Privacy Policy

Last updated: February 12, 2025

Privacy Policy

This Privacy Policy describes how mypo (“we”, “us”, “our”) collects, uses, and protects your personal information when you use our mailing list and email campaign tool. We are committed to protecting your privacy and handling your data responsibly.

1. Data Controller

mypo
Email: hello@mypo.it
Location: Milano, Italia

2. Information We Collect

2.1 Information You Provide

Account data: Name, email address, password (hashed)
Profile data: Organization name, logo, billing details
Content data: Mailing lists, contacts (names, emails, notes), templates, campaign content
Gmail OAuth: We store encrypted tokens to send emails on your behalf. We do not access, read, or store the contents of your inbox.
Communications: Messages you send to our support team

2.2 Information Collected Automatically

Usage data: Pages visited, features used, time spent
Device data: Browser type, IP address, device identifiers
Log data: Requests, errors, performance metrics (for debugging and monitoring)

2.3 Cookies and Similar Technologies

See our Cookie Policy for details on cookies we use.

3. How We Use Your Information

We use your data to:

Provide, maintain, and improve the Service
Send emails on your behalf via Gmail
Process payments and manage subscriptions
Respond to support requests
Send transactional and product-related communications
Ensure security, prevent fraud, and enforce our Terms
Comply with legal obligations
Analyze usage to improve our product (in anonymized form where possible)

We do not sell your personal information.

4. Legal Basis for Processing (EU/EEA)

Where applicable under GDPR, we process your data based on:

Contract: To provide the Service you requested
Legitimate interests: Security, fraud prevention, product improvement, analytics
Consent: For optional features (e.g., marketing emails, non-essential cookies)
Legal obligation: When required by law

We use the following services to operate mypo. Each has its own privacy policy; data is shared only as necessary to provide the Service.

Service	Purpose	Data shared	Location
Vercel	Hosting, CDN, analytics	IP, requests, logs	US (DPA in place)
Neon	Database (PostgreSQL)	All application data	US/EU (configurable)
AWS (S3, SES)	File storage, email sending	Files, email metadata	EU (Ireland)
Stripe	Payment processing	Billing info, payment details	US/EU
PayPal	Payment processing	Billing info, payment details	US/EU
Dodo	Payment processing	Billing info	EU
Google (Gmail API)	Send campaigns	OAuth tokens, recipient emails	US (Google Cloud)
NextAuth	Authentication	Email, name, session	-
Inngest	Background jobs	Campaign/recipient data for sending	US
Sentry	Error monitoring	Error logs, IP, user context (hashed)	US/EU
Crisp	Chat/support	Name, email, messages (when you use chat)	EU

We may disclose your data if required by law, to protect our rights, or in connection with a merger or acquisition.

6. Data Retention

Account data: Retained while your account is active and for 30 days after deletion
Backups: May retain deleted data in backups for up to 90 days
Logs and analytics: Typically 12–24 months
Legal holds: We may retain data longer when required by law

7. Data Security

We implement appropriate technical and organizational measures:

Encryption in transit (TLS) and at rest for sensitive data
Encrypted storage of Gmail OAuth tokens
Access controls and authentication
Regular security reviews

No system is 100% secure. You are responsible for protecting your account credentials.

8. Your Rights

Depending on your location, you may have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data (“right to be forgotten”)
Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interests
Restrict: Restrict processing in certain circumstances
Withdraw consent: Where processing is based on consent

To exercise these rights, email hello@mypo.it. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority (e.g., Garante per la Protezione dei Dati Personali in Italy, or your local data protection authority).

9. International Transfers

Some of our providers are located outside the EU/EEA. We ensure appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) for such transfers where required.

10. Children

The Service is not intended for users under 16. We do not knowingly collect data from children. If you become aware that a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The “last updated” date at the top indicates when the policy was last revised.

12. Contact

For privacy-related questions or to exercise your rights:

Email: hello@mypo.it

Data Protection: For GDPR-specific inquiries, you may contact our data protection contact at hello@mypo.it.

Privacy Policy

Last updated: February 12, 2025

Privacy Policy

1. Data Controller

mypo
Email: hello@mypo.it
Location: Milano, Italia

2. Information We Collect

2.1 Information You Provide

Account data: Name, email address, password (hashed)
Profile data: Organization name, logo, billing details
Content data: Mailing lists, contacts (names, emails, notes), templates, campaign content
Gmail OAuth: We store encrypted tokens to send emails on your behalf. We do not access, read, or store the contents of your inbox.
Communications: Messages you send to our support team

2.2 Information Collected Automatically

Usage data: Pages visited, features used, time spent
Device data: Browser type, IP address, device identifiers
Log data: Requests, errors, performance metrics (for debugging and monitoring)

2.3 Cookies and Similar Technologies

See our Cookie Policy for details on cookies we use.

3. How We Use Your Information

We use your data to:

Provide, maintain, and improve the Service
Send emails on your behalf via Gmail
Process payments and manage subscriptions
Respond to support requests
Send transactional and product-related communications
Ensure security, prevent fraud, and enforce our Terms
Comply with legal obligations
Analyze usage to improve our product (in anonymized form where possible)

We do not sell your personal information.

4. Legal Basis for Processing (EU/EEA)

Where applicable under GDPR, we process your data based on:

Contract: To provide the Service you requested
Legitimate interests: Security, fraud prevention, product improvement, analytics
Consent: For optional features (e.g., marketing emails, non-essential cookies)
Legal obligation: When required by law

We use the following services to operate mypo. Each has its own privacy policy; data is shared only as necessary to provide the Service.

Service	Purpose	Data shared	Location
Vercel	Hosting, CDN, analytics	IP, requests, logs	US (DPA in place)
Neon	Database (PostgreSQL)	All application data	US/EU (configurable)
AWS (S3, SES)	File storage, email sending	Files, email metadata	EU (Ireland)
Stripe	Payment processing	Billing info, payment details	US/EU
PayPal	Payment processing	Billing info, payment details	US/EU
Dodo	Payment processing	Billing info	EU
Google (Gmail API)	Send campaigns	OAuth tokens, recipient emails	US (Google Cloud)
NextAuth	Authentication	Email, name, session	-
Inngest	Background jobs	Campaign/recipient data for sending	US
Sentry	Error monitoring	Error logs, IP, user context (hashed)	US/EU
Crisp	Chat/support	Name, email, messages (when you use chat)	EU

We may disclose your data if required by law, to protect our rights, or in connection with a merger or acquisition.

6. Data Retention

Account data: Retained while your account is active and for 30 days after deletion
Backups: May retain deleted data in backups for up to 90 days
Logs and analytics: Typically 12–24 months
Legal holds: We may retain data longer when required by law

7. Data Security

We implement appropriate technical and organizational measures:

Encryption in transit (TLS) and at rest for sensitive data
Encrypted storage of Gmail OAuth tokens
Access controls and authentication
Regular security reviews

No system is 100% secure. You are responsible for protecting your account credentials.

8. Your Rights

Depending on your location, you may have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data (“right to be forgotten”)
Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interests
Restrict: Restrict processing in certain circumstances
Withdraw consent: Where processing is based on consent

To exercise these rights, email hello@mypo.it. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority (e.g., Garante per la Protezione dei Dati Personali in Italy, or your local data protection authority).

9. International Transfers

Some of our providers are located outside the EU/EEA. We ensure appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) for such transfers where required.

10. Children

11. Changes to This Policy

12. Contact

For privacy-related questions or to exercise your rights:

Email: hello@mypo.it

Data Protection: For GDPR-specific inquiries, you may contact our data protection contact at hello@mypo.it.

Privacy Policy

1. Data Controller

2. Information We Collect

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Cookies and Similar Technologies

3. How We Use Your Information

4. Legal Basis for Processing (EU/EEA)

5. Third-Party Services and Data Sharing

6. Data Retention

7. Data Security

8. Your Rights

9. International Transfers

10. Children

11. Changes to This Policy

12. Contact

Privacy Policy

1. Data Controller

2. Information We Collect

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Cookies and Similar Technologies

3. How We Use Your Information

4. Legal Basis for Processing (EU/EEA)

5. Third-Party Services and Data Sharing

6. Data Retention

7. Data Security

8. Your Rights

9. International Transfers

10. Children

11. Changes to This Policy

12. Contact