Legal

Privacy Policy

Last updated: June 4, 2026

This Privacy Policy explains how BlacklistGuard handles personal data. When you use BlacklistGuard to send email or messages, the people you contact are your audience — for that data we act on your behalf. See Section 1 for how those roles work, and our Data Processing Addendum for the contractual detail.

Contents

  1. Who we are and our role
  2. Personal data we collect
  3. How and why we use data
  4. How we share data
  5. De-identified and aggregated data
  6. Cookies and tracking technologies
  7. Data security
  8. Data retention
  9. Where data is processed
  10. Your rights and choices
  11. Region-specific rights
  12. Children's privacy
  13. Changes to this policy
  14. How to contact us

1. Who we are and our role

BlacklistGuard ("BlacklistGuard," "we," "us," or "our") provides an email and messaging platform that includes email campaigns, autoresponders, transactional sending over SMTP and API, mailing lists and subscriber management, sending-domain authentication (SPF, DKIM, and DMARC), deliverability and reputation monitoring, email validation, blacklist monitoring, and SMS (collectively, the "Services").

Our privacy responsibilities depend on whose data is involved:

  • We are the controller of the data you give us to create and run your account — for example your name, email address, login, billing details, and how you use the Services. This policy describes how we handle that data.
  • We are a processor of the contact data you upload or generate when you use the Services — for example your subscribers' and recipients' email addresses, names, and engagement events. We process that "Contact Data" only to provide the Services to you and on your instructions. You are responsible for that data as its controller; our handling of it is governed by our Data Processing Addendum, not this policy.

If you are a subscriber or recipient and want to exercise privacy rights over Contact Data, please contact the BlacklistGuard customer who holds your information. We will refer your request to them.

2. Personal data we collect

2.1 Information you provide

  • Account information: name, email address, password, workspace name, and (optionally) phone number and postal address.
  • Billing information: the plan you choose, transaction history, and billing contact details. Card and payment-account details are collected and processed directly by our third-party payment processors; we do not store full payment card numbers.
  • Support and communications: messages you send us, and the contents of forms you submit.

2.2 Information we collect automatically

  • Usage data: actions taken in the Services, features used, and sending activity.
  • Log and device data: IP address, browser type, access times, and referring pages.
  • Cookies and similar technologies: as described in our Cookie Policy.

2.3 Contact Data processed for you

When you use the Services, we process the subscriber and recipient data you provide — such as email addresses, names, and delivery, open, click, bounce, and complaint events — strictly to deliver the Services on your behalf. As noted above, this data is governed by the Data Processing Addendum.

3. How and why we use data

We use the personal data we control to:

  • provide, operate, maintain, and secure the Services;
  • create and administer your account and authenticate you;
  • process payments, manage subscriptions and balances, and send billing notices;
  • provide customer support and respond to your requests;
  • monitor for, investigate, and prevent fraud, abuse, and violations of our Terms of Service and Acceptable Use Policy;
  • analyze and improve the Services and develop new features;
  • send you service, security, and product communications (you can opt out of non-essential marketing); and
  • comply with legal obligations and enforce our agreements.

4. How we share data

We do not sell your personal data. We share it only as needed to run the Services and as described here, by category of recipient:

  • Service providers: vendors who help us operate the Services — for example payment processing, infrastructure and hosting, and email or message delivery. They may access personal data only to perform services for us and under obligations of confidentiality. A current list of the categories of providers we use is available on request to privacy@blacklistguard.com.
  • Legal and safety: where we believe disclosure is required by law, regulation, legal process, or to protect the rights, property, or safety of BlacklistGuard, our users, or others.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
  • With your direction: when you ask us to, or connect a third-party integration.

5. De-identified and aggregated data

We may create de-identified or aggregated data that cannot reasonably be used to identify you, and use it for any lawful purpose, including to operate, analyze, and improve the Services. We do not attempt to re-identify such data except to test our de-identification.

6. Cookies and tracking technologies

We use a small number of cookies and similar technologies, primarily to keep you signed in and to keep the Services secure. We do not use advertising or third-party analytics cookies on our marketing site. For the full breakdown — including the open- and click-tracking pixels used in the emails you send through the Services — see our Cookie Policy.

7. Data security

We maintain reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, and alteration — including encryption of data in transit and access controls that limit who can reach your data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

8. Data retention

We retain personal data for as long as your account is active. When your account is closed, or when you or a recipient asks us to delete data we control, we delete or de-identify it within 90 days, and purge it from routine backups in the ordinary course. We may retain limited information for longer where necessary to comply with legal, tax, or accounting obligations, resolve disputes, or enforce our agreements. Retention of Contact Data is governed by the Data Processing Addendum and your instructions.

9. Where data is processed

We process and store personal data in the United States. If you access the Services from outside the United States, you understand that your data will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country. Where you require a specific cross-border transfer mechanism for your subscribers' data, contact us about our Data Processing Addendum.

10. Your rights and choices

Subject to applicable law, you may:

  • access, correct, or update your account information from your account settings or by contacting us;
  • request a copy or deletion of the personal data we control about you;
  • opt out of non-essential marketing emails using the unsubscribe link or by contacting us; and
  • close your account at any time.

To make a request, email privacy@blacklistguard.com. We may need to verify your identity before acting. For Contact Data, direct your request to the BlacklistGuard customer who controls that data.

11. Region-specific rights

United States — California and other states

Depending on your state, you may have rights to know, access, correct, delete, and opt out of certain processing of your personal data, and not to be discriminated against for exercising them. We do not sell your personal data or share it for cross-context behavioral advertising. To exercise these rights, contact us at privacy@blacklistguard.com.

EEA and United Kingdom

Where the GDPR or UK GDPR applies, you have rights to access, rectify, erase, restrict, and object to processing, and to data portability. You may also lodge a complaint with your local supervisory authority. We rely on the lawful bases of performing our contract with you, our legitimate interests in operating and securing the Services, your consent (where applicable), and compliance with legal obligations.

12. Children's privacy

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice (such as a notice in the Services or by email). Your continued use of the Services after an update takes effect means you accept the revised policy.

14. How to contact us

If you have questions about this Privacy Policy or how we handle personal data, contact us at: