LEGAL
Terms and Conditions
Last updated: 30 March 2026 · Effective: 30 March 2026
These Terms and Conditions (“Terms”) are a legally binding agreement between you (“User”, “Customer”, “you”) and Mailnaptic (“Company”, “we”, “us”, “our”) governing your access to and use of the Mailnaptic platform and all associated services, APIs, and integrations (collectively, the “Service”).
If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind that entity, in which case “you” refers to that entity.
By accessing or using the Service you agree to be bound by these Terms. If you do not agree, you must not use the Service.
Table of Contents
01Acceptance of Terms
13Data Retention
02Description of Service
14Third-Party Services
03Account Registration & Security
15Payment & Billing
04Acceptable Use Policy
16Intellectual Property
05Email Sending & Deliverability
17Disclaimers & Warranties
06AI-Powered Features
18Limitation of Liability
07Site Tracking
19Indemnification
08Contact Data & Privacy
20Termination
09Unsubscribe & Preferences
21Anti-Spam Compliance
10API Access & Webhooks
22Modifications to Terms & Service
11Team Accounts & Organisations
23Governing Law & Disputes
12Data Security
24General Provisions
SECTION 01
Acceptance of Terms
By accessing, registering for, or using Mailnaptic in any way, you confirm that you have read, understood, and agree to be legally bound by these Terms and Conditions, together with our Privacy Policy and any Data Processing Agreement applicable to your account. These documents form the entire agreement between you and Mailnaptic with respect to the Service.
If you are entering into these Terms on behalf of a company, organisation, or other legal entity, you represent and warrant that you have full legal authority to bind that entity to these Terms. If you do not have such authority, you must not accept these Terms or access the Service on behalf of that entity.
Use of the Service by individuals under the age of 16 is prohibited. By using the Service you represent that you are at least 16 years of age and have the legal capacity to enter into binding agreements in your jurisdiction.
Your continued use of the Service following any update or modification to these Terms constitutes your acceptance of the revised Terms. Where material changes are made, we will provide advance notice as described in Section 22.
SECTION 02
Description of Service
Mailnaptic is a software-as-a-service (SaaS) email marketing platform designed for multi-domain commercial email sending. The Service comprises the following core capabilities:
- ›Email Campaign Builder — Visual drag-and-drop editor for creating, scheduling, A/B testing, and sending bulk email campaigns to subscriber lists.
- ›Contact Management — Import, organise, and maintain subscriber databases with custom fields, tags, list memberships, and a unified engagement timeline per contact.
- ›Audience Segmentation — Dynamic segment builder with filter rules based on engagement, web activity, custom fields, purchase events, and AI-assisted natural-language segment creation.
- ›Marketing Automations — Visual workflow builder for event-triggered email sequences with conditional branching, wait steps, and pre-built templates for common use cases.
- ›Multi-Domain Email Sending Infrastructure — Verified sending domains with SPF, DKIM, and DMARC authentication, automated warmup schedules, bounce handling, ISP complaint ingestion, and frequency capping.
- ›AI-Powered Features — AI content generation, subject line scoring, preheader generation, segment building, audience health insights, and campaign post-mortem analysis, powered by the Anthropic Claude API.
- ›Site Tracking — Optional first-party JavaScript tracking snippet for websites, capturing page views, custom events, purchase events, and cross-referencing web activity with email contact records.
- ›Transactional Email API — REST API for programmatic sending of transactional messages triggered by application events.
- ›Analytics and Reporting — Open rates, click tracking, click heatmaps, campaign comparisons, per-ISP delivery breakdowns, device breakdowns, engagement scoring, scheduled reports, and predictive analytics.
- ›Team Collaboration and API Access — Role-based access control, organisation management, audit logging, webhooks, REST API, and API key management for multi-user teams and custom integrations.
Mailnaptic reserves the right to add, modify, or remove features at any time as described in Section 22.
SECTION 03
Account Registration and Security
3.1 Registration. To access most features of the Service you must create an account. You agree to provide accurate, current, and complete information during registration and to update that information promptly if it changes. Providing false, inaccurate, or misleading information is grounds for immediate account termination.
3.2 Authentication and Sessions. The Service uses JSON Web Tokens (JWT) for session authentication with short expiry windows. Refresh tokens are stored securely in our database and are rotated on each use. Sessions are protected by CSRF tokens on all authenticated requests. You are responsible for all activity occurring under your account credentials, whether or not authorised by you.
3.3 API Keys. API keys are scoped to an organisation and grant full programmatic access to that organisation’s data and sending capabilities. API keys must be treated with the same security as passwords. You must: (a) never embed API keys in client-side code or public repositories; (b) rotate keys immediately upon suspected compromise via the platform settings; and (c) use separate keys per integration. Mailnaptic bears no liability for damage resulting from your failure to secure API keys.
3.4 Multi-Factor Authentication. We strongly recommend enabling multi-factor authentication (MFA) on your account. Mailnaptic is not liable for unauthorised access resulting from your failure to activate available security features.
3.5 Breach Notification. You must notify Mailnaptic immediately at [email protected] if you become aware of or suspect any unauthorised access to your account, any compromise of your credentials or API keys, or any security vulnerability in the Service.
3.6 Account Non-Transferability. Accounts are personal or organisational and are non-transferable. You may not sell, trade, sublicense, or otherwise assign your account or any rights under these Terms to any third party without Mailnaptic’s prior written consent.
SECTION 04
Acceptable Use Policy
4.1 Consent Requirement. The Service may only be used to send email to individuals who have given their clear, freely given, specific, and informed consent to receive commercial email communications from you or your organisation. You must be able to demonstrate the existence and provenance of that consent upon request. You must not send email to: purchased, rented, or scraped contact lists; contacts whose email addresses were obtained without express consent; contacts who have previously unsubscribed, bounced as hard bounces, or reported your email as spam.
4.2 Prohibited Sending Practices. You must not use the Service to: send unsolicited bulk commercial email (“spam”); use deceptive, misleading, or falsified sender names, “From” addresses, reply-to addresses, or subject lines; forge or manipulate email headers or envelope data; use a third party’s domain or brand identity without authorisation; send email through unverified or unauthenticated sending domains; or circumvent or attempt to circumvent the Service’s deliverability controls, warmup schedules, sending rate limits, or frequency caps.
4.3 Prohibited Content. You must not transmit content that: contains malware, viruses, trojans, ransomware, spyware, or other malicious code; constitutes phishing, fraud, impersonation, or social engineering; infringes any third party’s intellectual property, privacy, or other legal rights; violates any applicable law including laws relating to gambling, controlled substances, financial services, or healthcare advertising; contains hate speech, threats of violence, or content that promotes discrimination; is pornographic or sexually explicit without prior written authorisation from Mailnaptic; or is otherwise illegal or harmful.
4.4 List Quality Obligations. You are responsible for maintaining list hygiene. You agree to: remove hard-bounced addresses immediately upon notification (the Service does this automatically); honour unsubscribe requests within the timelines required by applicable anti-spam law; not re-import contacts who have been suppressed by the platform; and maintain bounce rates below 5% and complaint rates below 0.1% of total sends per domain within any rolling 7-day window.
4.5 Platform Integrity. You must not: attempt to reverse-engineer, decompile, or probe the Service infrastructure; use automated tools to scrape, crawl, or harvest data from the Service beyond your own account data; conduct load or penetration testing without prior written permission; introduce code that could harm the Service or other users; or attempt to access data belonging to another organisation.
4.6 Consequences of Violation. Violation of this Acceptable Use Policy may result in, at Mailnaptic’s sole discretion: immediate suspension or termination of sending privileges or your entire account; reporting to relevant regulatory authorities or ISPs; civil or criminal liability; and/or a claim for damages including costs incurred in remedying harm caused to the platform’s sending reputation.
SECTION 05
Email Sending, Domains, and Deliverability
5.1 Domain Verification Requirement. All email sent through the Service must originate from a domain you own or are authorised to use, which has been verified and authenticated within the platform. Domain verification requires configuring SPF, DKIM, and DMARC DNS records as specified by the Service. You are solely responsible for the accurate configuration and ongoing maintenance of these DNS records. Mailnaptic provides a guided DNS wizard but bears no liability for misconfigured DNS records or the resulting deliverability consequences.
5.2 Domain Warmup. New sending domains must complete an automated warmup period with graduated daily sending volumes. The warmup schedule is enforced programmatically by the Service. You must not attempt to circumvent warmup volume limits through multiple accounts, domain rotation intended to avoid limits, or other technical means. Mailnaptic reserves the right to enforce warmup schedules through technical controls and to suspend sending from domains that show signs of warmup abuse.
5.3 Bounce Processing. The Service automatically processes bounce notifications. Hard bounces (permanent delivery failures) result in immediate and automatic suppression of the affected contact’s email address. Soft bounces (temporary delivery failures) are counted; by default, contacts are automatically suppressed after 5 consecutive soft bounce events (this threshold is configurable per organisation). You must not re-import or attempt to re-activate hard-bounced or suppressed contacts without documented evidence that the underlying deliverability issue has been resolved.
5.4 Complaint Processing. The Service processes ISP feedback loop (FBL) complaint notifications. Contacts who report your email as spam are automatically suppressed and added to the organisation suppression list. The Service monitors per-organisation complaint rates in real time. If your complaint rate exceeds configurable threshold levels, the Service may automatically restrict or suspend sending for your organisation and generate an alert. Repeated or severe complaint rate violations may result in account termination.
5.5 Frequency Capping. The Service provides configurable frequency capping to limit the number of emails sent to any individual contact within a rolling daily or weekly window. Frequency cap settings are your responsibility to configure appropriately. Mailnaptic bears no liability for unsubscribes, complaints, or regulatory issues resulting from your frequency cap configuration choices.
5.6 Physical Mailing Address. In compliance with the CAN-SPAM Act and similar legislation, the Service enforces the requirement for a physical mailing address to be configured on your sending domain before any campaign can be sent. This address will be included in the footer of every email sent through the platform. You warrant that the address you provide is accurate and associated with your organisation.
5.7 Shared Infrastructure and Reputation. The Service operates on shared email infrastructure. Your sending practices directly affect the sender reputation of other users on the platform. Mailnaptic reserves the right to impose sending restrictions on any account whose practices demonstrably harm the platform’s deliverability, ISP relationships, or reputation, without prior notice.
SECTION 06
AI-Powered Features
6.1 Third-Party AI Provider. Mailnaptic’s AI features — including email content generation, subject line scoring (0–100), preheader generation, AI rewrite, AI Segment Builder, AI Audience Insights, and AI Campaign Post-Mortem — are powered by the Anthropic Claude API, operated by Anthropic PBC (“Anthropic”). The models used include claude-sonnet-4-6 and claude-haiku-4-5. By using any AI feature you acknowledge that content you submit will be transmitted to Anthropic’s servers for processing and that Anthropic’s usage policies apply in addition to these Terms.
6.2 Data Transmitted to Anthropic. When you use AI features, the following data categories may be sent to Anthropic: email copy, subject lines, preheader text, or rewrite prompts that you submit; your plain-English segment description prompts; aggregate campaign performance metrics (open rates, click rates, device breakdowns) for post-mortem analysis; aggregate audience engagement distributions for Audience Insights; and your organisation name or industry context included in system prompts. We do not transmit personally identifiable information of your contacts — including names, email addresses, phone numbers, or demographic data — to Anthropic.
6.3 No Warranty on AI Output. AI-generated content, scores, segment rules, and analytical conclusions are provided for informational and creative assistance purposes only. Mailnaptic makes no representations or warranties as to the accuracy, completeness, suitability, legal compliance, originality, or fitness for any purpose of AI-generated outputs. AI features must not be treated as a substitute for professional legal, medical, financial, regulatory, or compliance advice.
6.4 Your Responsibility for AI Content. You are solely responsible for reviewing, editing, fact-checking, and approving all AI-generated content before it is sent to your subscribers or used in any operational context. You may not disclaim responsibility for AI-generated content on the basis that it was produced by an automated system. All content sent through the Service is subject to the Acceptable Use Policy in Section 4 regardless of whether it was AI-generated.
6.5 AI Segment Rules. Segment rules generated by the AI Segment Builder are based on natural-language interpretation and may not precisely reflect your intent. The Service displays a live contact count preview before you save any segment. You must verify the segment rules and contact count are correct before using an AI-generated segment for campaign targeting or automation triggers.
6.6 Intellectual Property in AI Output. The ownership of content created using AI features is not guaranteed. You acknowledge that AI-generated content may not qualify for copyright protection in all jurisdictions. You are responsible for verifying that AI-generated content does not infringe third-party intellectual property rights before use.
SECTION 07
Site Tracking
7.1 The Tracking Script. The Service provides an optional JavaScript tracking snippet that you may install on your website. This script collects the following data from your website visitors on your behalf: (a) page URLs and referrer URLs for each page view; (b) custom event names and associated properties as defined and triggered by your implementation; (c) purchase events and associated values as configured by you; and (d) an anonymous browser session identifier stored in a first-party cookie named _mn_aid with a 365-day expiry period.
7.2 Email-to-Web Identity Resolution. When a tracked link in a Mailnaptic email is clicked, a single-use identity token is appended as a query parameter (_mn) to the redirect URL. When the tracking script detects this token on the landing page, it sends an identify_token event that resolves the visitor’s anonymous browser session to the corresponding email contact record. This retroactively associates recent anonymous tracking events with the identified contact. Identity tokens are single-use and are invalidated after first use or upon expiry. You must clearly disclose this identity resolution mechanism in your website’s privacy policy.
7.3 Your Legal Obligations. By installing and using the site tracking script, you accept full legal responsibility for: (a) disclosing the use of tracking cookies and web analytics in your website’s privacy policy and cookie policy; (b) obtaining all legally required consents from your website visitors prior to loading the script in jurisdictions that require such consent, including the European Economic Area and United Kingdom under the GDPR and ePrivacy Directive (Cookie Law), and any other applicable jurisdiction; (c) implementing a compliant cookie consent mechanism (CMP) on your website that controls whether and when the tracking script loads; and (d) ensuring that cross-session and cross-device identity resolution complies with all applicable privacy and data protection laws.
7.4 Global Privacy Control. By default, Mailnaptic organisations are configured to honour the Global Privacy Control (GPC) signal. If a website visitor’s browser sends a GPC signal indicating they have opted out of tracking, the Service will not set the _mn_aid cookie or identify that visitor’s session. You may configure GPC behaviour in your organisation’s compliance settings.
7.5 Mailnaptic’s Role. Mailnaptic processes site tracking data solely for the purpose of providing the Service features to you. We do not use your website visitors’ data for our own advertising, profiling, or any purpose other than service delivery. Site tracking data is subject to the data retention policies described in Section 13.
SECTION 08
Contact Data and Privacy
8.1 You as Data Controller. You are the data controller of the personal data of your contacts stored in and processed through the Service. You represent and warrant that: (a) you have a lawful legal basis under applicable data protection law for each category of personal data you hold and each processing activity you perform (including sending marketing email); (b) your contacts have been informed of how their data is used; and (c) your privacy policy accurately describes your data collection and processing activities including your use of Mailnaptic as a data processor.
8.2 Mailnaptic as Data Processor. Where GDPR, UK GDPR, or equivalent data protection legislation applies, Mailnaptic acts as a data processor processing personal data on your behalf under your instructions. A Data Processing Agreement (DPA) is available within the Compliance section of your organisation settings. The DPA governs our processing of personal data and is incorporated into these Terms by reference. You must execute a DPA before processing personal data of individuals in the European Economic Area, United Kingdom, or any other jurisdiction that requires a formal data processing contract. The DPA acceptance timestamp and version are recorded in the platform audit trail.
8.3 Data Subject Rights. You are responsible for honouring data subject rights requests from your contacts within the timeframes required by applicable law. These rights include (where applicable) the right to access, rectify, erase, restrict processing of, and port their personal data. The Service provides tools to assist in fulfilling these requests including contact search, data export, and contact deletion.
8.4 Hard Delete. The Service provides a hard delete function that permanently removes a contact record together with all associated data including: engagement history (opens, clicks), web tracking events (site_event), list memberships, tag associations, automation workflow run history, frequency cap records, and consent log entries (contact IP and notes are nullified while preserving the audit trail structure). Hard deletion is irreversible. Consent log records are anonymised rather than fully deleted to preserve a minimal audit trail. You are responsible for executing hard delete requests within the timeframes required by applicable law, including the GDPR right to erasure (Article 17).
8.5 Suppression Lists. The Service maintains suppression lists of unsubscribed, hard-bounced, and complaint-flagged contacts. Re-importing suppressed contact email addresses to circumvent suppression is a material breach of these Terms and may violate anti-spam and data protection law. Suppression list integrity is considered a core compliance mechanism of the Service.
8.6 Data Portability. You may export your contact data in CSV format at any time. Mailnaptic does not guarantee the availability of data export functionality after account termination beyond the 30-day post-termination data retention period described in Section 13.
SECTION 09
Unsubscribe and Preference Management
9.1 Unsubscribe Links. Every campaign sent through the Service must include a functioning unsubscribe link. The Service automatically appends an unsubscribe link to all outgoing campaigns. Unsubscribe tokens are cryptographically secured using AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations, SHA-256) to protect the encoded recipient information against manipulation. You must not remove, obscure, or disable the unsubscribe mechanism.
9.2 List-Unsubscribe Header. The Service inserts a List-Unsubscribe and List-Unsubscribe-Post header in all outgoing campaigns, enabling one-click ISP-level unsubscribe in compliance with RFC 8058 and Google/Yahoo bulk sender requirements. This header uses an HMAC-SHA256 signed token. Unsubscribe link tokens expire after 90 days by default (configurable via the UNSUBSCRIBE_LINK_MAX_AGE_DAYS setting). Legacy unsubscribe links without timestamps are honoured indefinitely for backward compatibility.
9.3 Processing Unsubscribe Requests. The Service processes unsubscribes immediately upon token redemption. Unsubscribed contacts are added to the organisation suppression list and will not receive further campaigns unless they re-opt-in through a legitimate consent mechanism. You agree to honour all unsubscribe requests and must not re-add unsubscribed contacts to any active list.
9.4 Preference Centre. The Service provides a branded, customisable preference centre where your subscribers can manage their communication preferences at a granular level. The preference centre supports per-topic opt-in controls and the capture of unsubscribe reasons. Configuration of the preference centre including branding, messaging, and subscription categories is your responsibility.
9.5 Double Opt-In. For organisations subject to CASL or other regimes requiring express consent, the Service supports double opt-in with a configurable consent recency window (in days). When enabled, contacts must confirm their subscription by clicking a confirmation link before they can receive campaigns. Contacts whose double opt-in confirmation is older than the configured recency window will be excluded from sends. You are responsible for configuring double opt-in settings in accordance with applicable law.
SECTION 10
API Access and Webhooks
10.1 API Access. The Service provides a REST API for programmatic access to platform functionality including contact management, campaign operations, segment queries, transactional email sending, and webhook management. API access requires a valid organisation-scoped API key. All API usage is subject to these Terms and the Acceptable Use Policy in Section 4.
10.2 Rate Limits. API requests are subject to rate limits enforced by the Service infrastructure using a Redis-backed rate limiting system with in-memory fallback. Rate limit status is communicated via standard HTTP response headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset). Requests exceeding the rate limit receive an HTTP 429 response with a Retry-After header. Attempting to circumvent rate limits through technical means, multiple API keys, or coordinated requests is a violation of these Terms.
10.3 Webhooks. The Service supports outbound webhooks delivering event notifications to HTTPS endpoint URLs you configure. You are responsible for: securing your webhook receiver endpoints; validating webhook payloads using the provided HMAC signature; and handling duplicate deliveries, as the Service does not guarantee exactly-once delivery. Mailnaptic will attempt webhook delivery according to the platform’s retry schedule but does not guarantee delivery of every webhook event. Webhook delivery history and failure logs are available within the platform.
10.4 Transactional Email. The transactional email API may be used only for sending individual, trigger-based transactional messages to users who have an existing relationship with your application (for example, account confirmations, password resets, order receipts). It must not be used for bulk marketing sends, which must be conducted through the campaign sending infrastructure.
10.5 Prohibited API Uses. In addition to the general Acceptable Use Policy, you must not use the API to: aggregate or harvest data for resale or redistribution; attempt to access data belonging to other organisations or accounts; conduct automated scanning, load testing, or stress testing of Service infrastructure without prior written permission from Mailnaptic; or use the API in any way that would impose a disproportionate burden on Service infrastructure.
SECTION 11
Team Accounts and Organisations
11.1 Organisation Structure. The Service supports multiple organisations per user account. Each organisation maintains fully isolated data including contacts, campaigns, domains, automations, segments, templates, API keys, webhooks, and compliance settings. You are responsible for ensuring that data separation between organisations is maintained for any use case where regulatory or confidentiality requirements demand it.
11.2 Role Hierarchy. The Service implements the following role-based access control hierarchy within each organisation:
Owner — Full access including billing, compliance settings, DPA acceptance, API key management, team member management, audit log access, and organisation deletion.
Admin — Full operational access to campaigns, contacts, automations, domains, and settings, but excluding billing and certain compliance functions reserved for Owner.
Editor — Campaign and contact management including creating, editing, and sending campaigns and managing contacts and lists.
Viewer — Read-only access to campaign analytics, contact data, and reports.
The Organisation Owner is legally responsible for all actions taken by team members within their organisation, including violations of these Terms.
11.3 Team Member Invitations. You may invite team members to your organisation by email. You are responsible for ensuring that all invited team members are aware of and agree to these Terms before accessing the Service. Access permissions for team members who leave your organisation must be revoked promptly. Mailnaptic is not liable for damage caused by former team members whose access was not timely revoked.
11.4 Audit Logging. Owner-role users have access to an audit log recording significant account actions including compliance events, data access events, and administrative changes. The audit log is provided as a security and compliance assistance tool. Mailnaptic does not warrant the completeness or real-time accuracy of audit log entries.
SECTION 12
Data Security
12.1 Mailnaptic’s Security Measures. Mailnaptic implements the following technical and organisational security measures: (a) Transport Layer Security (TLS) encryption for all data in transit between your browser or application and the Service; (b) Password hashing using industry-standard algorithms; (c) Short-lived JSON Web Token (JWT) authentication with automatic expiry and rolling refresh token rotation — refresh tokens are invalidated on each use and replaced with a new token; (d) Cross-Site Request Forgery (CSRF) token protection on all authenticated session requests; (e) Redis-backed rate limiting on authentication endpoints to prevent brute force attacks, with configurable thresholds and automatic temporary lockout; (f) HMAC signature validation and timestamp-based replay protection (300-second validation window with nonce deduplication) on abuse ingest endpoints; and (g) API key redaction from all log output.
12.2 Your Security Responsibilities. You are responsible for: maintaining the confidentiality and security of your account password, refresh tokens, and API keys; promptly revoking API keys suspected of compromise; using secure HTTPS connections when integrating with the Service API; validating webhook HMAC signatures; ensuring your webhook receiver endpoints are properly secured; and ensuring that team members access the Service only through authorised means.
12.3 No Absolute Security. Despite reasonable security measures, no system is entirely immune to security vulnerabilities or breaches. Mailnaptic does not warrant that the Service is free from all security vulnerabilities. In the event of a confirmed data breach that affects your personal data, Mailnaptic will notify you without undue delay in accordance with applicable data protection law.
12.4 Vulnerability Disclosure. If you discover a security vulnerability in the Service, you must report it promptly to [email protected] and must not publicly disclose the vulnerability before Mailnaptic has had a reasonable opportunity to investigate and address it. Mailnaptic will acknowledge receipt of your report within 5 business days.
SECTION 13
Data Retention
13.1 Active Accounts. Mailnaptic retains your account data, contact data, campaign data, and associated records for as long as your account remains active and for as long as necessary to provide the Service.
13.2 Automated Data Retention Worker. The Service includes an automated data retention worker that runs on a configurable schedule (default: every 24 hours) and enforces organisation-level data retention policies. Organisations may configure a data_retention_days setting. Contacts who have shown no engagement activity (email opens, email clicks, or site tracking events) within the configured retention window are subject to automated action: (a) contacts with a status of suppressed, bounced, or unsubscribed are hard deleted along with all associated records; (b) contacts with an active subscribed status are soft-suppressed — their status is changed to ‘unsubscribed’ with a reason of ‘data_retention’ and a suppression log entry is created for compliance defence purposes.
13.3 Event Data Retention. Email message events (message_event), site tracking events (site_event), and abuse events (bounces, complaints) are retained for a period of twice the configured contact retention window, after which PII fields within those records are purged. This two-tier approach supports data minimisation while preserving aggregate reporting capability.
13.4 Hard Delete Scope. When a contact is hard-deleted (either manually or by the automated retention worker), the following associated records are permanently and irreversibly deleted: the contact row, contact tag map entries, contact list memberships, campaign recipient records, automation workflow run records, site event records, frequency cap records, and consent log PII fields (IP addresses and notes are nullified; the structural audit trail is preserved).
13.5 Account Termination. Upon account termination, your data is retained for 30 days to allow for re-activation or data export. After this 30-day period, all account data is permanently deleted. You are strongly advised to export all data before initiating account termination. Mailnaptic accepts no responsibility for data lost after this retention period expires.
13.6 Legal Hold. Mailnaptic may retain specific data for longer than the periods stated above where required by applicable law, regulation, tax obligations, or legal proceedings. In such cases we will retain only the minimum data necessary for the legal purpose and will delete it as soon as that purpose is fulfilled.
SECTION 14
Third-Party Services
14.1 Integrated Third Parties. The Service integrates with the following categories of third-party services: (a) Anthropic PBC — AI content generation and analysis via the Anthropic Claude API (see Section 6); (b) SMTP and Email Relay Providers — underlying email transmission infrastructure used to deliver campaigns and transactional messages; (c) DNS Infrastructure — third-party DNS providers that propagate your domain authentication records (SPF, DKIM, DMARC); (d) ISP Feedback Loop Processors — services that receive and forward abuse complaints and bounce notifications from major internet service providers.
14.2 Third-Party Terms. Your use of third-party services integrated with the Service is subject to those parties’ own terms of service and privacy policies. Mailnaptic is not responsible for the availability, reliability, performance, security, or data handling practices of third-party services. Changes to third-party terms or availability may affect Service features without notice.
14.3 External Links. The Service may contain links to third-party websites or resources. These links are provided for convenience only. Mailnaptic has no control over and accepts no responsibility for the content, privacy policies, or practices of any third-party website.
14.4 Sub-Processor Changes. Where Mailnaptic engages new sub-processors who will process your personal data, we will notify you via email or in-app notification with a minimum of 30 days’ advance notice. If you object to a new sub-processor, you may terminate your account as your sole remedy.
SECTION 15
Payment and Billing
15.1 Subscription Plans. Access to paid features of the Service is provided under subscription plans as detailed on the Mailnaptic pricing page. By subscribing to a paid plan you authorise Mailnaptic to charge your designated payment method for the applicable subscription fee on the billing cycle you select (monthly or annual).
15.2 Auto-Renewal. Subscriptions automatically renew at the end of each billing period at the then-current subscription rate unless you cancel before the renewal date. Cancellation instructions are available in your account settings. Cancellation takes effect at the end of the current paid period; you retain access to paid features until expiry.
15.3 Price Changes. Mailnaptic reserves the right to change subscription pricing. We will provide at least 30 days’ notice of price increases via email to your registered address. Continued use of the Service after a price change takes effect constitutes your acceptance of the new pricing.
15.4 Refunds. Subscription fees are non-refundable except where required by applicable consumer protection legislation or at Mailnaptic’s sole discretion. No refunds are issued for partial billing periods.
15.5 Failed Payments. If a payment fails, Mailnaptic will attempt re-processing according to our billing retry schedule. Continued payment failure may result in suspension of paid features or account downgrade to a free plan. You are responsible for keeping your payment method current and valid.
15.6 Taxes. Quoted prices are exclusive of applicable taxes, levies, or duties. You are responsible for all sales, use, value-added, goods-and-services, or similar taxes applicable to your subscription in your jurisdiction. Where Mailnaptic is required by law to collect taxes, those amounts will be added to your invoice.
SECTION 16
Intellectual Property
16.1 Mailnaptic Ownership. Mailnaptic and its licensors own all intellectual property rights in and to the Service, including the platform software, source code, user interface design, branding, trademarks, documentation, and all underlying technology. Nothing in these Terms grants you any rights in the Service beyond the limited, non-exclusive, non-transferable, revocable licence to use it as described herein.
16.2 Your Content. You retain full ownership of all content, contact data, email templates, campaigns, automation configurations, segment rules, and other materials you create, upload, or store in the Service (“Your Content”). You grant Mailnaptic a limited, non-exclusive, royalty-free, worldwide licence to host, store, process, transmit, reproduce, and display Your Content solely to the extent necessary to provide the Service to you and as described in these Terms.
16.3 Feedback. Any feedback, suggestions, ideas, or feature requests you voluntarily submit to Mailnaptic regarding the Service may be used by Mailnaptic without restriction, compensation, attribution, or any obligation to you.
16.4 Restrictions. You must not: copy, modify, distribute, sell, or sublicense any part of the Service; reverse-engineer, decompile, or disassemble the Service or attempt to derive its source code; create derivative works based on the Service; remove or alter any copyright, trademark, or proprietary notices; or use Mailnaptic’s name, logo, or trademarks without prior written consent.
16.5 DMCA / Copyright Notices. If you believe that content on the Service infringes your copyright, please send a notice to [email protected] containing: your contact information; identification of the copyrighted work; identification of the allegedly infringing material; a statement that you have a good-faith belief that the use is not authorised; and a declaration that the information in the notice is accurate.
SECTION 17
Disclaimers and Warranties
17.1 Service Provided “As Is”. THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, NON-INFRINGEMENT, AND TITLE.
17.2 No Deliverability Guarantee. Mailnaptic does not warrant that emails sent through the Service will be delivered to any specific inbox, will avoid spam filters, or will achieve any particular open, click, or conversion rate. Email deliverability is influenced by many factors beyond Mailnaptic’s control including recipient ISP policies, sender reputation, email content, and recipient behaviour.
17.3 No Uptime Guarantee. Mailnaptic does not warrant that the Service will be available without interruption, error, or data loss. The Service may be unavailable during planned maintenance windows or due to events outside Mailnaptic’s control. Background workers (including the campaign sender worker, automation worker, domain monitor worker, and data retention worker) operate on scheduled cycles and are not guaranteed to execute in real time.
17.4 No AI Output Warranty. Mailnaptic makes no warranties as to the accuracy, completeness, legality, originality, or fitness for purpose of any content, recommendations, scores, segment rules, or insights produced by AI-powered features. See Section 6 for AI-specific terms.
17.5 Consumer Rights. Some jurisdictions do not permit the exclusion of implied warranties. Where applicable consumer protection legislation does not allow these exclusions, they apply only to the extent permitted by law.
SECTION 18
Limitation of Liability
18.1 Exclusion of Consequential Damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MAILNAPTIC AND ITS AFFILIATES, DIRECTORS, EMPLOYEES, AGENTS, AND LICENSORS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING FROM OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE, INCLUDING BUT NOT LIMITED TO: LOSS OF PROFITS; LOSS OF REVENUE; LOSS OF DATA; LOSS OF GOODWILL; BUSINESS INTERRUPTION; COST OF SUBSTITUTE SERVICES; REGULATORY FINES OR PENALTIES; OR DAMAGE TO REPUTATION. THIS EXCLUSION APPLIES REGARDLESS OF THE LEGAL THEORY ON WHICH THE CLAIM IS BASED AND EVEN IF MAILNAPTIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
18.2 Liability Cap. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MAILNAPTIC’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY YOU TO MAILNAPTIC IN THE TWELVE (12) CALENDAR MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED EUROS (€100).
18.3 Essential Basis. The limitations of liability in this Section reflect a reasonable allocation of risk between the parties and are an essential basis of the bargain between them. Mailnaptic would not provide the Service on these terms without these limitations.
18.4 Exceptions. Nothing in these Terms shall limit or exclude either party’s liability for: death or personal injury caused by negligence; fraud or fraudulent misrepresentation; or any other liability that cannot lawfully be excluded or limited in the applicable jurisdiction.
SECTION 19
Indemnification
You agree to defend, indemnify, and hold harmless Mailnaptic and its officers, directors, employees, agents, successors, and licensors from and against any claims, actions, proceedings, demands, damages, losses, liabilities, costs, and expenses (including reasonable legal fees and court costs) arising out of or in connection with:
- (a)Your use of the Service in violation of these Terms, applicable law, or any third-party rights;
- (b)Your email sending practices, including spam complaints filed against you with ISPs or regulatory authorities, ISP blocking actions, regulatory investigations or fines resulting from your use of the Service, or damage to the platform’s shared sending reputation caused by your sending practices;
- (c)Claims by your contacts or website visitors arising from your collection, use, processing, or disclosure of their personal data, including claims under GDPR, CCPA, CASL, or any other applicable data protection or privacy law;
- (d)Your use and publication of AI-generated content, including claims of factual inaccuracy, copyright infringement, defamation, or misrepresentation;
- (e)Your installation and operation of the site tracking script on your website, including claims by your website visitors regarding tracking, cookies, or identity resolution without adequate consent; and
- (f)Content you upload to or create within the Service that infringes any third party’s intellectual property, privacy, or other rights.
Mailnaptic reserves the right, at its own expense, to assume the exclusive defence and control of any matter subject to indemnification by you. You agree to cooperate with Mailnaptic’s defence of such claims and to not settle any claim without Mailnaptic’s prior written consent.
SECTION 20
Termination
20.1 Termination by You. You may cancel your account at any time through the account settings. Cancellation of a paid subscription takes effect at the end of the current billing period. No refund is issued for the remaining period. All data export must be completed before account deletion, as Mailnaptic retains data for only 30 days post-termination before permanent deletion.
20.2 Termination or Suspension by Mailnaptic. Mailnaptic may suspend or terminate your access to the Service immediately and without prior notice if: (a) you violate the Acceptable Use Policy (Section 4) or any other material provision of these Terms; (b) your sending practices generate bounce rates, complaint rates, or ISP blocks that exceed acceptable thresholds and negatively affect the platform or other users; (c) you fail to pay applicable fees and do not remedy the failure within 14 days of notice; (d) we are required to do so by law, regulation, or a court order; (e) your organisation’s complaint or bounce rate triggers the platform’s automatic organisation-locking mechanism; or (f) your account has been inactive for more than 24 consecutive months and we have been unable to contact you.
20.3 Effect of Termination. Upon termination: (a) your access to the Service ceases immediately; (b) all licences granted to you under these Terms terminate; (c) your data is retained for 30 days and then permanently deleted as described in Section 13; (d) any outstanding fees become immediately due and payable; and (e) provisions of these Terms that by their nature should survive termination (including Sections 8, 16, 17, 18, 19, and 23) shall survive.
20.4 Export Before Termination. You are strongly advised to export all contact data, campaign data, templates, and reports before initiating or accepting account termination. Mailnaptic accepts no responsibility for data that cannot be recovered after the 30-day post-termination data retention window has elapsed.
SECTION 21
Anti-Spam and Regulatory Compliance
21.1 CAN-SPAM Act (United States). Where you send commercial email to recipients in the United States, you agree to comply with the CAN-SPAM Act of 2003 and any amendments, including: (a) including a physical postal mailing address in every commercial email — the Service enforces this requirement and will block campaign sending if no mailing address is configured on the sending domain; (b) using accurate and non-deceptive “From”, “To”, and subject line information; (c) identifying messages as commercial advertisements where required; (d) providing a clear, conspicuous, and functioning opt-out mechanism in every message; and (e) honouring opt-out requests within 10 business days of receipt.
21.2 GDPR and UK GDPR (European Union and United Kingdom). Where you process personal data of individuals in the EEA or UK, you agree to comply with the General Data Protection Regulation (EU) 2016/679 and/or the UK GDPR, including: (a) maintaining a documented lawful legal basis for each processing activity; (b) providing a compliant privacy notice to data subjects; (c) honouring data subject rights requests (access, rectification, erasure, restriction, portability, objection) within applicable statutory timeframes; (d) executing the Mailnaptic Data Processing Agreement; (e) conducting and documenting data protection impact assessments where required; and (f) ensuring adequate safeguards for transfers of personal data outside the EEA or UK.
21.3 CASL (Canada). Where you send commercial electronic messages to recipients in Canada, you agree to comply with Canada’s Anti-Spam Legislation (CASL), including: (a) obtaining express consent before sending commercial electronic messages, supported by the platform’s double opt-in mechanism and configurable consent recency windows; (b) clearly identifying yourself and your organisation in every message; (c) including a functioning unsubscribe mechanism in every message; (d) honouring unsubscribe requests within 10 business days; and (e) maintaining records of consent and its provenance. The platform’s consent log and double opt-in features are provided to assist with CASL compliance; final compliance responsibility rests with you.
21.4 CCPA and CPRA (California, United States). Where you process personal information of California consumers, you agree to comply with the California Consumer Privacy Act and California Privacy Rights Act, including honouring the rights to know, delete, correct, and opt out of the sale or sharing of personal information. The Service provides tools to assist with data deletion and preference management. You are responsible for providing consumers with the required disclosures and opt-out mechanisms.
21.5 Other Jurisdictions. You are solely responsible for ensuring compliance with all anti-spam, data protection, and electronic communications laws applicable in every jurisdiction where your subscribers or website visitors are located, including but not limited to PECR (UK), PIPEDA (Canada), LGPD (Brazil), POPIA (South Africa), and any applicable sector-specific regulations. Mailnaptic does not provide legal advice and nothing in these Terms constitutes legal advice.
SECTION 22
Modifications to Terms and Service
22.1 Changes to Terms. Mailnaptic reserves the right to modify these Terms at any time. For material changes — including changes that affect your legal rights, add new obligations, or significantly alter the Service’s data handling practices — we will provide at least 30 days’ advance notice via email to your registered account address and/or a prominent in-app notification. The effective date of revised Terms will be updated at the top of this document.
22.2 Acceptance of Changes. Your continued use of the Service after the effective date of revised Terms constitutes your acceptance of those changes. If you do not agree to the revised Terms, you must discontinue use of the Service and cancel your account before the effective date.
22.3 Changes to the Service. Mailnaptic reserves the right to add, modify, or remove features, functions, or integrations of the Service at any time. We will endeavour to provide reasonable advance notice of significant feature removals where practicable. Feature changes do not entitle you to a refund of subscription fees.
22.4 Minor Changes. Non-material changes — such as corrections to typographical errors, clarifications that do not alter the substantive meaning of provisions, or updates required by changes in applicable law — may be made without advance notice. The updated Terms will be posted at mailnaptic.com/terms-of-service.
SECTION 23
Governing Law and Disputes
23.1 Governing Law. These Terms and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Denmark, without regard to its conflict of law principles.
23.2 Informal Resolution. Before initiating formal dispute proceedings, you agree to first contact Mailnaptic at [email protected] and attempt to resolve the dispute informally. Mailnaptic will endeavour to respond within 30 days and work toward an informal resolution in good faith. This informal process is a prerequisite to formal proceedings.
23.3 Dispute Resolution. If informal resolution fails within 60 days, any dispute arising from or in connection with these Terms or the Service shall be referred to and finally resolved by binding arbitration under mutually agreed arbitration rules. The arbitration shall be conducted in Copenhagen, Denmark in the English language. The arbitrator’s award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.
23.4 Class Action Waiver. YOU AND MAILNAPTIC AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
23.5 Injunctive Relief. Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent actual or threatened infringement of intellectual property rights or breach of confidentiality obligations, without being required to post a bond or other security.
SECTION 24
General Provisions
24.1 Entire Agreement. These Terms, together with the Privacy Policy, any executed Data Processing Agreement, and any Order Form or subscription confirmation, constitute the entire agreement between you and Mailnaptic with respect to the Service and supersede all prior negotiations, representations, warranties, and understandings, whether written or oral.
24.2 Severability. If any provision of these Terms is found by a court or arbitrator of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall continue in full force and effect.
24.3 Waiver. Mailnaptic’s failure or delay in exercising any right, power, or remedy under these Terms shall not operate as a waiver of that right, power, or remedy. No single or partial exercise of a right prevents further exercise of that or any other right.
24.4 Assignment. You may not assign, transfer, delegate, or sublicense your rights or obligations under these Terms without Mailnaptic’s prior written consent. Any purported assignment without such consent is void. Mailnaptic may freely assign these Terms in connection with a merger, acquisition, corporate restructuring, or sale of all or substantially all of its assets, provided that the assignee assumes all obligations under these Terms.
24.5 Force Majeure. Neither party shall be liable for any failure or delay in performance under these Terms to the extent caused by circumstances beyond that party’s reasonable control, including but not limited to natural disasters, acts of war or terrorism, government actions, power failures, internet service disruptions, or failures of third-party infrastructure providers. The affected party must notify the other promptly and resume performance as soon as reasonably practicable.
24.6 Relationship of Parties. These Terms do not create a partnership, joint venture, agency, employment, or franchise relationship between you and Mailnaptic. Neither party has the authority to bind the other in any way.
24.7 Notices. Notices from Mailnaptic to you will be sent to the email address associated with your registered account or posted as in-app notifications. Notices from you to Mailnaptic must be sent to [email protected]. Notice is deemed given when sent by email (on transmission, provided no delivery failure is received) or when posted in-app (on the date posted).
24.8 Language. These Terms are drafted in English. In the event of any conflict between an English version and any translation, the English version shall prevail to the extent permitted by applicable law.
24.9 Headings. Section headings are provided for convenience only and shall not affect the interpretation of these Terms.
CONTACT
Questions about these Terms?
Legal Enquiries
Privacy & Data Requests
Abuse & Spam Reports
Security Vulnerability Reports
Mailnaptic · Privacy Policy · Terms of Service