CAMPAIGNS BY POSTPADDY — PRIVACY POLICY
Last updated: February 16, 2026
This Privacy Policy explains how PostPaddy LLC (“PostPaddy”, “we”, “us”) collects, uses, discloses, and protects information in connection with Campaigns by PostPaddy (the “Service”).
Not offered to EU/UK. The Service is not offered to EU/UK residents. Do not use the Service if you are located in the EU/UK. If we unintentionally receive such data, we will delete it once identified.
1. Scope and Roles
1.1 Controller vs processor
For account management, billing, fraud/security, analytics, and service improvement, PostPaddy acts as a data controller.
For Customer Data you process through the Service (including Contacts, email content, and automation data), PostPaddy acts as a processor on your documented instructions. Our Data Processing Addendum (DPA) applies to such processing.
1.2 Who this policy applies to
This Policy covers:
users of the Service (account owners and teammates),
contacts stored in the Service,
recipients of messages sent through the Service,
visitors to our websites and product pages.
2. Information we collect
2.1 Account and profile data
Name, email, phone number (if provided), password hashes, organization details, team member details, support communications, and settings.
2.2 Billing and payment data
Subscription tier, invoices, billing address, tax information (if required). Payments may be processed by third party payment processors (for example Stripe, Paystack). We do not store raw card numbers; processors provide tokenized references.
2.3 Customer Data (you upload or generate)
Depending on how you use the Service, Customer Data may include:
Contact records (email, name, phone, tags, segments, consent fields you store, and related metadata),
Lists and segments,
Email content, templates, and assets (images, json, HTML, copy),
Automation workflows and conditions,
Suppression lists (unsubscribes, bounces, complaints),
Form submissions and landing page submissions (if connected),
Campaign analytics and event logs.
2.4 Deliverability and engagement data
Events such as sends, deliveries, bounces, opens (where supported), clicks, unsubscribes, complaints, and related metadata (timestamps, message IDs, domains).
2.5 Device and usage data
IP address, device identifiers, browser type, operating system, app version, pages/screens viewed, actions taken, crash logs, and diagnostic telemetry.
2.6 Cookies and similar technologies
We may use cookies/SDKs for:
authentication and security,
app functionality,
analytics and performance.
Analytics tools may include Google Analytics 4 and Mixpanel. We may use session replay tools (for example Microsoft Clarity) to understand product usage and diagnose issues. We configure masking for sensitive fields.
2.7 AI inputs and outputs
If you use AI Features:
Inputs: prompts and content you submit to the AI feature.
Outputs: generated suggestions (subject lines, body drafts, summaries).
We recommend you avoid submitting sensitive personal data unless necessary.
2.8 Derived and aggregated data
We may generate aggregated and/or de identified statistics and benchmarks derived from Service operation. We own these aggregates and do not attempt to re identify individuals.
3. How we use information
We use information to:
provide, operate, and support the Service,
send messages and execute automations on your instructions,
process payments and manage subscriptions,
detect, investigate, and prevent fraud, abuse, and security incidents,
maintain deliverability and protect sending reputation,
analyze usage to improve the Service and develop new features,
communicate with you about product updates, security alerts, and administrative messages,
send marketing communications about PostPaddy (you can opt out),
comply with legal obligations and enforce our Terms.
No sale/share (CPRA). We do not sell personal information. We do not share personal information for cross context behavioral advertising.
4. Legal bases (Nigeria & U.S.)
We process personal data where:
it is necessary to perform our contract with you,
we have legitimate interests (security, fraud prevention, improving the Service),
you provide consent (where required),
we must comply with legal obligations.
5. Disclosures to third parties
We share information with service providers and sub processors only as needed to operate the Service, including:
infrastructure and hosting providers,
payment processors,
email delivery providers,
analytics and session replay providers,
customer support tools,
AI model providers (when AI Features are used).
We may also disclose information:
to comply with law or legal requests,
to protect rights, safety, and security,
in connection with a merger, acquisition, or asset sale.
We do not permit service providers to use Customer Data for their own marketing.
Deliverability and abuse prevention
To protect deliverability and prevent abuse, we may:
monitor bounce rates, complaints, and unsubscribe patterns,
enforce suppression lists,
block sending to known bad addresses or domains,
suspend sending where we detect spam or high risk activity.
7. Data Retention
We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.
When you delete Customer Data or close your account, we delete or de identify data within a reasonable period (commonly 30 to 90 days), subject to lawful retention requirements and backup rotation.
Suppression data (like unsubscribes) may be retained longer to prevent re sending to recipients who opted out.
8. Security
We use appropriate administrative, technical, and physical safeguards, including encryption in transit and at rest, role based access controls, logging and monitoring, and vendor due diligence.
No method of transmission or storage is fully secure.
If a breach of personal information occurs, we will notify affected users without undue delay and target 72 hours for material incidents.
9. Your rights
Subject to applicable law, you may request to:
access or obtain a copy of your personal information,
correct inaccurate information,
delete information,
object to or restrict certain processing,
export information (data portability).
To exercise rights, email [email protected].
If you are a sender using the Service, you are responsible for honoring your recipients’ rights and requests about your marketing.
10. Children
The Service is not offered to EU/UK residents. If you transfer data to us from other countries, you understand that data may be processed in the United States and other locations where we or our providers operate.
11. International transfers
The Service is not offered to EU/UK residents. If you nonetheless transfer data to us from other countries, you consent to processing in the United States and other locations where our service providers operate.
12. Changes
We may update this Policy. For material changes, we will provide at least 7 days’ notice via email and/or in app. Continued use after the effective date means you accept the changes.
CONTACT
PostPaddy LLC
11900 Commerce Street, Apt 1307
Farmers Branch, Texas 75234, United States
Email: [email protected] | [email protected]