Privacy Policy

1. Overview

This Privacy Policy explains what personal data Ficka Mail ("we", "us") collects when you use our website and platform (the "Service"), why we collect it, how we use it, and the rights you have. This policy applies to data we process as a controller. When you use the Service to send email to your own subscribers, you are the controller of that subscriber data and we are the processor; that relationship is governed by our Terms of Service and (where required) a Data Processing Addendum.

2. Data we collect

Data you provide

• Account data: name, email address, password (hashed), billing address, tax identifiers.
• Payment data: processed by our payment providers (Stripe, PayPal, Braintree, CoinPayments). We receive transaction metadata such as the last four digits of a card and billing country — not full card numbers.
• Support correspondence: messages you send us via email or support channels.

Data collected automatically

• Usage data: pages visited, features used, clicks, approximate location inferred from IP, device and browser information.
• Log data: IP address, request URLs, timestamps, user-agent, error traces.
• Cookies: see our Cookie Policy.

Data from third parties

• OAuth: if you sign in via Google or Facebook, we receive basic profile information (name, email, profile picture).
• Integrations: data passed from services you connect (e.g. WooCommerce, sending providers) is processed solely to operate those integrations.

3. How we use data

• To provide, maintain and secure the Service.
• To process payments, invoices and renewals.
• To communicate with you about your account, service changes and security alerts.
• To respond to support requests and enforce our Terms.
• To detect, prevent and investigate fraud, abuse and security incidents.
• To comply with legal obligations.
• To improve the Service using aggregated, de-identified analytics.

We do not sell your personal data, and we do not share it with advertisers.

4. Legal bases (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

• Contract — to create and operate your account and deliver the Service.
• Legitimate interests — to secure the Service, prevent abuse, and improve our product.
• Legal obligation — for tax, accounting and compliance with valid legal requests.
• Consent — for optional cookies, marketing communications and any other case where consent is required; you can withdraw it at any time.

5. Sharing & processors

We share personal data only with carefully selected service providers acting as processors on our behalf, and only as needed to operate the Service. Current categories include:

• Infrastructure hosting and storage.
• Payment processing (e.g. Stripe, PayPal, Braintree, CoinPayments).
• Email delivery providers used by the Service itself (for transactional notifications).
• Error monitoring and performance analytics.
• Customer support tooling.

We may also disclose personal data when required by law, to enforce our rights, or in connection with a corporate transaction (such as a merger or acquisition), subject to appropriate safeguards.

6. Retention

We retain personal data for as long as your account is active, plus a reasonable period afterwards to resolve disputes, comply with legal obligations, and enforce our agreements. Specifically:

• Account data: for the life of your account and up to 90 days after deletion.
• Billing records: for the period required by applicable tax law (typically 7 years).
• Log data: up to 12 months, except where longer retention is required for security investigations.

7. Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Request deletion (the "right to be forgotten").
• Restrict or object to certain processing.
• Port your data in a machine-readable format.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@fickamail.com. We will respond within the time frame required by applicable law.

8. International transfers

Where personal data is transferred outside its country of origin, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission and the UK Addendum where applicable, together with supplementary measures.

9. Security

We apply technical and organisational measures appropriate to the risks involved, including encryption in transit (TLS), encryption at rest where supported, restricted administrative access, and regular security reviews. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

10. Children

The Service is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe we hold such data, please contact us so we can remove it.

11. Changes

We may update this Privacy Policy from time to time. We will post the revised version with an updated date, and — for material changes — notify you via the Service or by email.

12. Contact

For privacy questions or requests, email privacy@fickamail.com.