Privacy Policy

The Short Version

• We collect what we need to run the service, nothing more
• We don't sell your data or your customers' data
• We connect to your POS (Square, Clover) to track revenue, not to mine your sales data
• Your subscriber lists belong to you
• You can delete your account and data anytime

What We Collect

Account Information

When you sign up, we collect:

• Your name and email address
• Your business name
• Payment information (processed securely by Stripe)

Your Subscriber Data

When you import or add subscribers (or when customers join via QR code), we store:

• Email addresses of your subscribers
• Names (if provided)
• How they joined (import, QR code, manual entry)
• Any tags or segments you create
• Unsubscribe status and dates
• Email engagement history (clicks, bounces)

Your subscriber data belongs to you. We process it only to send emails on your behalf and track campaign performance. We will never use your subscriber list to send our own emails or share it with third parties.

QR Code Sign-Up Data

When customers join your list via QR code, we receive:

• Their email address (from the "From" field of their email)
• Their name (if their email client includes it)
• The email subject and a short snippet of body text (typically empty for join emails)

We automatically send a branded welcome email to new subscribers who join via QR code. This email confirms their subscription and introduces your business.

POS Integration Data (Square, Clover)

When you connect your POS account (Square or Clover), we access:

• Product catalog: Item names, descriptions, and categories
• Recent orders: Order line items and amounts from the past 14 days (to identify actively selling products)
• Promo code redemptions: Which codes were used and transaction amounts

Why we access this: We use product and order data to help our AI write emails that mention products you actually sell. If your best-seller this week is the "Oat Milk Latte," we can reference it by name instead of making something up.

We do not access customer personal information, payment card details, employee data, or data beyond what's listed above. We never share your POS data with third parties.

Email Campaign Data

For each campaign you send, we track:

• Who received the email
• Who clicked links in the email
• Who unsubscribed
• Revenue attributed via promo codes

We intentionally do not track open rates. They're unreliable since Apple Mail Privacy Protection launched, and we'd rather show you metrics that actually mean something.

Automatic List Hygiene

To maintain healthy email delivery, we automatically:

• Mark hard-bounced emails as inactive (invalid addresses)
• Remove addresses that generate spam complaints
• Track engagement to identify inactive subscribers

This happens automatically to protect your sender reputation and ensure your emails reach real inboxes. We do not delete subscriber records — we mark them inactive so you retain the historical data.

Technical Data

Like most websites, we collect:

• IP addresses
• Browser type and version
• Pages visited and actions taken

This helps us maintain security and improve the product.

How We Use Your Data

• To provide the service: sending emails, tracking performance, managing your account
• To generate email content: our AI uses your business info and products to draft relevant, accurate emails
• To charge you: processing payments for campaigns
• To communicate with you: account notifications, support responses, occasional product updates
• To improve the product: understanding how people use Cherub Email to make it better

AI Content Generation

We use AI (specifically Anthropic's Claude) to help draft email content. When generating content, we send:

• Your business name, type, and description
• Products you're actively selling (from your POS, if connected)
• The campaign details you provide (offer type, dates, promo code)

We do not send your subscriber list, customer names, or personal data to the AI. Generated content is based on your business, not your customers.

What We Don't Do

• We don't sell your data or your subscribers' data
• We don't share data with third parties for advertising
• We don't use your subscriber lists for our own marketing
• We don't build profiles of your customers

Third-Party Services

We use a few third-party services to run Cherub Email:

• Postmark: for sending emails
• Stripe: for payment processing
• Square & Clover: for product data and revenue tracking (only with your authorization)
• Anthropic: for AI-powered content generation (business info only, not customer data)

Each of these services has their own privacy policies and handles only the data necessary for their specific function.

Data Retention

• Account data: kept while your account is active, deleted within 30 days of account deletion
• Subscriber data: kept while your account is active, deleted within 30 days of account deletion
• Campaign data: kept for 2 years for your reference, then archived
• Payment records: kept for 7 years as required by tax law

Your Rights

You can:

• Access your data: Download your subscriber list and campaign history anytime from your dashboard
• Correct your data: Update your account information in settings
• Delete your data: Delete your account, and we'll remove your data within 30 days
• Export your data: Download everything in standard formats (CSV, JSON)

If you're in the EU or California and want to exercise additional rights under GDPR or CCPA, email privacy@cherubemail.com.

Your Subscribers' Rights

Your subscribers can unsubscribe from any email using the unsubscribe link we automatically include. When they unsubscribe, they're removed from your active list and won't receive future campaigns.

You are responsible for complying with privacy laws regarding your subscribers. This means getting proper consent before adding people to your list and honoring unsubscribe requests.

Security

We take reasonable measures to protect your data:

• All data is encrypted in transit (HTTPS) and at rest
• Access to production systems is restricted and logged
• We don't store full credit card numbers (Stripe handles that)
• Regular security reviews and updates

No system is 100% secure, but we take this seriously.

Cookies

We use cookies for:

• Keeping you logged in
• Remembering your preferences
• Basic analytics (how people use the site)

We don't use tracking cookies from ad networks or social media platforms.

Children

Cherub Email is not intended for use by anyone under 18. We don't knowingly collect data from minors.

Changes to This Policy

If we make significant changes to this policy, we'll notify you by email. Minor clarifications or updates won't be announced but will be reflected in the "last updated" date.

Contact

Questions about privacy? Email us at privacy@cherubemail.com.