Privacy Policy
Last updated 2026-07-11
This policy explains what personal data Envello collects, why, and how it's protected. For details on where data is hosted and who we share it with, see GDPR & data residency.
What we collect
Account data (name, email, billing details), API usage and log data (recipient addresses, subjects, delivery events — processed on your behalf as described in our DPA), and standard web analytics on this site via a self-hosted, cookieless analytics tool.
Why we collect it
To provide and bill for the Service, to detect abuse and protect shared sending reputation, to respond to support requests, and to meet legal and tax obligations.
Where it's stored
The EU, for account data, logs, and backups. Billing data is processed by an EU-based payment processor. See GDPR & data residency for more, or request the full subprocessor list any time.
Retention
Log data is retained per your plan's configuration (7–365 days) and then deleted by an automated job, not soft-deleted indefinitely. Account data is retained for the life of your account plus applicable statutory retention periods.
Your rights
Under GDPR, you have the right to access, correct, export, or delete your personal data, and to object to certain processing. Contact [email protected] to exercise any of these rights. We respond within 30 days.
Cookies
The dashboard uses a single, essential session cookie. This marketing site uses no tracking cookies; analytics are cookieless and self-hosted.
Changes
Material changes to this policy will be announced by email to active customers at least 30 days before taking effect.