Privacy Policy

PushMail is a developer-first email API operated by Inventive HQ, Inc. (“we,” “us”). This policy explains what information we collect when you use PushMail, how we use it, and the third-party services that process it on our behalf.

For data about your account (your name, email, billing details, API keys), we are the data controller.

For data about your customers and email recipients that you send through the PushMail API (recipient addresses, message bodies, metadata you attach), we are a data processor acting on your instructions. You are the controller for that data; PushMail processes it solely to deliver the email you requested and to provide reporting back to you.

• Account information. Name, email address, organization name, hashed password (never stored in plaintext).
• Payment information. Billing is processed by Stripe. We do not store card numbers; Stripe gives us a tokenized reference, the billing email, and the last four digits of your card for display.
• API logs & usage. For each API request: the endpoint, timestamp, status, IP address, and user agent. Used for rate-limiting, abuse detection, and the dashboard metrics you see.
• Email metadata. Recipient address, sender, subject, message ID, delivery and bounce status. Required to deliver the email and report on it.
• Email content.Message bodies are processed in memory long enough to deliver them and may be cached briefly for retry/diagnostic purposes; we do not retain message content beyond what is required for delivery and the short retention windows in §7.
• BYOK keys. If you bring your own SendGrid (or similar) API key, it is encrypted at rest using envelope-encryption with keys held by Cloudflare. We use it only to send your messages; we never display it back, and we never share it.

• To operate the API and deliver email you send.
• To bill you for usage.
• To detect and prevent abuse, fraud, and spam.
• To respond to support requests.
• To send you transactional account notices (account changes, billing receipts, security events).

We do not sell your personal information. We do not use your email content or recipient lists to train AI models or for any purpose other than delivering the email you requested.

• Cloudflare— hosting, Workers, D1, R2, Queues. All PushMail infrastructure runs on Cloudflare.
• Stripe— payment processing.
• SendGrid(only when BYOK is configured by you) — email delivery on your behalf, using the API key you provided.
• GlitchReplay— browser-side error monitoring of the PushMail web dashboard (see §6).

We use GlitchReplay, an error-tracking service operated by InventiveHQ, to capture browser-side errors so we can identify and fix bugs.

When an uncaught JavaScript error, unhandled promise rejection, or failed resource load occurs in your browser, we send GlitchReplay:

• The error message and stack trace
• The URL of the page where the error happened
• Browser, operating system, and rough geographic region (country)
• A timestamp

We do not send: form input, cookies, localStorage, auth tokens, or any directly identifying personal information. Email content sent through the PushMail API is never transmitted to GlitchReplay.

Data is stored on Cloudflare infrastructure in the United States and retained for up to 30 days.

We use only essential cookies needed to keep you signed in and to protect against CSRF. We do not use advertising cookies or third-party tracking pixels in the dashboard.

• Account data: retained while your account is active; purged within 30 days of account deletion.
• Email send logs (metadata): retained for 30 days, then aggregated for analytics.
• Email content cached for retry: retained no longer than necessary to complete delivery (typically minutes, up to 7 days for failing retries).
• Billing records: retained for 7 years to meet tax and accounting requirements.

Data is encrypted in transit (TLS) and at rest. BYOK secrets are encrypted with envelope encryption. API tokens are stored hashed; we never display them after creation. We log access to sensitive operations (key rotation, account changes) for audit.

No system is perfectly secure; we cannot guarantee absolute security but apply industry-standard controls.

You can:

• Access or export your account data and send-log metadata via the dashboard or by emailing us.
• Delete your account from settings — this purges account data and cached message content within 30 days.
• Object to or restrict certain processing if you are in the EEA or UK.

For requests about email recipient data (recipients from your customer base), please direct those to the customer account that sent the email; PushMail acts as the processor and forwards such requests to the controller.

PushMail is not directed to children under 16 and we do not knowingly collect personal information from them.

We may update this policy from time to time. The “last updated” date at the top reflects the most recent revision. For privacy questions, contact privacy@pushmail.dev.

Inventive HQ, Inc., 2305 Historic Decatur Rd, Suite 100, San Diego, CA 92106.