Privacy Policy

1. Introduction & Data Controller

Who We Are

Ploncker is an developer-first email automation platform. For the hosted service at ploncker.com, we act as:

• Data Controller: For your account data (email, password, billing)
• Data Processor: For your contact data (we process on your behalf)

Contact Information

Email: legal@ploncker.com
Response time: 7 business days (30 days for GDPR requests)

This Policy Covers

• Hosted service at ploncker.com (SaaS)
• Data processing practices for EU/EEA users
• Your rights under GDPR

This Policy Does NOT Cover

• Cloud hosted deployments (you are the data controller)
• Third-party services you integrate with Ploncker
• Websites linked from Ploncker

2. Data We Collect

2.1 Account Data (We are the Controller)

When you create an account, we collect:

• Email address (required for login and notifications)
• Password (securely hashed, never stored in plaintext)
• Authentication method (password, Google OAuth, GitHub OAuth)
• Account creation date and last login
• Email verification status

OAuth Users: If you sign up via Google/GitHub, we receive:

• Email address
• OAuth provider ID (no password stored)
• Auto-verified email status

We DO NOT collect:

• Name (optional, not required)
• Phone number
• Physical address
• Payment card details (handled by Stripe)

2.2 Contact Data (You are the Controller, we are the Processor)

When you add contacts to your projects, you provide:

• Contact email addresses
• Custom fields (stored as JSON: name, company, preferences, etc.)
• Subscription status (subscribed/unsubscribed)
• Contact creation and update timestamps
• Locale/language preferences

System Fields (Reserved):

• ploncker_id (unique identifier)
• ploncker_email (email address)
• unsubscribeUrl (auto-generated)

2.3 Email Activity Data

For emails sent through Ploncker, we track:

• Email subject and rendered HTML body
• Sender and recipient addresses
• Send timestamp and delivery status
• Email delivery message ID (for tracking)
• Delivery events: sent, delivered, opened, clicked, bounced, complained
• Open count and click count (aggregated)
• Bounce and complaint timestamps

Tracking depends on your project settings:

• Enabled: Track all emails
• Disabled: No tracking
• Marketing Only: Track campaigns/workflows, not transactional

2.4 API Request Logs (30-Day Retention)

For security and debugging, we log:

• HTTP method, path, status code
• Request duration and timestamp
• IP address and user-agent
• Project ID and user ID (if authenticated)
• Error codes and messages
• Request/response size

Retention: Automatically deleted after 30 days

2.5 Usage Analytics (Internal Only)

We collect aggregated, non-personal analytics:

• Number of emails sent per project
• Campaign and workflow performance metrics
• Feature usage statistics (anonymized)
• Error rates and performance metrics

2.6 Cookies & Local Storage

Authentication Cookie (next_token):

• Purpose: Store JWT token for dashboard login
• Duration: 7 days
• Type: First-party, httpOnly, secure (HTTPS only)
• Scope: *.ploncker.com
• Can be deleted: Yes (logout clears cookie)

No Tracking Cookies:

• No third-party cookies
• No analytics cookies
• No advertising cookies

Browser Local Storage:

• UI preferences (theme, collapsed sidebar, etc.)
• Stored client-side only, never sent to server

3. How We Use Your Data

3.1 Service Delivery

We use your data to:

• Authenticate you and maintain your session (JWT tokens)
• Send emails on your behalf via AWS SES
• Store and manage your contact lists
• Process campaigns and workflow automation
• Track email performance (if enabled)
• Display analytics and reports

3.2 Billing & Payments

For paid usage:

• Calculate usage-based charges (emails sent)
• Process payments via Stripe
• Send invoices and receipts
• Detect fraudulent activity

3.3 Security & Compliance

We monitor:

• Bounce and complaint rates (sender reputation)
• API abuse and rate limit violations
• Suspicious login attempts
• Spam or policy violations

Actions we may take:

• Suspend projects with excessive bounces/complaints
• Block malicious IP addresses
• Require email verification for suspicious signups

3.4 Communication

We may contact you for:

• Service announcements (downtime, maintenance)
• Security alerts (unusual activity, data breaches)
• Policy changes (Terms, Privacy Policy)
• Billing issues (payment failures, quota warnings)
• Compliance notifications (project suspended)

We DO NOT send:

• Marketing emails (unless you explicitly opt in)
• Product updates (unless you subscribe)
• Third-party promotions

3.5 Legal Obligations

We may use or disclose data to:

• Comply with subpoenas or court orders
• Enforce our Terms of Service
• Protect rights and safety of users
• Prevent fraud or illegal activity

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

4.1 Contract Performance (GDPR Art. 6(1)(b))

• Account creation and authentication
• Email sending and delivery
• Billing and payment processing
• Service support and maintenance

You cannot use Ploncker without this processing.

4.2 Legitimate Interests (GDPR Art. 6(1)(f))

• Security monitoring and fraud prevention
• Service improvements and bug fixes
• Usage analytics (anonymized)
• Sender reputation monitoring (bounce/complaint rates)

You can object to this processing (email legal@ploncker.com).

4.3 Legal Obligation (GDPR Art. 6(1)(c))

• Compliance with anti-spam laws
• Response to legal requests (subpoenas)
• Tax and financial reporting
• Data breach notifications

4.4 Consent (GDPR Art. 6(1)(a))

• Marketing emails from Ploncker (if you opt in)
• Optional features requiring consent

You can withdraw consent at any time.

5. Data Storage & Security

5.1 Data Location

All data is stored in the European Union / European Economic Area:

• Primary infrastructure: Hetzner (Germany-based hosting)
• Database: PostgreSQL with encrypted connections (TLS)
• Redis cache: In-memory, ephemeral data only
• Backups: EU/EEA locations

No data stored in: USA, China, or non-EU countries (except AWS SES for email transit)

5.2 Security Measures

Technical safeguards:

• Password hashing: Industry-standard secure hashing
• Cookies: httpOnly, secure, SameSite=none (HTTPS)
• Database: TLS/SSL encrypted connections
• API: HTTPS-only (TLS 1.2+)
• JWT tokens: 7-day expiration, httpOnly cookies
• Rate limiting: Protection against brute force attacks

Organizational safeguards:

• Access control: Limited personnel access to production data
• Logging: 30-day API request logs for security audits
• Monitoring: Automated alerts for suspicious activity
• Developer-first: Code is auditable (ploncker.com)

5.3 Data Breach Notification

In case of a data breach:

• We will notify affected users within 72 hours (GDPR requirement)
• Notification sent to registered email address
• Disclosure of affected data categories
• Recommended actions to protect yourself

6. Data Sharing & Sub-Processors

We share data only with trusted sub-processors necessary for service delivery:

6.1 Amazon Web Services (AWS SES)

• Purpose: Email delivery (SMTP relay)
• Data shared: Sender/recipient emails, subject, body, attachments
• Location: Data in transit only (not stored by delivery provider)
• Protection: AWS DPA (Data Processing Agreement) and Standard Contractual Clauses
• Learn more: aws.amazon.com/ses/

6.2 Stripe

• Purpose: Payment processing
• Data shared: Billing email, usage amounts, transaction history
• Location: Global (PCI-DSS Level 1 certified)
• Protection: Stripe DPA and PCI compliance
• Learn more: stripe.com/privacy

6.3 Hetzner

• Purpose: Infrastructure hosting (servers, database, storage)
• Data shared: All application data
• Location: EU/EEA (Germany data centers)
• Protection: GDPR-compliant, EU-based provider
• Learn more: hetzner.com/legal/privacy-policy

NO OTHER THIRD PARTIES

• No analytics providers (Google Analytics, Mixpanel, etc.)
• No advertising networks
• No data brokers or marketers
• No social media tracking pixels

6.4 Legal Disclosures

We may disclose data if required by:

• Court orders or subpoenas
• Law enforcement requests (with valid legal process)
• National security demands (with applicable legal protections)
• Emergency situations (immediate harm prevention)

We will notify you unless legally prohibited.

7. Data Retention

7.1 Account Data

• Retained: Until you delete your account
• Deletion: Immediate and permanent (no grace period)
• Backups: Removed from backups within 30 days

7.2 Contact Data

• Retained: Until you delete contacts or your account
• Your control: Delete individual contacts or bulk delete
• No automatic deletion: We never delete your contacts

7.3 Email Activity Data

• Retained: Indefinitely (for analytics and deliverability tracking)
• Includes: Open rates, click rates, bounce history
• Purpose: Workflow triggers, campaign performance, sender reputation

7.4 API Request Logs

• Retained: 30 days (automatic deletion)
• Purpose: Security audits and debugging
• Deletion: Daily cleanup job removes logs older than 30 days

7.5 Deleted Account Data

• Account deletion is immediate
• No recovery period or "soft delete"
• All associated data deleted: contacts, campaigns, workflows, email history, API keys, projects
• Billing records retained for legal compliance (varies by jurisdiction)

7.6 Legal Retention

• Financial records: Retained for tax compliance
• Subpoena responses: Retained as legally required

8. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

8.1 Right to Access (Art. 15)

• Request a copy of all personal data we hold about you
• Receive data in machine-readable format (JSON)
• How to exercise: Email legal@ploncker.com or use API to access your data

8.2 Right to Rectification (Art. 16)

• Correct inaccurate or incomplete data
• How to exercise: Update account settings in dashboard or contact legal@ploncker.com

8.3 Right to Erasure ("Right to be Forgotten") (Art. 17)

• Delete your account and all associated data
• Immediate and permanent deletion (no grace period)
• How to exercise: Dashboard > Settings > Delete Account, or email legal@ploncker.com

8.4 Right to Data Portability (Art. 20)

• Export your data in JSON format
• Transfer data to another service
• How to exercise: Use API endpoints to access your data, or request via legal@ploncker.com

8.5 Right to Object (Art. 21)

• Object to processing based on legitimate interests
• Object to marketing emails
• How to exercise: Email legal@ploncker.com

8.6 Right to Restrict Processing (Art. 18)

• Temporarily limit how we process your data
• How to exercise: Email legal@ploncker.com

8.7 Right to Lodge a Complaint

• File a complaint with your data protection authority
• EU/EEA supervisory authorities: edpb.europa.eu

9. Email Tracking

9.1 Tracking Modes

Ploncker offers three tracking modes (configurable per project):

9.2 How Tracking Works

Open Tracking:

• Transparent 1x1 pixel image embedded in email HTML
• Loaded when recipient opens email (if images enabled)
• Records: First open timestamp, total open count
• Limitation: May not work if images are blocked

Click Tracking:

• Links rewritten to pass through Ploncker redirect server
• Records: First click timestamp, total click count, link URL
• Then immediately redirects to original destination

Data Collected:

• Timestamp of event
• Contact ID and email ID
• No tracking of IP address or user-agent from recipients

9.3 Recipient Privacy

Recipients can avoid tracking by:

• Disabling images in their email client (blocks open tracking)
• Using email clients that block tracking pixels (Apple Mail Privacy Protection)
• Not clicking links (avoids click tracking)

Important: You should disclose tracking in your privacy policy to your contacts.

10. Cookies & Local Storage

10.1 Cookies

We use only ONE cookie:

NO TRACKING COOKIES

• No Google Analytics cookies
• No Facebook Pixel cookies
• No advertising or marketing cookies
• No third-party cookies

10.2 Browser Local Storage

We store non-sensitive UI preferences locally:

• Theme preference (light/dark mode)
• Sidebar collapsed/expanded state
• Table column visibility
• Dashboard layout preferences

This data:

• Never leaves your browser
• Not sent to our servers
• Deleted when you clear browser data
• Not used for tracking

10.3 Cookie Consent

Since we only use essential authentication cookies (not tracking), EU cookie consent is not required under ePrivacy Directive.

If you disagree, you cannot use Ploncker (authentication requires cookies).

11. International Data Transfers

11.1 Primary Storage (EU/EEA)

All primary data storage is in the EU/EEA:

• Hetzner data centers (Germany)
• PostgreSQL database (EU/EEA)
• Redis cache (EU/EEA)

11.2 Email Transit (AWS SES - USA)

Email delivery via AWS SES requires temporary data transfer to USA:

• Email delivery may transit through non-EU regions
• Data in transit only (not stored long-term outside EU/EEA)
• Protected by Data Processing Agreements (DPA) and Standard Contractual Clauses (SCCs)

11.3 Payment Processing (Stripe - Global)

Stripe processes payments globally with adequate protection:

• PCI-DSS Level 1 certified
• Stripe DPA and GDPR compliance
• EU representative: Stripe Payments Europe, Ltd. (Ireland)

Learn more: stripe.com/privacy-center/legal

11.4 Adequacy Decisions

Where possible, we rely on EU adequacy decisions for data transfers. For USA transfers, we use Standard Contractual Clauses (SCCs) as approved by the European Commission.

12. Children's Privacy

Age Restriction

• Ploncker is not intended for children under 16 years old
• We do not knowingly collect data from children under 16
• Account registration requires attestation of age 16+

If We Discover

• That a user is under 16, we will immediately delete the account
• No refunds for deleted underage accounts

Parental Rights

• If you believe your child has created an account, contact legal@ploncker.com
• We will promptly investigate and delete the account

GDPR Age of Consent

16 years (per Art. 8 GDPR). Member states may lower to 13, but we use 16 as the standard.

13. Cloud Deployments

If you use our cloud Ploncker:

You are the Data Controller

• You determine how data is collected, used, and stored
• You are responsible for GDPR compliance
• You must create your own Privacy Policy for your users

Your Responsibilities

• Obtain consent from your contacts
• Honor GDPR data subject rights (access, deletion, etc.)
• Implement security measures
• Notify users of data breaches
• Appoint a DPO if required

Ploncker's Role

• We provide developer-first software under Proprietary License
• No data is sent to Ploncker (unless you configure external services)
• No support for GDPR compliance (community support only)

Recommended

• Review GDPR requirements for your jurisdiction
• Consult legal counsel for compliance
• Implement data protection by design

14. Changes to Privacy Policy

We may update this Privacy Policy to reflect:

• Changes in data processing practices
• New features or services
• Legal or regulatory requirements
• Clarifications or corrections

Notification

• Material changes: 30-day email notice to all users
• Non-material changes: Updated "Last Updated" date only
• Major changes: Homepage banner notification

Your Options

• Continued use = acceptance of updated policy
• If you disagree, you must delete your account before changes take effect
• Request access to your data before deletion (GDPR right to portability)

Version History

Previous versions available upon request (email legal@ploncker.com)

15. Contact Information

Questions about this Privacy Policy or your data?

Data Protection Officer (DPO)

Not required for personal projects under GDPR Art. 37. If appointed in the future, contact information will be listed here.

EU Representative

Not required (Ploncker is EU-based)

Supervisory Authority

You have the right to lodge a complaint with your data protection authority. Find your authority: edpb.europa.eu

Technical Support

• Ploncker Community: https://ploncker.com/discord
• Discord: ploncker.com/discord