Privacy Policy

Last updated: December 2024

1. Who We Are

MailTail ("we", "us", "our") provides email signature management services for Microsoft 365 organisations. We are based in the United Kingdom and operate in compliance with UK GDPR and the Data Protection Act 2018.

For data protection enquiries, contact us at: [email protected]

2. What Data We Collect

Account Information

  • Contact name and email address
  • Company name
  • Subdomain preference
  • Payment information (processed by Stripe)

Microsoft 365 Data (via Entra ID)

When you connect your Microsoft 365 tenant, we access the following user profile data to populate email signatures:

  • Display name
  • Email address
  • Job title
  • Department
  • Phone numbers
  • Office location
  • Profile photo (if available)

We do not access: Email content, calendar data, files, or any other Microsoft 365 data beyond basic profile information.

Technical Data

  • IP address
  • Browser type and version
  • Usage analytics (anonymised)

3. How We Use Your Data

We use your data to:

  • Provide our service: Generate and apply email signatures using your Microsoft 365 user data
  • Process payments: Manage your subscription and billing through Stripe
  • Communicate with you: Send service updates, support responses, and important notices
  • Improve our service: Analyse usage patterns to enhance functionality

4. Legal Basis for Processing

We process your data under the following legal bases:

  • Contract: To provide the service you have subscribed to
  • Legitimate interest: To improve our service and prevent fraud
  • Legal obligation: To comply with tax and accounting requirements

5. Who We Share Data With

We share data with the following third parties:

  • Stripe: Payment processing (see Stripe Privacy Policy)
  • Microsoft: Authentication and user data access via Microsoft Graph API
  • Cloudflare: Website hosting and security

We do not sell your data to third parties or use it for advertising purposes.

6. Data Retention

We retain your data for:

  • Active accounts: As long as your subscription is active
  • Cancelled accounts: 30 days after cancellation, then deleted
  • Financial records: 7 years as required by UK law

7. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interest
  • Restrict: Request restriction of processing

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. By using our service, you consent to essential cookies.

9. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest
  • Access controls and authentication
  • Regular security reviews

10. International Transfers

Your data may be processed by third-party providers located outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through our service.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint

13. Contact Us

For any questions about this privacy policy or our data practices, contact us at:

Email: [email protected]

← Back to Home