Privacy Policy

Last Updated 1 Feb 2025

We at DataXpie Ltd. (“we,” “us,” “our”) respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what data we collect via our LetEmail platform (app.letemail.com), why we collect it, how we use and share it, and the choices you have regarding your information. We host and process all data within the EU under GDPR, CCPA, and related laws, and we employ industry-standard security and compliance measures.

1. Data Controller

DataXpie Ltd.
Registered in London, UK
Email: support[at]dataxpie[dot]com

2. Data We Collect

2.1 User-Provided Data

When you register for LetEmail, we collect:

• Customer name, timezone, language
• Default user details: first name, last name, email
• Account password (hashed) and related credentials. Connect, protect, and build everywhere

2.2 Sensitive Data

Clients may upload sensitive information (e.g., financial records). If such data is exposed due to client-side misconfiguration, LetEmail is not liable, though we adhere fully to GDPR obligations for processing personal data Connect, protect, and build everywhere.

2.3 Service & Usage Data

LetEmail automatically captures campaign metrics and logs, including:

• Overview graphs (send counts, schedule, delivery times)
• Link click data, open maps, subscriber counts
• Sending logs, bounce/complaint rates, unsubscribe counts
• Engagement statistics (open rate, click rate, last open/click timestamps) AWS Documentation

3. How We Use Your Data

• Service Delivery: Authenticate users, send campaigns via AWS SES.
• Analytics & Reporting: Visualize performance metrics for clients.
• Account Management: Support requests, billing, notifications.
• Legal Compliance: Retain records as required under GDPR and financial regulations. Connect, protect, and build everywhere

4. Third-Party Processors

We share data strictly under data-processing agreements:

• Email delivery: AWS SES (metadata only; strict suppression lists) AWS Documentation
• DNS & security: Cloudflare for Firewall & DDoS protection, GDPR-compliant Connect, protect, and build everywhere
• Payments: Stripe Stripe, PayPal Privacy Policy, Braintree Privacy Policy
• Analytics (front-end): Google Analytics Privacy Policy, Microsoft Clarity Privacy Statement Microsoft Clarity
• Chat support: Tawk.to Privacy Policy

5. Cookies & Tracking

We use:

• Google Analytics for website usage (letemail.com) Google Safety Center – Stay Safer Online
• Microsoft Clarity for session replay & heatmaps (opt-in GDPR consent required) Microsoft Learn
• Tawk.to for live chat support (cookie-based tracking)
  You may manage or disable cookies via your browser settings.

6. Security Measures

1. WAF & DDoS Protection: Cloudflare’s global network securing all traffic Connect, protect, and build everywhere
2. Authentication: API tokens, user/password + 2FA.
3. Incident Response: Formal plan with SLA-backed notifications within 72 hours Trend Micro
4. Vulnerability Management: Ad-hoc scans and quarterly automated checks & annual pen tests
5. Training: Monthly security awareness sessions for staff Connect, protect, and build everywhere

7. User Rights & Controls

• Right to Be Informed: Anchor link to full policy upon sign-up iubenda
• Right of Access: Self-service export (CSV/JSON) in dashboard
• Rectification: Users edit profile fields at any time
• Erasure: Submit deletion request to DPO
• Restrict Processing / Object: Opt-out checkboxes for analytics/marketing
• Data Portability: Full export in machine-readable format; or via support ticket Stripe

Requests are fulfilled within 30 days as per GDPR.

8. Policy Updates & Contact

• Notification: Email notice for material changes The Cloudflare Blog
• Privacy Contact: support[at]dataxpie[dot]com (general support)
• Complaint Handling: Logged via ticketing system; 30-day response target
• Governing Law: UK GDPR and Data Protection Act 2018