website, services, and applications (collectively, the "services").

the following does not apply to dat our customers may process when using our services.

we may collect and receive information ("data") about users of our services ("users", "you" or "your") from various sources, including:

• information you provide through your user account on the services (your "account") if you register for the services;
• your use of the services; and

read this policy in full so that you're fully informed.

1. information collected

• information you provide

  • account registration. when you register for an account we ask for your email address and a password of your choosing. both are saved in our databases. the password is stored cryptographically hashed.
  • payment information. when you add your financial account information to your account, that information is directed to our third-party payment processor. we do not store your financial account information on our systems; however, we have access to, and may retain, subscriber information through our third-party payment processor.
  • user content. any content generated by you by way of maintaining your account information, entering data to use our services and email content going through our systems as well as recipient email address will be stored for the sole purpuse of routing emails to your lists. email content and related meta information is also used to prevent spam; but never sent off-site to any sort of third party. we do not claim any legal right or ownership of your data. your data belongs to you, now and forever.
  • communications. if you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. we do not track recipient behavior of emails, e.g. by way of tracking pixels.

• information we collect when you use our services

  • cookies. we use cookies for the sole purpose of saving state of your authentication status. cookie data is encrypted.
  • tracking. we do not use any third-party tracking service.

• information we receive from third parties

  • payment processor. if you set up payment and/or issue payments, we will receive your account from that third party.

2. information usage

we use the information we collect in various ways, including to:

• provide, operate, maintain and extend our services;
• communicate with you directly to provide you with updates and other information relating to the service
• process your transactions
• route email to recipients
• find and prevent abuse
• for compliance purposes, enforcing our terms of service, other legal rights, comply with applicable laws and regulations, judicial process or handle governmental crap.

3. information sharing

we may share collected information in the following ways:

• third-parties. emails send through bubble.email will be dispatched to a list's recipient email address and by that way to other email servers outside our control.
• advertising. we don't share your information with advertisers. in fact, we don't use third-party ad services.
• analytics. we do email. we'll leave surveillance to your government and competitors. we do not analyze your usage behavior.
• business transfers. information may be disclosed and otherwise transferred in case ownership of bubble.email and its services changes in any way. you will be notified in advance.
• as required by law and similar disclosures. we may share information to
  • satisfy applicable law
  • enforce this privacy policy and our terms of service, including investigation of potential violations hereof;
  • detect, prevent, or otherwise address fraud, security, or technical issues;
  • respond to your requests
• with your consent. we may share information with your consent.

4. legal basis for processing data

our legal basis for collecting and using the data described above will depend on the data concerned and the specific context in which we collect it.

however, we will normally collect data from you only

• where we need the data to perform a contract with you;
• where the processing is in our legitimate interests and not overridden by your rights; or
• where we have your consent to do so.

we have a legitimate interest in operating our services and communicating with you as necessary to provide these services, for example when responding to your inqueries, improving our platform, or for the purposes of detecting or preventing illegal activities.

in some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the data to protect your vital interests or those of another person.

if we ask you to provide data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your data is mandatory or not (as well as of the possible consequences if you do not provide your data).

5. third-party services

you may access other third-party services through the services, for example by clicking on links to those third-party services from within the services. we are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.

6. security

welcome to the internet. there is no such thing as "100% secure". period.

however, we are committed to protect your information in a way appropriate to the risk of processing your data.

7. data retention

we retain any information you provide to provide you with our services in ways necessary to to comply with applicable legal, tax, or accounting requirements.

we will delete or anonymize information when technically possible before and after having an ongoing legitimate business need to retain and/or process it.

data retained possibly forever

• direct communications with bubble.email support

data retained for the lifetime of your account

• your email address in plain text
• your password, cryptographically hashed
• bounce and abuse notifications and statistics
• payment status and history

data retained from when you enter and until you delete it

• lists and related information
• list recipient email addresses, in plain text
• domain names and related information
• payment details

data retained temporarily

• email and its contents sent to lists; for the duration of processing. the duration of retaining such data depends on factors such as, but not limited to, system load, load balancing, maintenance, data size.

in general, this happens to email you send through bubble.email: a mail server receives the email if eligible for delivery and forwards it to an application for processing. the application puts the entire email into a queue which is being process as fast as possible. the queue worker inspects the structure of an email to append management and list subscription information, respectivly, to the end of the content of the text and html part. it also appends all attachments and adds email list headers. as a final step, this newly constructed email is put on the queue to be sent to each of the list's recipients.

all data is encrypted using LUKS full disk encryption. this means even a stolen or physically copied hard drive cannot be read by any type of adversary given they don't have the keys. the keys are stored encrypted as well.

8. access

as a registered user you may access information associated with your account by logging into our services or emailing contact@bubble.email. if you terminate your account, all associated information will be deleted promptly and thus you'll not be able to login and access your information.

your data will be archived or stored periodically in the form of backups for the purpose of desaster recovery.

we may terminate and/or lock your account and delete all your information - if we close the business - if we receive abuse complaints originating from your account - if your usage pattern violates our terms of services

9. general data protection regulation (gdpr)

as citizen of the european union you have the following rights:

• access, correct, update, or request deletion of your information

• object to the processing of your information, ask to restrict the processing of your data, request portability of your information

send any inquery to contact@bubble.email.

the data controller of your data is bubble.email.

10. your choices

you may choose to configure your browser to reject cookies from bubble.email. if you do so, you will not be able to login and use our services.

11. children's privacy

if you are under the age of 18, you're not allowed to use our services.

12. changes to this privacy policy

this privacy policy will be modified every now and then, so review it frequently. you will be notified by way of email about changes.

13. international data transfers

bubble.email is a global business and runs email services. depending on where your list recipient's email servers are located, we will distribute emails globally. that way, your data will end up in jurisdictions outside of the scope where your information originated. as a result, local laws apply. these countries may not have the same data protection laws as the country in which you initially provided the information. when we transfer your data to other countries, we will protect that information as described in this privacy policy.

contact us

send any inquiry to contact@bubble.email.