Privacy Policy

At MailerLite, protecting your privacy and the privacy of anyone receiving your email is very important to us. The purpose of this Privacy Policy is to make MailerLite safe and appropriate for everyone. Our Privacy Policy applies to your use of MailerLite’s Services and describes the kind of information we process, how it is processed and why.

MailerLite provides email marketing and automation software as a service. We process Personal Data as a Processor on behalf of the Customer.

1. Definitions

1.1. "Controller" means an entity that determines the purposes and means of the Processing of Personal Data.

1.2. "Customer" means a person or entity that is registered with MailerLite to use the Services.

1.3. "Data Protection Laws" means all data protection and privacy laws and regulations of the EU, EEA, and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data.

1.4. "GDPR" means (a) the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and (b) the United Kingdom General Data Protection Regulation.

1.5. "Personal Data" means any information relating to an identified or identifiable natural person.

1.6. "Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. "Process", "Processes" and "Processed" shall be interpreted accordingly.

1.7. "Processor" means a natural or legal person, public authority, agency, or any other body which Processes Personal Data on behalf of the Controller.

1.8. "Services" means any product or service provided by MailerLite pursuant to MailerLite’s Terms of Use ("TOU").

1.9. “Subscriber” means a person Customer contacts through our Services.

1.10. “We”, “us”, and “our” refer to the MailerLite.

1.11. "You," "your," and "yours" refer to the user.

2. Data Processing

2.1. Consent: by accessing our Services, you accept our Privacy Policy and TOU, and you consent to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy. Each time you visit our website or use the mobile app or the Service, and any time you voluntarily provide us with information, you agree that you are consenting to our collection, use, and disclosure of the information that you provide, and you are consenting to receive emails or otherwise be contacted, as described in this Privacy Policy. Whether or not you register or create an account with us, this Privacy Policy applies to all users of the website, mobile app, and Services.

2.2. Performance of a contract: by utilizing our Services or accessing our platform, you expressly acknowledge our Processing of your Personal Data in compliance with applicable Data Protection Laws. The Processing of your Personal Data is grounded on the legal basis of contract performance between you and MailerLite. We collect and process your Personal Data to deliver the requested Services, meet our contractual obligations, and ensure the seamless functioning of our platform. Specifically, this includes providing you with access to the website, mobile app, and Services.

3. What information we Process

MailerLite collects both “Personal Data” and “Non-Personal Data” about you and will Process this data for the duration of the Services, as described in the TOU:

3.1. Personal Data:

  • Customers' information: identification and contact data (name, contact details, username); billing information (billing address, payment information); organization information (name, address, geographic location, area of responsibility, VAT code), IP addresses, browsing activity, web server logs.

  • Subscribers' information: email address and any other additional information that Customer provides to MailerLite.

3.1.1. At any time, you may log in and change this information, or remove it. You may decline to provide Personal Data to the Services, however, some of the Personal Data we ask you to provide, for example, the email address is mandatory for a Service. If you decline to provide it, we may not be able to provide that service to you.

3.1.2. Please note, MailerLite does not process or store your credit card information. Once you make a payment for MailerLite Classic, your credit card information is transferred to our third-party payment processor Braintree or PayPal and when using the New MailerLite, your credit card information is transferred to Stripe.

3.1.3. If, being a Shopify user, you install MailerLite Shopify app through Shopify App Store, Shopify will bill you for our Services. More information about Personal Data collected by Shopify can be found in Shopify’s Privacy Policy.

3.1.4. Please be informed that for communication via email and live chat, MailerLite uses third-party customer support platforms. When communication goes through our Contact Us form or email, your information is transferred to HelpScout. When communication is through live chat, your information is transferred to Intercom. If you reach out to us when using the New MailerLite, regardless of the method, your information will be transferred to HelpScout. You may find HelpScout’s privacy policy and Intercom’s.

3.1.5. MailerLite utilizes OpenAI’s GPT technology, providing features such as an AI-powered writing assistant and AI-powered subject line generator. By using these features, you agree that your input, which may contain personal information, is sent to OpenAI's API for processing in accordance with OpenAI's Terms of Service, Privacy Policy and API Data Usage Policy. MailerLite is not responsible for the data handling practices or policies of OpenAI or any third-party services used by OpenAI.

3.2. Non-Personal Data:

  • The browser and device information: location, device type, model, number, type of browser or operating system, the time and date of access, screen resolution, plug-ins, add-ons and the version of the Services you are using, and other information that does not personally identify you.

  • Information from your use of the Services and information from other sources: we may receive information about how and when you use the Services, or other types of files associated with your account, and link it to other information we collect about you. Also, we may obtain information about you or your Subscribers from third-party sources, such as public databases, social media platforms, third-party data providers, and our joint marketing partners. This information may include, for example, time, date, browser used, demographic information, device information (such as device type, model, number, type of browser or operating system), location, and online behavioral data (such as information about your use of social media websites, page view information and search results and links), actions you have taken, anonymous usage data, referring/exit pages and URLs, preferences you submit and preferences that are generated based on the data you submit and the number of clicks.

4. Purposes of Processing

4.1. MailerLite uses collected information for the operation of the Services, to maintain the quality of the Service, to provide general statistics regarding use of the Service, to promote and analyze the Services, to provide customer support and send information about the Services, to protect the rights and safety of Customers, Subscribers, third-parties and our own, to send customized informational or promotional content and provide suggestions according to marketing preferences, to ensure observance of our TOU and meet the legal requirements, to verify identity and provided information, manage payments, to understand demographics, Customer interests and needs, and other trends among users, and for other business purposes.

4.2. We may combine Personal Data with other information we Process to customize informational content and enhance our ability to provide Services according to marketing preferences, restrictions or for advertising, targeting purposes, personalization of ads, or to develop and provide you with more relevant products and features in accordance with this Privacy Policy.

5. How we collect your information

5.1. Data provided by our Customers: Customers may import into the Services Personal Data they have collected from their Subscribers or other individuals. We have no direct relationship with Customers’ Subscribers or any individuals other than our Customers. Our Processing of Personal Data is based on the data subject freely given consent and Customers are responsible for making sure they have the necessary permissions for us to Process Personal Data about Subscribers or other individuals.

5.2. Tracking technologies: in connection with the performance of the Services, MailerLite uses:

  • Cookies: cookies are tiny files of data that a website transfers to your computer's hard disk for record-keeping purposes. Most web browsers are set to accept cookies, but you can change this in your browser settings. However, if you do not accept cookies, you may not be able to use all of MailerLite’s functionality. We use cookies to improve your Mailerlite experience and by collecting this data, we can store information so that you don’t have to re-enter it every time you visit MailerLite. We also use it to monitor visitor metrics to MailerLite such as page views, time on site, number of visitors, etc.

  • Web beacons: we include single-pixel gifs (web beacons) in emails we send, which allow us to collect information about when you open the email and your IP address, your browser or email client type, and other similar details. We use the data from those web beacons to create reports about how your email campaign performed and what actions your Subscribers took, to capture the time spent on the Services, pages visited and email campaign performance.

  • Unique identifiers and similar tracking technologies: we may use other tracking technologies to administer the Services, track your movements around the Services, analyze trends, track behavior, serve targeted advertisements and gather demographic information, to measure the performance of our email campaigns and to improve our features for specific segments of Customers.

5.3. Log Data monitoring: we may collect log data whenever you access our tool. This data could include things like an IP address, browser type, and version, the pages you visit on MailerLite, and other user statistics. When you access MailerLite with a mobile device, log data may include the type of device, your mobile unique ID, the IP address of your device, mobile operating system, and other mobile statistics.

5.4. Third-party services: we may use third-party services, such as Google Analytics and Facebook, that collect and analyze log data to help us improve MailerLite, and occasionally to use for targeted online advertising. Our third-party partners may use cookies or other tracking technologies to provide you advertising on other sites based on your browsing activities and interests. You can find more information about these practices, including how to opt out of receiving targeted advertising here: http://www.aboutads.info/choices/.

5.5. Based on the requirements of the California Online Privacy Protection Act, MailerLite declares that it does not correspond to Do Not Track browser signals.

6. Transferring to third-party companies

6.1. We will never sell, rent, or lease your Personal Data to a third party, but we may share collected information for the purposes described in this Privacy Policy with third parties, including group companies, that help MailerLite provide, improve, promote or support Services, that help with our business operations and assist in the delivery of our Services, or who perform services for us, in order to prevent damage to our property or for safety reasons, for example, payment processors, hosting services, analytics, content delivery services, advertising partners, etc., in a manner that is consistent with this Privacy Policy. We may also share information with third parties if required to do so by law or if you violate our TOU.

6.2. We may disclose Non-Personal Data for any purpose because this information cannot be used to identify you or another person.

7. Email communications & opting out

7.1. From time to time you may receive emails related to your use of MailerLite. Based on the Personal Data that you provide us, we may communicate with you in response to your inquiries to provide the Services you request and to manage your account. If we have your consent, we may also use your Personal Data to send you updates and other promotional communications. Every email will contain a link to be able to opt-out of receiving it. We may still send important messages regarding administrative matters, updates, disputes, and customer service issues that are required to provide the Services.

7.2. If a Subscriber no longer wants to be contacted by one of our Customers, he can unsubscribe directly from that Customers’ newsletter or contact the Customer directly to update or delete the data. If a Subscriber contacts us, we will refer him to that Customer. We will retain personal information we Process on behalf of our Customers only for as long as needed to provide our Services or to comply with our obligations.

8. Safety of your information

8.1. MailerLite takes reasonable precautions, technical and organizational security measures to ensure a level of security appropriate to the risk, follows industry best practices in order to protect your Personal Data from any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data and to preserve the security and confidentiality of the data. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such precautions. By using our Service, you acknowledge that you understand and agree to assume these risks.

8.2. The customer is responsible for reviewing the information made available by MailerLite relating to its data security and making an independent determination as to whether the Services meet Customer’s requirements and legal obligations under Data Protection Laws. Also, Customer is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Personal Data when in transit to and from the Services and taking any appropriate steps to securely encrypt or backup any Personal Data uploaded to the Services.

9. Protecting Subscriber’s lists and data

9.1. We reserve the right to monitor your lists, content and response data from time to time to make sure they comply with our TOU, we will never share, sell or rent your customer data to anyone for any reason.

9.2. Our data storage center is in the European Union and has information storage security certificate (ISO 27001) so you can rest assured that your Subscribers data is safe with us.

10. Customers’ rights

10.1. You have the following rights regarding your Personal Data:

  • Right to Access. You have the right to request disclosure of the specific pieces of your Personal Data we have collected about you in a portable and, where technically feasible, readily usable format.

  • Right to Know. You have the right to verify if we have collected Personal Data about you and to know the details of it.

  • Right to Deletion. You may request the deletion of your Personal Data in accordance with Clause 11 of this Privacy Policy.

  • Right to Opt-Out. You have the right to opt-out of sharing your Personal Data for cross-context behavioral advertising to third parties. You can exercise this right by visiting our Cookie Settings and disabling functional, performance, and targeting cookies.

  • Right to object to the processing of your Personal Data. You have the right to object to the processing of your personal data, including profiling.

  • Right to correct your Personal Data. You have the right to update inaccurate information that we process about you by amending it in your MailerLite account.

  • Right to exercise rights without discrimination. You have the right not to receive discriminatory treatment if you exercise the rights conferred to you by applicable privacy law.

10.2. Please be aware that these rights may be limited by applicable laws and depend on technical feasibility.

10.3. If you are not able to exercise these rights through your MailerLite’s account, please contact us using the contact form. We may require additional information or identifying documents from you to verify your identity and process your request. 

10.4. If you are a resident of California and you want to implement your rights under the California Consumer Privacy Act, please refer to Clause 15 of this Privacy Policy.

11. Data retention

11.1. Unless you specifically request that we delete your Personal Data, we will keep it for as long as we need to meet our Terms, give you Services, and maintain the effective operation of our business.

11.2. If you ask us to delete your Personal Data, we may still be obliged to retain it for the following purposes: (i) to follow the law or rules (like maintaining transaction records), (ii) to deal with legal issues or defend ourselves in legal claims, and (iii) to protect against fraud or abuse on our Service. This implies that different types of Personal Data may be kept for different amounts of time.

11.3. Sometimes, we might not be able to delete, make anonymous, or hide your Personal Data right away because of technical, legal, or operational reasons. In these situations, we will take reasonable measures to securely isolate your Personal Data from any further Processing until we can properly delete, make anonymous, or de-identify it.

11.4. If your account is inactive for 2 years or more, MailerLite reserves the right to permanently delete your account with all its data, including your list of subscribers and your content. If MailerLite decides to delete your account, you will be informed via email. You will then be given 30 days to export the data or reactivate your account before the account is permanently deleted.

12. Links to other websites

12.1. As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Service. Therefore, this Privacy Policy does not apply to your use of a third-party website accessed by selecting a link via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.

13. Data Processing Addendum

13.1. We created our Data Processing Addendum to cover the GDPR requirements as they relate to email marketing and we encourage all our Customers to review it.

14. Age of consent

14.1. By using the Service, you represent that you are at least 16 years of age.

15. California Privacy Rights 

15.1. This section applies exclusively to individuals residing in California (“ California Customers”). It delineates our procedures for collecting, using, and sharing the Personal Data of California Customers in our capacity as a business according to the California Consumer Privacy Act (" CCPA"), along with the associated rights regarding such Personal Data. For the purposes of this clause, "Personal Data" refers to the definition of “Personal Information” as it is outlined in the CCPA.

15.2. California Customers have the ability to exercise the subsequent rights regarding their Personal Data, but these rights are not unconditional, and there may be instances where we are authorized to reject your request according to CCPA:

  • Right to Know: You can request details about our collection and usage of your Personal Data, including categories of collected data, purposes, third-party sharing, and specific pieces collected. MailerLite will respond to a maximum of two (2) requests within a twelve (12) month period.

  • Right to Access: You are able to access all Personal Data transferred to us in your MailerLite account. You can also request details regarding how we have collected and used your Personal Data over the past twelve (12) months, and MailerLite will respond to a maximum of two (2) requests. Please note that there may be legal restrictions preventing us from disclosing certain Personal Data if it poses a substantial risk to the security of the information, our systems, or your account.

  • Right to Correct: If you find any inaccuracies in your Personal Data that we hold, or if your Personal Data changes, you can make respective changes in your MailerLite account or you can notify us and we will promptly update our records to ensure they reflect the accurate information.

  • Right to Deletion: You can request the deletion of your Personal Data as per Clause 11 of this Privacy Policy. MailerLite may delete, de-identify, or aggregate your data upon such a request, confirming the information before deletion.

  • Opt-out of Sharing: MailerLite uses services to deliver personalized ads to you. Under the CCPA, our utilization of some of these services may be tagged as sharing your Personal Data with the advertising partners who provide these services. You have the option to opt-out of the sharing of your Personal Data by visiting our Cookie Settings and disabling functional, performance, and targeting cookies.

  • No Selling of Personal Data: If you have activated the opt-out feature, you will automatically be excluded from any sharing when engaging with our Services. MailerLite adheres to CCPA regulations by not selling your Personal Data.

  • Limited Processing of Sensitive Personal Data: We don’t collect any sensitive Personal Data. However, we cannot control whether our Customers use or disclose the sensitive Personal Data of their Subscribers. If you are a Subscriber of our Customers, please contact them directly for queries regarding your sensitive Personal Data.

  • Right to Nondiscrimination. We will not engage in discrimination against you for exercising any of your CCPA rights.

15.3.  If you are not able to exercise these rights through your MailerLite account, California Customers may exercise these rights over their Personal Data by contacting us.

15.4. MailerLite in terms of CCPA acts as a service provider and we process Personal Data on our Customers’ behalf. Please direct any requests for access or deletion of your Personal Data to the Customers with whom you have a direct relationship.

16. Data Privacy Framework

16.1. MailerLite, Inc. has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. When providing Services to Customers outside the European Economic Area (EEA), United Kingdom, and Switzerland, MailerLite, Inc. operates in accordance with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks ('DPF'), as well as the UK Extension to the EU-U.S. DPF, as stipulated by the US Department of Commerce. This adherence extends to the collection, processing, utilization, and retention of Personal Data from these regions. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF principles and/or the Swiss-U.S. DPF principles, the principles shall govern. For further information regarding the DPF and to access our certification, please visit the DPF website.

16.2. MailerLite, Inc. falls under the regulatory authority of the US Federal Trade Commission, which possesses investigatory and enforcement powers. Additionally, you have the option to file a complaint with your local data protection authority, and we will collaborate with them to address your concerns. Under specific conditions, as outlined in Annex I to the DPF Principles, the DPF provides the right to pursue binding arbitration to resolve complaints that remain unresolved through other channels.

16.3. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, MailerLite, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact MailerLite, Inc.

16.4. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S.  DPF, MailerLite, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities  (DPAs) and the UK Information Commissioner’s Office  (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on the  EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

16.5. We remain responsible for all the personal information we receive under the DPF and that we subsequently transfer to third parties acting as agents on our behalf if they process personal information in a manner inconsistent with the DPF principles.

17. Merger or acquisition

17.1. In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Data may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to Process your Personal Data as set forth in this Privacy Policy.

18. MailerLite as a Controller

18.1. MailerLite acts as a Controller of Personal Data of its employees, contractors, candidates, affiliates and other third parties that are not considered as a Customer. MailerLite undertakes to comply with legal requirements when processing Personal Data as a Controller and implements appropriate technical and organizational measures to ensure a level of security of Personal Data as required under GDPR and applicable Data Protection Laws.

19. Changes

19.1. MailerLite reserves the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy, we will post these changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. All changes are effective immediately upon posting and we suggest that you check this Privacy Policy periodically if you are concerned about how your information is used.

20. Contacting MailerLite

If you:

  • would like to request access to the information we hold about you, correct, modify, delete or update Personal Data that you have provided to us, or

  • have any questions regarding this Privacy Policy or the practices of this site, wish to withdraw your consent for the continued collection, would like to object to your Personal Data being used, or have any additional questions:

Please contact us any time via this contact