MailsimBack to Home

Privacy Policy

Last updated: March 16, 2026

1. Introduction

Mailsim ("we," "our," or "the Service") is an email warming and deliverability tool operated at mailsim.io. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

2. Information We Collect

Account Information

When you register, we collect your name, email address, and password (stored securely using bcrypt hashing).

Email Account Credentials

When you connect an email account for warming, we collect either OAuth2 tokens (for Google Workspace and Microsoft Exchange) or SMTP/IMAP credentials (for custom providers). All credentials are encrypted at rest using AES-256 encryption.

Email Activity Data

We log metadata about warming emails sent and received, including timestamps, subject lines, delivery status, and engagement actions. We do not read or store the content of your personal emails.

Usage Data

We collect basic usage data such as login times and feature usage to improve the Service.

3. How We Use Your Information

  • To provide the email warming service, including sending and receiving warming emails on your behalf
  • To authenticate with your email provider via OAuth2 or SMTP/IMAP
  • To monitor email deliverability and calculate your sender reputation score
  • To detect and move warming emails out of spam folders and mark them as important
  • To generate automated replies to warming emails
  • To provide you with analytics and reporting dashboards

4. Google API Services - Limited Use Disclosure

Mailsim's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only access Gmail data necessary to perform email warming (sending warming emails via SMTP, reading mailbox via IMAP to detect spam placement, and performing engagement actions)
  • We do not use Gmail data for advertising or market research
  • We do not allow humans to read your email content unless necessary for security purposes, required by law, or with your explicit consent
  • We do not transfer Gmail data to third parties except as necessary to provide or improve the Service, comply with applicable law, or as part of a merger or acquisition

5. Data Security

  • All email credentials and OAuth tokens are encrypted at rest using AES-256-CBC encryption
  • Passwords are hashed using bcrypt with a cost factor of 12
  • All data in transit is encrypted via TLS/HTTPS
  • Database access is restricted to application services only
  • OAuth2 refresh tokens are used to maintain access without storing your email password

6. Data Retention

We retain your account data and email activity logs for as long as your account is active. When you delete your account or disconnect an email account, we delete all associated credentials, OAuth tokens, and email logs within 30 days.

7. Third-Party Services

We integrate with the following third-party services:

  • Google OAuth2— for authenticating Google Workspace and Gmail accounts
  • Microsoft OAuth2— for authenticating Microsoft 365 and Exchange Online accounts

We do not sell, trade, or share your data with any other third parties.

8. Your Rights

  • Access: You can view all your connected email accounts and activity data through the dashboard
  • Deletion: You can disconnect email accounts at any time, which removes all stored credentials
  • Revoke Access: You can revoke OAuth access at any time through your Google or Microsoft account settings
  • Data Export: Contact us to request a copy of your data

9. Contact Us

If you have questions about this Privacy Policy, please contact us at info@mailsim.io.