Privacy Policy

Last updated: January 9, 2026

1. Introduction

Welcome to Taplo ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our website and in using our products and services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our interactive email marketing platform.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account information (name, email address, company name)
  • Payment and billing information
  • Content you create, upload, or share through our platform
  • Communications with our support team

2.2 Automatically Collected Information

When you use our services, we automatically collect certain information, including:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyze trends and usage
  • Detect, prevent, and address technical issues

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With service providers who assist us in operating our platform
  • To comply with legal obligations or respond to lawful requests
  • To protect our rights, privacy, safety, or property
  • In connection with a business transfer or merger

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal information under the following legal bases:

  • Contractual necessity: To perform our contract with you and provide our services
  • Legitimate interests: To operate our business, improve our services, and ensure security
  • Consent: Where you have provided explicit consent for specific processing activities
  • Legal obligations: To comply with applicable laws and regulations

7. Your Privacy Rights

Depending on your location, you have certain rights regarding your personal information. We are committed to honoring these rights:

7.1 Rights Under GDPR (European Economic Area and United Kingdom)

If you are located in the EEA or UK, you have the following rights:

  • Right of Access: You can request a copy of the personal information we hold about you, including what data we have, why we have it, and who we share it with.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal information.
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal information when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when it has been unlawfully processed.
  • Right to Restrict Processing: You can request that we limit how we use your personal information in certain circumstances.
  • Right to Data Portability: You can request a copy of your personal information in a structured, machine-readable format.
  • Right to Object: You can object to processing of your personal information based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority if you believe we have violated your rights.

7.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, disclose, and sell (if applicable).
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. If this changes in the future, we will provide you with the ability to opt-out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Correct: You can request correction of inaccurate personal information.

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: privacy@taplo.com
  • Include your full name, email address associated with your account, and a clear description of the right you wish to exercise
  • For deletion requests, specify which data you want deleted

We will respond to your request within 30 days (or 45 days if reasonably necessary). We may need to verify your identity before processing your request to protect your privacy and security.

Data Deletion Process: When you request deletion of your personal information, we will:

  • Verify your identity to ensure the request is legitimate
  • Delete your personal information from our active systems within 30 days
  • Remove your data from backup systems during our next scheduled backup cycle (which may take up to 90 days)
  • Retain certain information only as required by law or for legitimate business purposes (e.g., transaction records for accounting purposes)
  • Provide confirmation once deletion is complete

8. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

  • The nature of the information and the purpose for which it was collected
  • Legal and regulatory requirements (e.g., tax records, transaction history)
  • Our legitimate business interests (e.g., fraud prevention, dispute resolution)
  • Your consent and account activity

When you request deletion of your account or personal information:

  • We will delete your personal information from active systems within 30 days
  • Data in backup systems will be deleted during our next backup cycle (typically within 90 days)
  • We may retain certain information as required by law (e.g., financial transaction records for 7 years)
  • Anonymized or aggregated data that cannot identify you may be retained for analytics purposes

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

For transfers of personal information from the EEA or UK to countries outside the EEA/UK, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

By using our services, you consent to the transfer of your information to these countries.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Types of cookies we use:

  • Essential cookies: Required for the website to function properly
  • Analytics cookies: Help us understand how visitors interact with our website
  • Functional cookies: Remember your preferences and settings
  • Marketing cookies: Used to deliver relevant advertisements (with your consent where required)

You can manage your cookie preferences through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect the functionality of our website.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children's Privacy

Our services are not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@taplo.com, and we will take steps to delete such information.

13. Data Protection Officer (GDPR)

If you are located in the EEA or UK and have questions or concerns about our data processing practices, you can contact our Data Protection Officer at dpo@taplo.com.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Do Not Sell My Personal Information: We do not sell your personal information. If this changes in the future, we will update this policy and provide you with the ability to opt-out.
  • Shine the Light Law: California residents can request information about how we share certain categories of personal information with third parties for their direct marketing purposes.

To exercise your California privacy rights, please contact us at privacy@taplo.com with "California Privacy Rights" in the subject line.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for significant changes)
  • Displaying a notice on our website

Your continued use of our services after such modifications constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries: contact@taplo.com

Privacy Requests: privacy@taplo.com

Data Protection Officer (EEA/UK): dpo@taplo.com

We will respond to your inquiry within 30 days. For data subject requests, we may need to verify your identity before processing your request.