Resonate Mail

Legal Privacy Policy

Privacy Policy

Last updated: [DATE]

1. Who we are

Resonate Mail OÜ ("Resonate Mail", "we", "us", "our") is a private limited company registered in the Republic of Estonia under the e-Residency programme.

  • Registry code: [YOUR REGISTRY CODE]
  • Registered address: [YOUR ESTONIAN LEGAL ADDRESS]
  • Email: [privacy@resonatemail.com]

We operate the website https://resonatemail.com and provide email marketing services under the product names Resonate Reach (our self-service email sending platform) and Resonate Amplify (our expert email services).

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, create an account, or use our services. It applies to all visitors, users, and customers of Resonate Mail.

2. Data protection authority

As an Estonian company, our lead supervisory authority for data protection matters is:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) Tatari 39, 10134 Tallinn, Estonia Email: info@aki.ee Phone: +372 627 4135 Website: https://www.aki.ee

3. What personal data we collect

3.1 Account data

When you create a Resonate Mail account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form only)
  • Company name (if provided)
  • Billing address and payment information (processed by our payment provider)

3.2 Usage data

When you use Resonate Reach or interact with our website, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring URL
  • Device identifiers

3.3 Email campaign data

When you use Resonate Reach to send email campaigns, we process:

  • Subscriber lists you upload (which may contain personal data of your subscribers, such as names and email addresses)
  • Email content you create or upload
  • Campaign performance data (opens, clicks, bounces, unsubscribes)

3.4 Communication data

When you contact us via our website contact form or email, we collect:

  • Your name
  • Your email address
  • The content of your message

3.5 Cookie data

Please refer to our Cookie Policy for details on the cookies we use.

4. How and why we use your data

We process your personal data on the following legal bases under Article 6(1) of the GDPR:

Purpose Legal basis Data used
Providing and maintaining your account and our services (Reach and Amplify) Performance of a contract (Art. 6(1)(b)) Account data, email campaign data
Processing payments and billing Performance of a contract (Art. 6(1)(b)) Account data, billing information
Communicating with you about your account or services Performance of a contract (Art. 6(1)(b)) Account data, communication data
Improving our website and services Legitimate interest (Art. 6(1)(f)) Usage data
Ensuring security and preventing fraud Legitimate interest (Art. 6(1)(f)) Account data, usage data, IP addresses
Determining eligibility for Reward Pool discounts Performance of a contract (Art. 6(1)(b)) Campaign performance data, sending volume
Sending you marketing communications about Resonate Mail Consent (Art. 6(1)(a)) Email address
Complying with legal obligations (e.g., tax, accounting) Legal obligation (Art. 6(1)(c)) Account data, billing information

Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your rights and freedoms.

5. Your role as a data controller

When you use Resonate Reach to send emails to your subscribers, you are the data controller for your subscriber data and we are the data processor acting on your behalf. We process subscriber data solely to provide the Resonate Reach service to you.

You are responsible for ensuring that you have obtained proper consent or have another lawful basis for sending emails to your subscribers, and that your use of our platform complies with the GDPR and all applicable data protection laws.

We offer a Data Processing Agreement (DPA) to all customers, which sets out our obligations as a data processor. You can request a copy by emailing [privacy@resonatemail.com].

6. Who we share your data with

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Payment processors: To process payments for our services.
  • Hosting and infrastructure providers: To host our website and platform.
  • Email delivery infrastructure: To facilitate the sending of emails through Resonate Reach.
  • Analytics providers: To help us understand how our website and services are used (see our Cookie Policy for details).
  • Professional advisers: Including accountants and legal advisers, where necessary for the operation of our business.
  • Law enforcement or regulatory authorities: Where required by law or to protect our legal rights.

All third-party service providers are contractually bound to process personal data only on our instructions and in accordance with the GDPR.

7. International data transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • An adequacy decision by the European Commission for the recipient country
  • Other lawful transfer mechanisms under the GDPR

You may request information about the specific safeguards applied to transfers of your data by contacting us at [privacy@resonatemail.com].

8. How long we keep your data

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, or as required by law.

  • Account data: Retained for the duration of your account and for up to 12 months after account closure, unless a longer retention period is required by law.
  • Billing and transaction data: Retained for 7 years after the relevant transaction to comply with Estonian accounting and tax obligations.
  • Campaign performance data: Retained for the duration of your account. Aggregated, anonymised statistics may be retained indefinitely.
  • Communication data: Retained for up to 24 months after the last communication.
  • Usage data and logs: Retained for up to 12 months.

9. Your rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can ask us to correct inaccurate or incomplete data.
  • Right to erasure — You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
  • Right to restriction of processing — You can ask us to restrict the processing of your data in certain circumstances.
  • Right to data portability — You can request that we provide your data in a structured, commonly used, and machine-readable format.
  • Right to object — You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint — You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (details in Section 2 above) or with the supervisory authority in your country of residence.

To exercise any of these rights, please contact us at [privacy@resonatemail.com]. We will respond to your request within one month of receipt.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), secure storage of passwords using industry-standard hashing, access controls, and regular security reviews.

11. Children

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by posting a prominent notice on our website or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact us

If you have any questions about this Privacy Policy or our data processing practices, you can contact us at:

Resonate Mail OÜ [YOUR ESTONIAN LEGAL ADDRESS] Email: [privacy@resonatemail.com]