Privacy Policy

Last revised and updated 05/04/2020. Click here to see the latest version.

Changelog On May 5, 2020 we updated the Privacy Policy in the following way:

• We have updated our independent recourse mechanism for Privacy Shield complaints for use by EU individuals
• We have updated our contact information for our internal complaints mechanism.

On August 23, 2019, we updated the Privacy Policy in the following way:

• We added more details about how we transfer personal data in compliance with the EU-U.S. Privacy Shield Framework to section 9.
• We updated the list of third-party partners with whom we share personal data to facilitate business functions, adding Chargify, Optimizely, Salesforce, Uservoice, and Zapier, and removing those we no longer do business with.
• We added a link to our cookie policy to Section 2.

On August 31, 2018, we updated the Privacy Policy in the following way:

• We added more distinctions between Mailgun users and website visitors to make it clearer which policies apply to each group.
• We included information on what data we collect, how we use it, and the rights that you have in relation to this data.
• We added details about the third-party partners we use to facilitate business functions and explained how we work with them.

On June 30, 2017, we updated the Privacy Policy in the following way:

• We updated our policy to remove references to the U.S.-Swiss Safe Harbor Framework.

We updated our Privacy Policy on June 27, 2017 in the following way:

• We made changes to reflect improvements to our Services’ email validation functionality.

The previous version of our privacy policy, dated 08/31/2018, is available for review below. For the latest version, click here.

Your privacy is important to us. We describe in this notice how we collect and use information about you in your use of the Mailgun services, including the Mailgun platform and the website at mailgun.com (made available by Mailgun Technologies, Inc.). If you are one of our customers, you should read this notice in conjunction with our Terms of Service.

As you know, we are an email service provider. When collecting information about our customers or visitors of our website, we are, under European Union (“EU") data protection laws, qualified as “data controller". This means that we are responsible for deciding how we hold and use personal data about you.

We collect information about you when you fill in a contact form on our website or send us an e-mail. Whichever way you choose to contact us, we’re going to need some basic personal information from you in order to handle your request.

We may also receive your personal data from third parties, when you express your interest for our services to them.

We collect information by automated means. When you visit our website, view a Mailgun advertisement on a third party-owned website, or read our marketing email, we automatically collect information about you via cookies, web beacons and other similar technologies. These are small files associated with information that your browser or our servers will save and return as part of your use of the website and the services for purposes such as saving your login session between visits, remembering your display preferences and tracking your use of the website. For more information on our use of cookies, read our cookies notice.

We collect two types of information about you: personal data and non-personal data.

Personal data. This is information that lets us know who you are. This includes the information you provide us when registering to use the platform, like your name, company name, email address, postal address, other contact information you share with us, associated domain name and credit card information. Your login credentials are also personal data. This category also includes information tied to your identity that you provide us through other means, such as emails to our support team.

Non-personal data. This is information that doesn’t let us determine your identity. This generally comes from your use of the services after registering. Non-personal data includes information that could personally identify you in its original form, but that we have modified to remove or hide (for instance, by aggregation) any personal data.

If you are a visitor of our website, we use your personal and non-personal data to engage with you and support live chat conversations on the website.

When you are one of our customers, we use the information we collect about you to provide the services to you. As part of that purpose, we use your personal data and non-personal data:

1. to create and maintain your platform account, and to control access to it;
2. to provide you with real-time logs of your use of the platform;
3. to respond to any requests you may submit for support or sales information, or similar communications;
4. to communicate with you (for example through newsletters, marketing emails, announcements or special offers) about our services;
5. for billing and collection purposes, if you have subscribed to one of our paid plans;
6. for the investigation and prevention of fraud and breaches of the terms of service
7. to enable third parties to provide services to us;
8. for customers that request allocated dedicated IP addresses, for the purposes of assigning the dedicated IP address to that customer;
9. to comply with applicable laws to which we are subject.

We may use your non-personal data to enhance the services, for instance through web analytics or troubleshooting. We may also use aggregated or depersonalized information to promote our services, such as by citing usage statistics.

We collect your personal data because we need it to perform a contract we have signed with you or because you have taken steps to enter into a contract with us (for instance, when you fill in a contact form to request information about our services or when you sign up for a Mailgun account). Otherwise, we collect personal data based on your consent.

Except for the limited circumstances we described here or in applicable agreement / terms of service, we do not share your personal data with third parties. When we need to provide your personal data to third parties, we will only share it to the extent necessary to provide you with our services. We may also share your personal data as required or permitted by law and as described below.

We host the website and operate the platform using third parties, including AWS®, SoftLayer® and Rackspace®. Your platform will be hosted from their data centers throughout the United States and/or Europe, based on where you have selected to deploy Mailgun services.

We use a Stripe®, to process subscription payments, and therefore provide them with the personal data required to charge your credit card.

We may use third-party services either embedded into our website (such as Disqus®, Drift, Mixpanel™, VWO®, KISSMetrics™, Moz™, Segment™ and Google® Analytics) or outside of it (such as GitHub® and Twitter®) to communicate with you or to enhance the function of the website and the services.

We use third-party service providers and platforms (such as Pendo, Customer.io, Hubspot, and Zendesk) for customer engagement, customer chat, product feedback and customer support ticketing.

We may share your contact information with ARIN (American Registry for Internet Numbers) for the purposes of fulfilling your request to re-assign the dedicated IP address to the customer.

While we provide these third parties with no more information than what is necessary to enable them to provide the services to us, any information that you provide these services providers independently is subject to their respective privacy policies and practices.

In certain situations, Mailgun may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Additionally, we will provide information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Mailgun infrastructure is located in top-tier data centers. Each of these locations adhere to strict physical and procedural controls which are frequently audited. Mailgun applications are routinely scanned for vulnerabilities and an independent penetration test is conducted annually. All Mailgun employees undergo thorough background checks and sign non-disclosure agreements at the time of hire. If you have any questions about the security of your personal information, you can contact us at privacy@mailgun.com.

Remember, though, that some parts of the services are public and that email, by its nature, is not a reliably private means of communication. If you voluntarily provide personal data in a public area of the website, unrelated parties online will be able to view it and collect it. If you don’t want to make this information publicly available, you shouldn’t post it.

We keep your personal data for as long as is necessary to provide our services to you.

If you would like us to cease all of the described uses of your personal data, you may delete your account at any time from the Account Settings section from the Mailgun Dashboard. This will delete your personal data from our records, and we will make no further use of it. We may, however, retain copies of your personal data in backups. Please note that we may be required to retain certain information by law and/or for own legitimate business purposes.

Mailgun participates in and has certified to the EU-U.S. Privacy Shield Framework. Mailgun is committed to subjecting all personal data received from the EU, in accordance to the Privacy Shield Framework. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

To enhance security of your personal data, we also entered into Standard Contractual Clauses with our processors or controllers. If you would like to request a copy, you can contact us at privacy@mailgun.com.

You have the right to:

1. Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
4. Withdraw your consent and opt-out from our communications. We will honor your opt-out within 10 days. Please note that you cannot unsubscribe from service-related messages.
5. Object to processing of your personal data, for example, if we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis.
6. Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
7. Request the transfer of your personal data to another party (right to data portability).

If you want to exercise any of the above rights, please email our privacy team at privacy@mailgun.com. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Individuals located in the EU with inquiries or complaints in relation to the information provided should first contact Mailgun at:

Mailgun Technologies, Inc. 548 Market St. #43099 San Francisco, CA 94104 by email: privacy@mailgun.com

Pursuant to Article 27 of the General Data Protection Regulation, VeraSafe has been appointed as Mailgun Technologies, Inc.’s representative in the EU for data protection matters. VeraSafe can be contacted in addition to privacy@mailgun.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe may be contacted at:

VeraSafe Ireland Ltd Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

If you are located in the EU, you also have the right to lodge a complaint to a data protection authority.

The information provided in this notice may be modified to address new issues or changes to our policies. We will post changes here. If we make significant changes, we may notify you by other means (for instance, by email or with a banner on the website) prior to the change becoming effective. Any changes we make will take effect 30 days after the update date noted below. If you object to the changes, email us at privacy@mailgun.com before the new effective date to delete your information from our records, and we will do so.

31 August 2018