Privacy Policy

1. Operator and scope

This policy applies to the collection, use, storage, sharing, transfer, and protection of information when you use Operations Portal. If the Service is deployed and operated by your employer or client, that entity is the data controller for that instance; “we” means the party in control of that deployment.

2. Information we collect

To provide account management, sending, statistics, troubleshooting, and security auditing, we may process the following (depending on features you enable):

• Account and identity: registration email, credentials (e.g. password hash), roles and permissions, activation code usage records;
• Sending and business data: recipient addresses, subject, body, delivery status, errors, queue and task identifiers, related configuration;
• Technical and logs: IP address, device and browser type, access times, API request logs, security and anomaly records;
• Data from external services you authorize: the minimum set required for mail authorization and token refresh (as provided by those services).

3. How we use information

We use the above only on a lawful, fair, and necessary basis, typically to:

• Provide, maintain, and improve the Service (sending, queues, statistics, admin, etc.);
• Authenticate users, enforce permissions, detect and address fraud and security risks;
• Comply with laws and respond to lawful regulatory or court requests;
• Use aggregated or de-identified data internally for analysis and product improvement where individuals cannot be identified.

4. Storage, retention, and security

Information is usually stored in databases and logging systems under the operator’s control; the region depends on deployment configuration. We retain data for the shortest period needed for the purposes in this policy, unless law requires or permits longer retention.

We apply reasonable technical and organizational measures; absolute security cannot be guaranteed. You acknowledge inherent risks of internet transmission within applicable law.

5. Sharing, transfer, and disclosure

We do not sell personal information to unrelated third parties. We may share, transfer, or disclose information when:

• You give explicit consent;
• Required to meet legal obligations or respond to lawful process;
• In mergers, splits, or asset transfers, we require successors to honor this policy;
• With subprocessors (hosting, database, cache, monitoring) under contract, sharing only what is necessary.

6. Cookies and local storage

We may use cookies, local storage, or similar technologies for session state, preferences, and security. You can manage these in your browser; some features may not work if you disable them.

7. Your rights

Where applicable law allows, you may exercise rights such as access, copy, correction, deletion, restriction, or withdrawal of consent, following the operator’s procedures. We may verify identity for security; some requests may be denied or limited by law or technical feasibility.

8. Minors

The Service is intended for users with full legal capacity. If you are a minor, use the Service only with guardian guidance and consent.

9. Policy updates

We may revise this policy from time to time. Material changes will be indicated by in-app notice or other reasonable means. Continued use after the effective date constitutes acceptance of the revised policy.

10. Contact

For questions, comments, or complaints about this policy, contact us through the operator’s published channels. We will respond within a reasonable time.