Privacy Policy

Mailbutler is a privacy-by-design email extension developed in Germany. As your service provider, we constantly work hard to protect your information: We are financially independent with source of revenue from our subscribers – we do not sell, rent, loan, or lease ANY of your personal information. This Privacy Policy helps you understand what information we collect, why we collect it, and how you can manage and delete your information.

For purposes of this Privacy Policy, the terms “we”, “us” and “our” refer to Mailbutler GmbH, Akazienstr. 3a, 10823 Berlin, Germany. The terms “Mailbutler”, “service” and “software” refers to our email client extension Mailbutler. “You” refers to you, as a user of the Application or visitor to the website, as applicable.

This Privacy Policy is effective as of the date last modified, as listed at the bottom of the privacy policy.

Responsible Contact

The responsible contact according to the Federal Data Protection Act is

Mailbutler GmbH, Akazienstr. 3a, 10823 Berlin.

If you have any questions concerning privacy policy matters, please contact: privacy@mailbutler.io. By contacting this email address, you can inquire into privacy issues and review, change, or delete your personal information stored by us.

Data Protection Officer (DPO)

Mailbutler GmbH has appointed a Data Protection Officer. You may contact our DPO regarding all privacy-related matters:

Name: Tobias Knobl
Email: privacy@mailbutler.io
Address: Akazienstr. 3a, 10823 Berlin, Germany

Reasons for collection of information

We may use the information we collect from Mailbutler and our website to provide, maintain, protect and improve Mailbutler and to communicate with you about your use of the Application.

Personal data

Personal data is any individual information about the personal or material circumstances of a specified or identifiable natural person. Personal data primarily includes details such as a person’s name, postal address or e-mail address.

Data Sources

We collect personal data from:

• You directly(e.g., during account creation, payment, feature usage)
• Your devices(technical metadata)
• Your email service provider(metadata required for Snooze, Send Later, Tracking)
• Third‑party services you connect(e.g., Asana, Todoist)
• Cookies and analytics tools(usage data, device info)

Processing and use of personal data

Purposes of Processing

We process personal data for the following purposes:

• To provide and improve the Mailbutler service
• To authenticate users and deliver features (Snooze, Send Later, Tracking, Smart Assistant, templates, signatures, tasks, notes)
• To manage subscriptions, payments, and invoicing
• To provide customer support
• To offer security, fraud prevention, and service integrity
• To comply with legal obligations
• To send transactional and (with consent) marketing communications
• To analyze usage patterns to improve functionality

Registration information

In order to register a Mailbutler account we require and store your email address and password.

Order and payment information

In order to process orders, we require all relevant personal information, such as your name, address, email address, company name, VAT ID and information concerning the payment method you have chosen. Payments are handled securely by our payment providers Paypal, GoCardless, or Stripe. These partner companies have their own data protection policies. We encourage you to read these policies thoroughly before using the Service, and check that you agree with them. To enable payments to be processed and invoiced, the partner company stores references to payment details. The actual payment details (including credit card and bank details) do not pass through Mailbutler servers and systems.

Mailbutler information

In order to guarantee full functionality of all Mailbutler features and to deliver high level of customer service for you we may collect and store

• your e-mail address. We process this type of personal data in order to sell and market our Services to you, to create an account for you and to provide our Services. We process this type of Personal Data based on the consent you expressly grant to us at the time we collect such personal data. We do not sell, rent, loan, or lease your contact information or any other data to others, unless we are required by law or litigation to disclose your personal information.
• certain technical information about your device, including device hardware model, operating system details, unique device identifiers. We process this type of Personal Data in order to provide our Services. We process this type of Personal Data for our legitimate interests in providing the Services.
• certain information about your Mailbutler usage, including date and time when you used a Mailbutler feature. We process this type of data in order to show you usage analytics in your dashboard and to provide our Services. We process this type of Personal Data for our legitimate interests in providing the Services.
• certain information about the recipient email address, recipient name, message subject and message ID (RFC 2392) when you use the Mailbutler feature Tracking, Note, Task, or Send Later. The message content of your emails is never read, stored or collected by us. We process this type of data in order to display the recipient’s name, email address and subject line within Mailbutler. We process this type of Personal Data for our legitimate interests in providing the Services. You are able to control how much information we collect and store in your privacy settings. Please refer to our support page for more details: https://help.mailbutler.io/help/how-do-i-choose-my-privacy-settings.
• user authentication information of your email server when using the feature Send Later or Tracking. We use the industry-standard OAuth mechanism for user authentication (wherever possible) which gives us access to your data without letting us know your password. We only collect and store this information temporarily when you use the send later feature and only for the time the features are active. We process this type of Personal Data in order to provide our Services. We process this type of Personal Data for our legitimate interests in providing the Services. We don’t read, write, modify, store, collect or control your message bodies.
• manually entered or created content such as notes, tasks, message templates, email signatures, or other free‑form information. We store and process this user‑generated content solely for the purpose of providing and improving our Services. Because this information is entirely entered by you, it may contain personal or sensitive data. We therefore encourage you not to include highly sensitive information. We do not allow humans to access this content unless you have explicitly granted us permission (for example, during a support request) or where required by law.

Sharing of Personal Data

We share data only with trusted service providers acting as our Processors or Sub‑Processors, including:

• Payment processors:PayPal, GoCardless, Stripe
• Analytics providers:Google Analytics
• AI providers:OpenAI (Smart Assistant only)
• Webinar partners:when registering for joint webinars
• Email and cloud service providers
• Third‑party integration tools(only if user connects them)

Your Google User Data

Additional Limits on Use of Your Google User Data: Notwithstanding anything else in this Privacy Policy, if you provide Mailbutler access to the following types of your Google data, the App’s use of that data will be subject to these additional restrictions:

• Mailbutler will use access to read, write, modify or control Gmail messages, metadata, headers, and settings to provide its features of delayed sending.
• Mailbutler will not process or transfer any Gmail data besides metadata (message identifiers) to its own servers or others unless doing so is necessary to comply with applicable law.
• Mailbutler never reads, modifies, stores or analyzes the content of your messages as the aforementioned features only require automated delivery of scheduled emails or moving messages between mailboxes.
• Mailbutler will not use this Gmail data for serving advertisements.
• Mailbutler will not allow humans to read Gmail user data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Mailbutler internal operations and even then, only when the data has been aggregated and anonymized.

Additional Statement on Google Workspace APIs:

Mailbutler affirms that any data accessed through Google Workspace APIs is not used to develop, improve, or train generalized or non-personalized artificial intelligence (AI) and/or machine learning (ML) models. This includes any models not specifically tailored to individual users. All processing of data accessed via Google Workspace APIs is strictly limited to providing and improving user-specific features within the Mailbutler service.

Third party services

You may link Mailbutler to third party services like Wunderlist, Asana, Todoist or others when you want to synchronize your Mailbutler Notes and Tasks with these services. These third-party companies have their own data protection policies. We encourage you to read these policies thoroughly before using the third-party integration in Mailbutler.

Mailbutler’s Send Later Functionality

How does Mailbutler’s Send Later Feature Work?

Mailbutler enables you to schedule an email to be sent at a specific date and time (Send Later). If you activate the Send Later feature for a specific email, Mailbutler will temporarily store the draft email in the Mailbutler-Scheduled folder on your email server. At the scheduled date and time, Mailbutler moves the email from the Mailbutler-Scheduling folder to your outbox. Your email server automatically then sends this email.

What data is collected?

In order to guarantee full functionality of Mailbutler’s Send Later features we may collect and store certain information about the recipient email address, recipient name, message subject and message ID (RFC 2392) when you use Send Later. The message content of your emails is never stored, read nor collected by us. We process recipient email address, recipient name, message subject in order to display the recipient’s name, email address and subject line in Mailbutler. We process this type of Personal Data for our legitimate interests in providing the Services. You have the option in the privacy settings to control which data we collect and store. Please refer to our support page for more details: https://help.mailbutler.io/help/how-do-i-choose-my-privacy-settings. We temporarily collect and store user authentication information of your email server only as long as it is required for delivering emails scheduled via Send Later. We use OAuth for user authentication (wherever possible) which gives us access to your data without letting us know your password.

Mailbutler as Data Processor for Email Tracking

How does Mailbutler’s Email Tracking Work?

Mailbutler enables mail senders to see when, where, how often and on which device the recipient has opened an email. If the sender activates email tracking for a specific email, Mailbutler includes a hidden image (also referred to as web-bug or 1-pixel image) with a unique mail-ID into the outgoing mail. Once the recipient opens the email, the recipient’s mail client or web service sends a request to our server in order to load the hidden image. Our servers collect and store the mail-ID, email client information, device information and the date and time of such request. We pass on the date/time, email client information, device information and mail-ID to the Mailbutler software of the sender where it is combined with the specific email and enables the Mailbutler software to display the read date/time, email client information, device information and location.

Mailbutler’s Role as Data Processor

When you use Mailbutler’s email tracking functionality, Mailbutler processes certain metadata related to outgoing emails solely on your behalf and strictly under your instructions. In this context, Mailbutler acts as a Data Processor, and you, as the sender of the email, act as the Data Controller for all personal data relating to your recipients.

Mailbutler does not determine the purposes or means of processing recipient‑related data. We only provide the technical functionality that enables you to track email opens or interactions and process such data exclusively for the purpose of delivering this feature to you.

Data We Access for Tracking

When tracking is enabled, Mailbutler may process limited technical metadata required to provide the service, such as:

• mail‑ID,
• date/time of opening,
• device or client type,
• IP‑based location (approximate),
• subject line and recipient email address (depending on your privacy settings).

This information is processed only to provide the tracking functionality and is never used for any Mailbutler purpose beyond the provision of the service.

No Access to Email Content

Mailbutler does not read, access, or store email message bodies. Any temporary access required for the technical delivery of the service is automated and not stored.

User Responsibility Under GDPR

As the Data Controller for your outgoing communications, you are solely responsible for ensuring that your use of email tracking is compliant with the GDPR or any other applicable regulation. This includes, where required:

• Informing recipients about the use of tracking technologies
• Obtaining consent where legally necessary
• Providing appropriate privacy notices to recipients
• Handling data‑subject rights requests

Mailbutler cannot fulfill data‑subject rights requests from your recipients directly, since we do not determine the purpose of this processing. Recipients must contact you, the sender, regarding such rights.

How Mailbutler Supports You

Mailbutler ensures that:

• Tracking data is processed securely and confidentially
• Only authorized personnel may access systems, and never recipient data unless strictly necessary and permitted
• All processing is performed in accordance with Article 28 GDPR requirements for Data Processors
• We notify you without undue delay if we become aware of a data breach affecting tracking data

How can Recipients avoid Email Tracking?

Recipients can configure their email client (e.g. Outlook) or web service (e.g. Gmail) so that by default images contained in emails are not loaded. Please see the configurations menu and manual of your email client or web service for details. Alternatively, you can contact the sender and object to any future email tracking.

Mailbutler’s AI-powered Smart Assistant Functionality

Mailbutler’s Smart Assistant feature is a service that uses artificial intelligence to help users compose new emails, reply to emails, summarize email content, and find to-dos. When you use Mailbutler’s Smart Assistant, we may send email content from the selected email to the service OpenAI through Mailbutler. This includes the body of the email and the subject line.

Mailbutler’s Smart Assistant uses OpenAI’s artificial intelligence technology to help compose, respond, summarize emails and finding to-dos. By using our service, you acknowledge and agree that your email content and subject line may be shared with OpenAI to provide the service. OpenAI’s use of your data is subject to their own privacy policy, which you can review at https://openai.com/privacy-policy/.

Cookies

We use cookies on our website. These are small text files stored on your computer. We use both permanent cookies and session cookies so that we can offer you the best service possible. The data saved in the cookies make the use of our services as comfortable as possible for you, not only for your current use of the respective service but also beyond it. If you don’t want to allow permanent cookies, you can select the option to deactivate permanent cookies in your browser. The data stored in session cookies are only valid for the current visit to our online offers and serve to provide you with an unrestricted use of our services and to make the use of our offers and services as comfortable as possible for your current visit. If you deactivate session cookies, we cannot guarantee that you will be able to use all our services without limitations.

Cookies of third-party providers and tracking

We use the services of other companies to optimize our websites and our services. You will receive an overview of the services we use in the following section.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, text files stored on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage to the website operator. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Your IP address, which has been transmitted by Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use all functions of this website. Furthermore, you can prohibit Google from collecting and analyzing the cookie generated data about your use of the website (including your IP address) by downloading and installing the browser plugin available here.

Google Remarketing

Our websites use Google’s remarketing technology. This technology enables users who have already visited our online services and shown interest in our services to see targeted advertising on the websites of the Google partner network. Likewise, users that are similar to the visitors of our websites can be addressed. The advertising will be displayed using cookies. These are small text files saved on the user’s computer. The information generated by the cookie about the website use will be transmitted to and stored on servers in the United States by Google. If the IP address is transferred, it will be reduced by the last 3 digits. Using cookies, the user behavior on a website can be analyzed and subsequently utilized to provide targeted product recommendations and advertising based on the user’s interests.

If you would prefer to not receive any targeted advertising, you can deactivate the use of cookies for these purposes through Google by visiting the website https://www.google.com/settings/ads/. Alternatively, users can deactivate the use of cookies by third party providers by visiting the Network Advertising Initiative’s deactivation website (http://www.networkadvertising.org/choices/). Please note that Google has its own data protection policy which is independent of our own. We assume no responsibility or liability for their policies and procedures. Please read Google’s privacy policy before using our websites (https://www.google.com/intl/en/policies/privacy/).

Third party websites and services

Our website and service provide links to other websites and services, we do not review these sites and services, and therefore this Privacy Policy does not apply to third party websites and services. Please read their Privacy Policy before submitting any private information.

Data Processing (GDPR / DSGVO)

For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. GDPR also requires compliance from companies that process the personal data of these European individuals. Ensuring our users’ data privacy and security has always been top priority to Mailbutler’s product development and business. As your service provider to enhance your email experience, we make sure to evaluate all our practices to safeguard your information as effectively as possible. As a German company, Mailbutler will be fully GDPR compliant.

If you have any questions about GDPR or our data practices generally, please contact our data protection officer (DPO) Tobias Knobl (privacy@mailbutler.io).

Lawful Bases of Processing

We rely on the following lawful bases under GDPR:

• Contract performance– providing our core services and features
• Consent– email marketing, optional analytics settings, Google Workspace integrations
• Legitimate interests– service improvement, feature analytics, security, fraud prevention
• Legal obligation– tax, accounting, regulatory requirements

Authorized employees

We ensure that all authorized employees who can access personal data are made aware of the confidential nature of personal data and have executed confidentiality agreements that prevent them from disclosing or otherwise processing, both during and after their engagement with Mailbutler, any personal data except in accordance with their obligations in connection with the Services. We don’t allow humans to read notes, tasks, message templates, profile, tracking information, send later information and any other user data created in Mailbutler unless we have your affirmative agreement to access your account, doing so is necessary for security purposes such as investigating abuse or to comply with applicable law.

Authorized Subcontractors (Sub‑Processors)

We engage carefully selected third‑party service providers (“sub‑processors”) who assist us in delivering and supporting our services. These sub‑processors may process personal data strictly on our behalf and in accordance with our instructions, contractual obligations, and GDPR requirements.

For transparency, we maintain an up‑to‑date internal register of all current sub‑processors, including their roles and locations. You may request access to this list at any time, and we will provide it promptly. To obtain the list, please contact our Data Protection Officer at privacy@mailbutler.io.

Duration of Processing

We understand the importance of maintaining a clutter-free and efficient data environment, both for you and for our system’s integrity.

General Retention Rules

• Account & feature data: deleted after 2 years of inactivity
• Billing records: retained for 10 years(legal requirement in Germany)
• Support communications: retained for up to 3 years
• Technical logs: retained for up to 12 monthsunless required otherwise for security

If your account remains inactive for a continuous period of two (2) years, Mailbutler will consider this as an indication that you no longer require our services. In accordance with our commitment to data minimization and privacy, we will initiate a process to permanently delete your account and all associated data. The deletion will encompass all data stored on our servers, including but not limited to:

• Account email address + password
• Tracking Details
• Any other data, files, or information you may have stored or created through our platform

Before taking any irreversible action, you will be notified via the email address associated with your Mailbutler account. This notice will be sent at least 30 days before the scheduled deletion date, giving you the opportunity to reactivate your account and prevent deletion.

If you wish to continue using Mailbutler, you can reactivate your account by logging in and performing some type of activity, such as sending an email or creating a task. Doing so will reset the inactivity counter, and your account will not be deleted.

Please note that once your account and associated data are deleted, recovery will be impossible. Therefore, we urge you to make sure that you have saved all necessary information before allowing your account to reach the deletion stage.

Security of personal data

Considering the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk of Processing Personal Data.

Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to be informed
  You have the right to receive clear and transparent information about how we collect, use, store, and share your personal data. This Privacy Policy is designed to provide you with that information in a concise and understandable form.
• Right of access
  You may request confirmation of whether we process your personal data and, if so, obtain a copy of that data together with important information about how and why it is processed.
• Right to rectification
  If any personal data we hold about you is inaccurate or incomplete, you can request that we correct or complete it. We will update the information as soon as reasonably possible.
• Right to erasure (“Right to Be Forgotten”)
  You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you have validly objected to the processing. We will comply unless we are legally required to continue storing the information.
• Right to restrict processing
  You may request that we temporarily stop processing your personal data in certain situations—for example, if you contest the accuracy of the data or if you object to the processing. During restriction periods, we will store your data securely but not use it.
• Right to data portability
  You can request that we provide your personal data in a structured, commonly used, and machine-readable format, or that we transmit it directly to another controller where technically feasible.
• Right to object to processing
  You have the right to object to processing based on our legitimate interests, including profiling. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your rights. You can also object to the use of your data for direct marketing at any time.
• Right to withdraw consentat any time
• Right not to be subject to automated decision‑making
  You have the right not to be subject to decisions based solely on automated processing—including profiling—that produce legal or similarly significant effects. We do not perform such automated decision-making, but if this ever changes, we will inform you and provide appropriate safeguards.

You may exercise these rights by contacting privacy@mailbutler.io or our DPO.

Data processing agreement

If you are using Mailbutler as a customer and have agreed to our terms of service, you do not need to sign an additional Data Protection Agreement. If you are a partner or a customer who needs further documentation of compliance with Mailbutler acting as a Processor, Mailbutler offers Data Processing Agreements (DPAs) to users upon request. Please download a copy of Mailbutler’s DPA (https://help.mailbutler.io/help/is-mailbutler-gdpr-dsgvo-compliant). For documentation purposes, please email us back with your signed copy of the DPA to privacy@mailbutler.io.

Please note that our DPA has been tailored to the way Mailbutler provides its service.

Webinar Registrations and Marketing Communications

Collection and Use of Information

When you register for a Mailbutler webinar, you provide us with personal information such as your name and email address. We use this information to facilitate your participation in the webinar and to send you updates and reminders related to the event.

Marketing Purposes

By registering for a Mailbutler webinar, you also consent to receiving marketing communications from Mailbutler. We may use the email address and name you provided during registration to send you promotional materials about our services, updates, and other information that may be of interest to you. You may opt-out of receiving these communications at any time by clicking the “unsubscribe” link at the bottom of our emails or contacting us directly.

Collaborations with Partner Companies

From time to time, Mailbutler may collaborate with partner companies to co-host webinars. If you register for a webinar that is co-hosted by Mailbutler and a partner company, please be advised that the partner company will also have access to the list of registered users, including your name and email address. The partner company may use this information to get in touch with you for the purpose of marketing their services. Each partner company is responsible for its own data processing practices, and we encourage you to review their privacy policy to understand how they will handle your information.

Data Sharing

We do not sell your name or email address to third parties. Your information will only be shared with partner companies if the webinar for which you have registered is a collaborative event, as described above.

International Data Transfers
Some of our service providers are located outside the European Union, including in the United States.

When transferring personal data to third countries, we use appropriate safeguards under GDPR, including:

• EU Standard Contractual Clauses (SCCs)
• Additional contractual, technical, and organizational measures

These measures ensure an adequate level of data protection.

Protecting your information

We take the security of your personal information very seriously and have implemented policies and procedures, including technical measures, that are designed to help safeguard it. While we strive to use best practices to protect your personal information, the Internet and computer technology are not 100% secure and we cannot absolutely ensure the security of any personal information that you provide to us. In line with this philosophy, we try to get as little information from you as possible.

Reasons for information disclosure

We do not sell, rent, loan, or lease your contact information to others, unless we have your specific permission to do so or we are required by law or litigation to disclose your personal information. We may also find it necessary to disclose information about you if we determine that it is an issue concerning national security, law enforcement, or other issues of public importance.

Vulnerability Disclosure

If you have discovered an issue which you believe is an in-scope security vulnerability, please email security@mailbutler.io including:

The website or service in which the vulnerability exists.

A brief description of the class (e.g. “XSS vulnerability”) of the vulnerability. In accordance with industry convention, we ask that reporters provide a benign (i.e. non-destructive) proof of exploitation wherever possible. This helps to ensure that the report can be triaged quickly and accurately whilst also reducing the likelihood of duplicate reports and/or malicious exploitation for some vulnerability classes (e.g. sub-domain takeovers). Please ensure that you do not send your proof of exploit in the initial, plaintext email if the vulnerability is still exploitable.

If you are in any doubt or have any question, please email security@mailbutler.io for advice. In response to your initial email, you will receive an acknowledgement reply email from the Mailbutler Security Team, this is usually within 24 hours of your report being received. The acknowledgment email will include a ticket reference number which you can quote in any further communications with our Security Team. Following the initial contact, our Security Team will work to triage the reported vulnerability and will respond to you as soon as possible to confirm if further information is required. From this point, necessary remediation work will be assigned to the appropriate Mailbutler teams and/or supplier(s). Priority for bug fixes and/or mitigations will be assigned based on the severity of impact and complexity of exploitation. Vulnerability reports may take some time to triage and/or remediate. Our Security Team will notify you when the reported vulnerability is resolved and will ask you to confirm that the solution covers the vulnerability adequately.

Changes to this data protection policy

Mailbutler reserves the right to adapt its security and data protection measures, provided this is necessary as a result of technical or legal developments. In these cases, we will also update our data protection information accordingly. Please make sure, therefore, that you always use the latest version of our data protection declaration.

Privacy questions and contact

If you do not want us to keep you up to date with our news, you are free to contact us at any time and have your e-mail address removed from our mailing list. We do not target any information towards children. If you have any comments or concerns about our Privacy Policy, please contact us (privacy@mailbutler.io).

Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, you may lodge a complaint with your local supervisory authority.

For Germany, the responsible authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Address: Alt‑Moabit 59–61, 10555 Berlin
Website: https://www.datenschutz-berlin.de/
Phone: +49 (0)30 13889‑0

We reserve the right to change this policy, which we’ll do through online posting.

Last updated: February 2^nd, 2026