MAILCRAFT
Get Started →
Home Features Pricing About Blog Contact Log in Get Started →

Privacy Policy

Last updated: 30 May 2026. This is a baseline policy provided for transparency; please have it reviewed by legal counsel before relying on it for compliance.

Data Controller
Web Systems Krzysztof Balicki
Dąbrowskiego 249, 93-231 Łódź, Poland
NIP 7292462454
Contact: support@mailcraft.eu

This Privacy Policy explains how Web Systems Krzysztof Balicki (“MailCraft”, “we”, “us”) collects, uses, and protects personal data when you use the MailCraft.eu platform and website, in accordance with the EU General Data Protection Regulation (GDPR / RODO) and Polish data protection law.

1. Scope & roles

For data about our customers and website visitors, MailCraft acts as the data controller. For data that customers upload and send to their own subscribers through the platform, the customer is the controller and MailCraft acts as a data processor on the customer’s behalf (see section 4, Data Processing Agreement).

2. What data we collect

  • Account data: name, email, password (hashed), company, billing details, language preference.
  • Usage data: log-in activity, IP address, browser/device information, feature usage.
  • Billing data: plan, invoices, VAT/NIP, payment status (card data is handled by our payment processor, not stored by us).
  • Subscriber data (as processor): contacts and campaign data uploaded by customers.
  • Website data: contact-form submissions, newsletter opt-ins, cookies (section 9).

3. How we use data & legal bases

  • To provide and operate the service – performance of a contract (GDPR Art. 6(1)(b)).
  • To handle billing, invoicing and KSeF reporting – legal obligation (Art. 6(1)(c)).
  • To improve and secure the platform – legitimate interest (Art. 6(1)(f)).
  • To send the MailCraft newsletter – your consent (Art. 6(1)(a)), with double opt-in and easy unsubscribe.

4. Data Processing Agreement (DPA)

When you use MailCraft to send email to your own subscribers, you remain the data controller and we process that data only on your documented instructions, for the sole purpose of providing the service. We implement appropriate technical and organisational measures, assist you with data-subject requests and breach notifications, and delete or return subscriber data on termination. This Privacy Policy together with our Terms constitutes our baseline DPA; a separate signed DPA is available to Business customers on request at sales@mailcraft.eu.

5. Sub-processors

We use a limited number of vetted sub-processors, all operating within the EU/EEA:

  • Hetzner Online GmbH (Germany, EU) – server hosting & sending infrastructure.
  • Stripe Payments Europe – payment processing.
  • Fakturownia sp. z o.o. (Poland) – invoicing and KSeF e-invoicing.

We maintain an up-to-date list of sub-processors and will inform customers of material changes. Sub-processors are bound by contractual data-protection obligations no less protective than those in this policy.

6. Data residency

All personal data is stored and processed within the European Union (Poland and Germany). We do not transfer personal data outside the EEA in the ordinary course of providing the service. Where any transfer were ever required, it would be subject to appropriate safeguards under Chapter V GDPR (e.g. Standard Contractual Clauses).

7. Data retention

We keep account and subscriber data for the duration of your subscription. After termination, subscriber data is deleted within 30 days unless a longer period is required by law. Billing records are retained for the period required by Polish accounting and tax law.

8. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict or object to processing, and to data portability. To exercise these rights, contact support@mailcraft.eu. You also have the right to lodge a complaint with the Polish supervisory authority – the President of the Personal Data Protection Office (Prezes UODO), ul. Stawki 2, 00-193 Warszawa.

9. Cookies

We use essential cookies required for the website and application to function, and limited analytics cookies. You can control cookies through your browser settings.

10. Security

We apply technical and organisational measures including encryption in transit (TLS), hashed passwords, access controls, and EU-based hosting with monitoring. No method of transmission is 100% secure, but we work to protect your data and will notify affected users and authorities of any breach as required by law.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the website or email. The “last updated” date above reflects the latest revision.

12. Contact

Questions about privacy or this policy: support@mailcraft.eu – Web Systems Krzysztof Balicki, Dąbrowskiego 249, 93-231 Łódź, Poland.