Inside Mailbutler
How we introduced an AI bot for tier-one customer questions
Learn how we implemented an AI-powered support bot to improve our response times, reduce agent workload, and deliver round-the-clock answers to customer questions.
Inside Mailbutler
How Email Tracking Can Be GDPR‑Compliant
Former Tanzanian, now happily repatriated European, back in my birth-place of Berlin. I enjoy the little things in life, as well as traveling, hiking and spending time with good friends.
Privacy is not something we “implement.”
It’s something we believe in.
From the very beginning, Mailbutler was built on a simple conviction: technology should support people, not take advantage of them. And that belief guides every product decision we make — especially around features like email tracking, which naturally raise questions.
In my earlier article, Inside Out: How Mailbutler Respects Your Privacy, I explained how we architect our system around minimal data, transparency, and respect. In this follow‑up, I want to go a level deeper. I want to explain:
- how email tracking works at Mailbutler,
- how we maintain strict GDPR compliance,
- why your recipients remain anonymous in our system,
- and what the GDPR expects from you as the sender.
Because compliance is important — but values are what shape how we build.
Why Email Tracking Deserves Transparency
Email tracking can easily be misused or misunderstood.
Many tools collect more data than necessary. Some profile recipients. Others store detailed behavioral logs.
We do none of that ❗️
To us, the ethical question always comes before the technical one. I have rejected opportunities, features, and data practices that would have helped us grow faster — simply because they conflicted with our values or would have chipped away at user trust.
We build tracking, yes. But we build it with intention.
Our Privacy Foundation: Minimal Data, Maximum Respect
Before getting into GDPR roles, here is the cornerstone of our tracking architecture:
We do not store any personal information about your recipients ❗️
Not even their email addresses.
Instead, every recipient is represented internally by a non‑reversible unique identifier. This identifier allows per‑recipient tracking — without giving us any knowledge of who the person actually is.
Important implications:
- We cannot identify the recipient.
- We cannot derive their email address from the unique recipient identifier.
- We cannot build behavior profiles.
- We cannot aggregate data about them.
- We cannot link tracking events to a real person.
Only your email application knows which identifier belongs to which recipient — and that's by design.
Your recipients remain your private relationships, not ours.
Optional Labels — Your Choice, Not Our Requirement
Some users prefer seeing names, initials, or subject lines in their Mailbutler dashboard. Others prefer full anonymity.
We respect both. So we let you choose.
You can optionally add:
- a recipient’s name,
- their initials,
- or nothing at all.
These labels are stored only so you see a more meaningful UI.
They are not required for tracking to work.
They are not processed beyond your own visualization.
They do not change how our system treats recipient data.
Mailbutler does not use this optional information for any processing or profiling. And tracking works perfectly without it.
Understanding GDPR: Controller vs. Processor
To understand compliance, we must explain the GDPR roles clearly.
You are the Data Controller.
As the sender, you decide:
- whether to use tracking,
- why you use it,
- who you email,
- what the content of the email is,
- whether tracking is appropriate in each context.
This gives you responsibility — not only technical, but legal and ethical.
As controller, it is your responsibility to:
- ensure you have a lawful basis for using tracking (e.g. legitimate interest or consent),
- inform your recipients when required by law,
- handle any GDPR‑related requests from your recipients,
- decide what auxiliary labels (if any) to store.
We provide the tools; you decide how to use them.
Mailbutler is the Data Processor.
Our role is to:
- process only the data necessary to deliver the service,
- follow your instructions and nothing else,
- protect the data through technical and organizational measures,
- never use the data for our own purposes,
- delete data when it is no longer needed,
- maintain strict data minimization and security.
We do not decide why you track or who you track — you do.
And because we do not store recipients' personally identifiable information (PII), our processing footprint is extremely small.
Why This Structure Matters
The GDPR distinction between controller and processor ensures accountability and clarity:
- You control the purpose.
- We execute the purpose with minimal data.
- You communicate with your recipients.
- We never do.
- You decide what UI labels (if any) to save.
- We cannot infer any personal data from the unique recipient identifiers we store.
This structure aligns perfectly with our values: You stay in control of your communication relationships, and we remain a privacy‑conscious facilitator.
Ethics Before Features
Mailbutler could technically store more data.
We could track more details.
We could build features on top of that data and market them as powerful insights.
But I founded Mailbutler on the belief that values matter more than profits.
Privacy matters.
Trust matters.
Integrity matters.
And I will always choose those over quick gains.
Because in the long run, a company that respects people will always build something more meaningful — and more sustainable — than a company that simply extracts what it can.
Closing Thoughts
Email tracking doesn’t need to be intrusive.
It doesn’t need to compromise anyone’s privacy.
And it certainly doesn’t need to be built around sensitive personal data.
With the right architecture and the right values, you can build tools that are both powerful and respectful — and that’s what Mailbutler stands for.
Your recipients remain anonymous to us ❗️
You remain in control.
We remain committed to privacy.
And most importantly, we remain committed to our values — even when choosing that path is harder.
If you ever have questions about how we protect data, how GDPR applies to your use case, or why we make certain architectural decisions, reach out.
Transparency isn’t a legal requirement for us.
It’s part of our identity.
Recommended articles
Inside Mailbutler
Inside out: How the Mail Bridge provides its functionality without compromising your privacy
Learn everything about Mail Bridge and how Mailbutler preserves your features and user privacy following macOS 14's email plugin changes.
Inside Mailbutler
Interview with Mailbutler’s UX/UI designers Magda and Yadira
We spoke with Mailbutler’s UX/UI designers Magda and Yadira to find out more about the process of implementing the Tags feature.
Inside Mailbutler
Inside out: How Mailbutler respects your privacy with AI and the Smart Assistant
Protection of our users' privacy is at the core of how we design our software, and this remained our top priority when we introduced our AI-based Smart Assistant. Learn more about how we protect your privacy.
Inside Mailbutler
How smart is Mailbutler’s Smart Assistant?
The Smart Assistant is powered by an AI that’s been trained on large volumes of text information from a wide variety of reliable sources.
Inside Mailbutler
AI and uncertainty: Setting realistic expectations about what you can accomplish with Mailbutler’s Smart Assistant
Read on to find out what you should expect from AI in general as well as from Mailbutler’s brand-new AI-powered Smart Assistant.