Skip to main content
Trust center

Trust and security.

Your mailbox is the most sensitive asset we touch. Here is how Warmerly protects it, what data we store, and who we work with to run the service.

Security posture

Built to keep credentials safe.

Encrypted at rest

OAuth refresh tokens and any mailbox credentials are encrypted with AES-256-GCM before they touch our database. Encryption keys are stored separately from the data they protect.

Encrypted in transit

Every request to Warmerly is served over TLS 1.2 or higher. Internal service-to-service calls and outbound mailbox connections enforce TLS as well.

OAuth, not passwords

We connect Gmail and Microsoft 365 mailboxes through Google and Microsoft OAuth. We do not ask for, store, or transmit SMTP passwords or app passwords for these providers.

Least-privilege scopes

We request only the OAuth scopes required to send, read, and organise warmup messages. You can revoke access from your Google or Microsoft account at any time.

Data handling

Your data stays in your region.

Where your data lives

Warmerly is hosted in the European Union and the United Kingdom. Primary databases run in Frankfurt and Dublin, with backups kept in the same region.

Backups

Encrypted, point-in-time backups run continuously with a 30 day retention window. Backups inherit the same encryption and access controls as production.

Retention and deletion

OAuth tokens are deleted immediately on mailbox disconnect. Account data is removed within 30 days of an account deletion request, except where retention is required by law.

Compliance and processors

GDPR-ready, with a DPA on request.

GDPR and UK GDPR

Warmerly acts as a data processor on behalf of customers and as a data controller for account information. We honour data subject rights including access, correction, deletion, and portability.

A signed Data Processing Addendum is available for every paid plan. Read or download our standard Data Processing Addendum.

Sub-processors

  • Stripe: Payment processing and subscription billing.
  • Cloud hosting provider: Compute, database, and object storage in the EU and UK regions.
  • Transactional email provider: Service notifications such as login codes, receipts, and security alerts.

A full, current sub-processor list is available in the DPA.

Status

99.9% uptime target.

We monitor warmup dispatch, OAuth refresh, and the dashboard around the clock. Incidents and scheduled maintenance are posted to our public status page.

View status page
Company identity

Kristiyan Tsvetanov, trading as Warmerly

Warmerly is a trading name operated by Kristiyan Tsvetanov, a self-employed sole trader based in the United Kingdom.

  • Legal operator: Kristiyan Tsvetanov
  • Trading name: Warmerly
  • Based in: United Kingdom
  • Contact: [email protected]
Independent reviews

Verified by real users

Trust signals should come from outside, not just us. If you use Warmerly, leaving an honest review on any of these platforms helps others make a better-informed decision.

Need a deeper security review?

Send us your questionnaire, request a DPA, or ask about regional hosting. We respond within one business day.