Privacy Policy
This Privacy Policy explains how Kristiyan Tsvetanov, trading as Warmerly ("we", "us", "Warmerly"), collects, uses, and protects information about you when you use our website and services.
1. Information we collect
We collect the following categories of information:
- Account data: your name, email address, hashed password, and billing details.
- Mailbox data: when you connect a mailbox via OAuth, we store encrypted refresh tokens and metadata such as the mailbox address, provider, and folder structure. We never store your mailbox password.
- Mail content: warmup messages generated by Warmerly. We do not read, store, or process your real campaign or personal mail.
- Usage data: IP address, browser type, pages viewed, and timestamps, collected via standard server logs and minimal analytics.
2. How we use your information
- To provide the warmup service you signed up for.
- To send service-related communications (account notices, security alerts, deliverability reports).
- To improve our product through aggregated, anonymised analytics.
- To comply with legal obligations.
We do not sell your personal data. Ever.
3. OAuth and Gmail/Microsoft data
Warmerly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Warmerly's use of information received from Microsoft APIs adheres to the Microsoft Identity Platform terms.
Specifically, the data accessed via Gmail or Microsoft Graph (warmup messages and folder operations) is used solely to perform warmup activities you have authorised, and is not used for any other purpose, not transferred to third parties (except as needed to provide the service), and not used for advertising.
4. Lawful basis (UK GDPR / EU GDPR)
We process your personal data on the basis of: (a) the performance of our contract with you, (b) our legitimate interests in operating and improving the service, and (c) your consent where applicable. You may withdraw consent at any time.
5. Data storage and security
OAuth refresh tokens and IMAP credentials are encrypted at rest using AES-256-GCM. Passwords are hashed using Argon2id. All data in transit is encrypted using TLS 1.2 or higher. Our infrastructure is hosted in the European Union (Frankfurt and Dublin).
6. Data retention
Account data is retained while your account is active and for 90 days after deletion (for legal and accounting purposes). Mailbox tokens are deleted immediately on disconnect. Warmup activity logs are retained for 12 months for diagnostics and abuse prevention, then deleted.
7. Your rights
Under UK and EU data protection law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Export your data in a portable format.
- Object to processing.
- Lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority.
To exercise any of these, email [email protected].
8. Cookies
We use a small number of cookies for authentication and basic analytics. See our Cookie Policy for details.
9. Children
Warmerly is not directed at children under 16. We do not knowingly collect data from anyone under 16.
10. Changes to this policy
We will post any updates to this policy on this page and update the "last updated" date. Material changes will be notified by email.
11. Contact
Kristiyan Tsvetanov, trading as Warmerly. Email [email protected].