Table of Contents

Privacy Policy

Effective: 12 November, 2024

Introduction

Railsware Products Studio LLC, a company incorporated in the State of Delaware, the United States of America, having its office at 925 N La Brea Ave, Suite 400, office 560, West Hollywood, CA 90038  (“Railsware”, “us”, “our”, or “we”), focuses on assuring that the mailtrap.io website (the “Site”) and the Mailtrap application (the “Service”), as well as the general ecosystem, provides a safe environment for everyone who visits our Site (“Site Visitors”), and exploits the Service. 

For the purpose of this Privacy Policy Customer shall mean a professional, or legal entity who orders  the Service  and is identified in the relevant billing statements, invoices and/or online subscription process as the customer (“Customer”). Authorized End User shall mean any end user associated with Customer’s organization for whom Customer establishes access credentials to the Service (“Authorized End User”).  

We need to collect, process, and store some Personal Information (as defined in Section 2.1 below) and Navigational Information (as defined in Section 2.2 below) in order to provide our Customers, Authorized End Users and the Site Visitors with the ability to review the Site content, allow for use the Service, enable to make online payments, submit support requests and product ideas for our consideration.

We are dedicated to protecting our Customers, Authorized End Users and the Site Visitors’ privacy. This Privacy Policy (herein the “Policy”) applies to the Site and the Service, and administers the ways we collect, process and store data. The Policy has a direct reference to the Terms of Service and applies to it. It also explains how our Customers, Authorized End Users and the Site Visitors can exercise their rights to obtain, access, erase, use, or rectify their Personal Information that was of their own free will submitted to us.

When our Customers, Authorized End Users and the Site Visitors browse the Site, subscribe to the Service plan, use the Service, leave support requests, submit product ideas, fill out a survey, add comments to the blog posts, or perform an online payment, they  give their consent and fully agree to the Policy under which Railsware collects, processes, uses, stores and discloses Personal Information. If our Customers, Authorized End Users and/or the Site Visitors  do not agree with the terms and conditions  stated in this Policy, they should not browse the Site, subscribe to the Service plan, use the Service, make online payment, submit support requests and product ideas, and perform other activities, which may result in supplying us with their Personal Information and Navigational Information.

Railsware is not established in the European Union, but it processes and stores Personal Information  and Navigational Information of its Customers, Authorized End Users and the Site Visitors who are  EU citizens, and  browse the Site or subscribe to a free or paid Service subscription plan, submit support requests, make online payment, and perform other activities, that may result in supplying us with their Personal Information and Navigational Information.

1. Service User and Site Visitor Data We Process

1.1 Data Provided to Us

When our Authorized End Users and the Site Visitors register an account with the Service (the “Account”), subscribe to the Service, make an online payment, participate in a survey, subscribe to the Service free or paid plan, email us or in any other way submit their Personal Information to us, Railsware may collect, process and store the following Personal Information: first and last name, email and posting address.

We do not store banking card details on any of our internal resources/databases, instead, Customers and Authorized End Users share it directly with the Payment Card Industry Data Security Standard-compliant service providers for further processing. When receiving an online payment, we collect and store Customers subscription ID. We also collect and process Authorized End Users’ Personal Information, which they add to the billing settings in their Account, which may include first and last name, company name, shipping and billing address(es), tax and/or VAT number, and phone number.

Our Authorized End Users and the Site Visitors will know when we gather their data through the Site or Service, as they will provide their Personal Information on one of the Site’s web pages and perform an action that will authorize it to be sent to us.

We will keep a record of our Customers, Authorized End Users and the Site Visitors’  purchases, marketing-, sales- and support-related communication and replies, and general Service usage statistics in order to provide them with the support services.

1.2 Data We Collect Automatically

Railsware may collect information through our Site and the Service. The data we gather from Authorized End Users and the Site Visitors’  device: its type, IP address, the browser they are  using, OS (operating system), as well as the referral site from which they entered the Site. We may also monitor Authorized End Users and the Site Visitors’ online behavior, including the time of their  visit, their online activity at the Site including the URL clickstream through the Site, the pages visited, the time spent viewing them, and the frequency of such visits. We gather this data automatically through commonly used data-gathering technologies, like cookies and web beacons in order to understand how Authorized End Users and the Site Visitors’  browse the Site and use the Service. This data helps us manage the Site and the Service, analyze general online behavior and usage trends, and provide targeted advertisements. We also collect demographic information about our Service Authorized End Users and the Site Visitors’  base that helps us tailor both the Site content and the Service functionality in order to meet their expectations and requirements.

When our Authorized End Users and the Site Visitors’ browse the Site or use the Service, we collect Personal Information and Navigational Information along with the unique user IDs. In addition, we aggregate extra data that refers to the usage flow, such as the start and the end of a web session, page views, purchase, and checkout. We may associate this data with the information we store within the analytics software to the Personal Information that You submitted to us. We do this to enhance our Service,  Site content, and UX, as well as use this data to improve the Service functionality, our marketing communication, and analytics.

1.3 GitHub and Google Sign-in Authentication

Authorized End Users may log into our Site and/or the Service using either GitHub or Google Sign-in authentication system. When they use either GitHub, Office-365 account or Google Sign-in authentication, Authorized End Users give us access to their  full name and email address. This data is stored by us in compliance with the Policy.

1.4 Usage of reCaptcha

Railsware uses reCaptcha versions 2 (checkbox) and 3 (invisible) to protect the Site and the Service from spam and abuse. reCaptcha version 2 is embedded on the Service email sign-up, forgot password, and resend confirmation instructions Site pages. The invisible reCaptcha version 3 is placed on the Service add new card billing page. So, when an Authorized End User signs up using an email, resets a password, and adds bank card details to the payment service provider, Google captures the necessary information in order to differentiate a human being from a bot. That is why, in this case, the Google Privacy Policy and Terms and Conditions apply.

2. Types of Information

2.1 Personal Information

Under ‘Personal Information’ we understand any data that our Authorized End Users and the Site Visitors of their own free will provide us with, such as their  first and last name, phone number, their email address, company name, posting, and billing address, as well as any other information that refers to them or to their workplace (business). We also collect the Authorized End User  ID that is assigned to their  browser, and the Customer ID that is associated with the use of the Service and Account. Personal Information also refers to other information that is available on the internet, such as from Facebook, LinkedIn, Twitter, and Google, and includes any other publicly available data that our Customers, Authorized End Users and the Site Visitors  previously agreed to share and that is available from other service providers.

2.2 Navigational Information

‘Navigational Information’ refers to Authorized End Users and the Site Visitors’  computer and their visits to the Site and Service such as their IP address, geographical location, browser type, referral source, length of visit, and pages viewed. For more information, please visit the Navigational Information web page.

2.3 Sensitive Information

Railsware does not intentionally collect, and the Site Visitors and the Service Authorized End Users should not provide any information about their medical or health condition, race, and ethnic origin, political opinions, religious and philosophical beliefs, as well as bank card information, tax, and passport numbers, driver’s license or other similar personal identifiers.

When our Customers and Authorized End Users subscribe to the Service they shall be requested to share bank card numbers and billing information. Please be aware that Railsware does not store any payment details of our Customers, our Customers and Authorized End Users provide these details directly to our service providers, which are compliant with the Payment Card Industry Data Security Standard. The payment providers process Customers’  billing data in accordance with their privacy policies and security guidelines. To the best of our knowledge, our payment providers are compliant with the Payment Card Industry Data Security Standard and act according to the highest industry standards. To learn more about the way they process Customers’  data, Customers should refer to their privacy policies and security guidelines.

3. Use of the Information We Collect

3.1 Compliance with this Policy

Railsware uses the Personal Information it collects only in compliance and according to this Policy. Therefore, our Customers, Authorized End Users and the Site Visitors  should read carefully this Policy and other agreements published on the Site and/or as part of the Service before proceeding with browsing the Site or using the Service.

3.2 How We Use Personal Information We Collect

We use Personal Information we collect from or about our Authorized End Users and the Site Visitors to:

  • Enhance user experience while browsing the Site and applying the Service for the commercial purposes;
  • Manage Site’s content and customize it according to the Site Visitors preferences;
  • Manage Site’s and Services’ security and system administration;
  • Create Accounts and provide information to a PCI-compliant service provider for payment processing;
  • Respond to customer support and other Site- or Service-related requests;
  • Communicate with the Service Authorized End Users, inform them about the important product- and company-related updates;
  • Contact the carefully-selected Service Authorized End Users to inform about other Railsware products and services that we think may be of interest to them;
  • Distribute other personalized marketing information;
  • Hold surveys, send out questionnaires that help us understand our Customers,  Authorized End Users and Site Visitors’ requirements and expectations from the Service, the Site, support or any other services that we provide;
  • Put together and analyze the statistical data of the Site and the Service usage;
  • Conduct an investigation of unauthorized access and use of the Site or the Service, fraud, breach and other illegitimate actions.

3.3 Use of Bank Card Information

The bank card details Customers and Authorized End Users  provide when registering for a paid  Service subscription plan are neither stored nor processed by Railsware, but are disclosed by Customers and Authorized End Users to Payment Card Industry Data Security Standard compliant service providers, for processing. These third parties store Customers’  data in order to charge them  on a monthly basis for the Service. The billing process will continue until Customers or their Authorized End Users request us to delete their Account, or when they cancel their subscription.

3.4 Service Providers

Railsware may employ other organizations and persons (“Agents”) to perform tasks or provide services to the Site Visitors or Service Authorized End Users and may need to share their  Personal Information or Navigational Information with them to provide data, products, and services to them. These tasks and services may include marketing and support activities, analyzing different types of data, and providing advisory and legal services. In all the cases when Railsware shares information with such Agents, we will request for the agent to accept and strictly observe our Policy.

3.5 Personal Information Security

Railsware applies different security technologies, guidelines, and procedures to ensure complete security, as well as full confidentiality of the Personal Information our Customers, Authorized End Users and the Site Visitors provide. We also take measures to avoid unauthorized access to Personal Information  and electronic communication systems. Your Personal Information is securely stored on servers and protected from unauthorized usage, leak, and exposure. The transfer of any sensitive data, if applicable, to an authorized third party happens through the use of encryption (such as the Secure Socket Layer protocol and the Transport Layer Security) which guarantees the complete safety and security of Your data.

For any questions that relate to the security of Personal Information, please email us at privacy@mailtrap.io

3.6 Links and Third-Party Sites

The Site includes links to third-party websites. These websites may offer certain services to end-users. Railsware does not take any responsibility for its content, services, administrators, practices, and policies, and does not endorse them. Railsware also does not bear any responsibility for the privacy of information that our Customers, Authorized End Users and the Site Visitors submit on these resources, since this Policy does not apply to them. We recommend our Customers, Authorized End Users and the Site Visitors  familiarize themselves  with the Policy and other legal documents before submitting or sharing any personal information with them.

3.7 Third-Party Services

The Site includes third-party systems that allow for support requests or product-related idea submission, as well as adding comments to articles published on the Site blog. The system, which accepts support requests and product ideas, provides us with the name and email of a user who submitted it so that our team can take action and respond to these messages. The system, which enables users with the right to publish comments performs Personal Information collection, storing, and processing on its side, giving us the right to monitor the comments that appear on the Site’s blog.

3.8 Data Retention

Railsware will retain Authorized End Users and Site Visitors’  Personal Information for the period required to fulfill the obligations it took as the Service provider and the Site owner, or unless a longer period of time is required by law for tax, legal, or other regulatory reasons. Railsware will delete all Personal Information at the earliest date per request from our Authorized End Users or Site Visitors.

Railsware  temporarily stores the email addresses and content that the Service Authorized End Users create, send, and forward as part of their email-sending testing routine. We take the appropriate measures in order to ensure the high level of the Service inbox content security. The data residing in the Service inbox is automatically deleted once a Customer reaches its Service subscription plan limit.

When a Service Authorized End User clears their Mailtrap inbox, the deleted data is completely removed from the Service. We do not store any email message-related information in logs. The retention period of logs is 30 days.

3.9 Сompelled Disclosure

Railsware reserves the right to disclose Personal Information  to public authorities in accordance with a legal liability to perform their duties, such as customs and tax authorities, financial investigation units, judicial administration and other parties if the EU or the Railsware’s representative member state law allows to exercise such disclosure in the public interest, including protection of our Customers, Authorized End Users and Site Visitors and other people’s safety.

4. Data Subject Rights

4.1 Site Visitor and Service Authorized End User Rights

Our Site Visitors and Service Authorized End Users have the following rights:

  • To request access to their Personal Information;
  • To remove consent from being contacted by email, phone and other means of communication;
  • To request for all Personal Information that was received from them to be deleted from all our records;
  • To request that we update, correct or remove any omissions in their  Personal Information that we store;
  • To opt out from all kinds of direct marketing and other communication;
  • To object the processing of their Personal Information, or ask us to restrict the processing of their Personal Information, or request portability of their Personal Information;
  • To withdraw their consent from collection and processing of your Personal Information at any time. Withdrawing their consent will not affect the lawfulness of any processing we conducted prior to their withdrawal, nor will it affect the processing of their  Personal Information conducted in reliance on lawful processing grounds other than consent;
  • To complain to a data protection authority about our collection and use of their Personal Information. Contact details for data protection authorities in the EEA, Switzerland, and certain non-European countries (including the USA and Canada) are available here.

In order to exercise any of these rights, please email us at privacy@mailtrap.io. We will provide a response to their request as soon as possible, informing them about the steps we have taken to ensure that their rights are exercised.

4.2 Opting Out from Our Communication

Our Authorized End Users and Site Visitors may opt out of our marketing communications by pressing the ‘unsubscribe’ link, which is located at the bottom of our email, or sending us  unsubscribe request to privacy@mailtrap.io.

Our Authorized End Users cannot unsubscribe from our transactional emailing (which also includes Welcome, Forgot password, Confirmation, Billing plan-related emails, invoicing, as well as Critical Service updates), and other information that refers to their Account.

Before enabling Service’s email forwarding functionality, we ask a recipient to provide consent to receive all forwarded by certain Service user emails.

4.3 Children’s Information

Our Site and the Service are not intended for children’s use. We do not knowingly accumulate any data from children under the age of 16. If any of our Customers, Authorized End Users or Site Visitors believe that we might have gathered some information from children under the age of 16, please let us know at privacy@mailtrap.io and we will delete this data from our databases and other applicable resources, if any.

5. International Transfer of Information

5.1 The International Transfer

To perform our operations, we may transfer and access Personal Information from around the world, including the United States, the EU, and other countries. While transferring the data, we take the necessary measures to safeguard the activity in general, and the Data Subjects in particular to ensure an appropriate level of protection for their fundamental rights. The Policy shall apply even if Personal Information is transferred or accessed from other countries.

We use third-party services (as described in this Policy), which may be based in other countries that may not have equivalent Privacy and Data Protection laws to the country in which our Authorized End Users and the Site Visitors reside. When we share information about our Authorized End Users or Site Visitors residing in the European Economic Area and Switzerland, European Commission-approved standard contractual data protection clauses, or other appropriate legal mechanisms to safeguard the transfer.

6. Data Privacy Framework

6.1 Adherence to Data Privacy Framework

Railsware Products Studio LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. 

Railsware Products Studio LLC has been certified by the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  

Railsware Products Studio LLC has been certified by the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

6.2 Complaints mechanism

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Railsware Products Studio LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Railsware Products Studio LLC commits to resolve DPF Principles-related complaints about our collection and use of Your personal information.  EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Railsware Products Studio LLC to: privacy@mailtrap.io. Railsware Products Studio LLC may be subject to the investigatory and enforcement powers of the FTC.

6.3 Binding arbitration

Under certain conditions You have the possibility to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other Data Privacy Framework mechanisms. Please find more details on this here – https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

6.4 Transfers to third parties

In case Railsware Products Studio LLC transfers any personal information that is subject to Data Privacy Framework, to the third parties, Railsware Products Studio LLC  shall remain liable under the DPF Principles if such third parties process such Personal Information in a manner inconsistent with the DPF Principles, unless Railsware Products Studio LLC proves that it is not responsible for the event giving rise to the damage.

7. Sub-processors

Railsware uses a range of third-party sub-processors that are authorized to process the Service Authorized End Users and the Site Visitors data, and help us deliver the Service functionality, as well as the accompanying support services in full.

Entity NamePurposeLocation
Amazon Webservices, Inc.InfrastructureThe United States
Google Inc.InfrastructureThe United States
Facebook, Inc.Marketing AnalyticsThe United States
Twitter, Inc.Marketing AnalyticsThe United States
LinkedIn Ireland Unlimited CoMarketing AnalyticsIreland
HubSpot, Inc.Marketing AnalyticsThe United States
Mouseflow, ApS.Marketing AnalyticsDenmark
HelpScout PBCCustomer SupportThe United States
Slack Technologies IncCommunicationThe United States
Typeform SLCustomer FeedbackSpain
Microsoft, Inc. (Clarity)Marketing AnalyticsThe United States
SupportYourApp LimitedCustomer SupportHong Kong
E-HAWK LLCRisk assessmentThe United States

8. General Clauses

8.1 Changes to the Policy

We reserve the right to review and make amendments to this Policy. When the changes are made, we will publish the new version of the Policy on our Site and update the ‘effective’ date, which is indicated in the top left corner of this Policy, to the day when the latest amendments were published on the Site.

8.2 Contact us

For any additional questions or inquiries about the Policy, please send an email to privacy@mailtrap.io

Create Your Free Account

In 3 Clicks

Sign Up Now