Privacy Policy

Last updated: April 7, 2026

1. Introduction

Joltibase (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered marketing automation platform (“the Service”).

By using the Service, you consent to the practices described in this policy.

2. Information We Collect

Account information. When you create an account, we collect your email address and display name. If you subscribe to a paid plan, payment information is collected and processed by Paddle (our merchant of record) — we do not store your credit card details.

Email content. We store the email campaigns you create, including text, images, and design elements. This content is stored securely in our database to enable editing, sending, and analytics.

Contact lists. If you upload or manage contact lists, we store the contact data you provide (e.g., email addresses, names, tags). You are the data controller for your contact data — you are responsible for having proper consent to email those contacts.

Usage data. We collect information about how you use the Service, including pages visited, features used, AI generations requested, and emails sent. This helps us improve the product.

Email analytics. When you send emails through the Service, we track delivery status, opens, clicks, and bounces to provide campaign analytics. This is handled by our email delivery provider, Resend.

Device and browser data. We automatically collect standard technical information such as your IP address, browser type, and operating system for security and service improvement purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your email campaigns and deliver them to your contacts
  • Generate AI-powered email content based on your prompts
  • Provide campaign analytics and reporting
  • Process payments and manage subscriptions (via Paddle)
  • Send you service-related communications (e.g., account verification, billing notifications)
  • Detect and prevent fraud, abuse, or security issues
  • Comply with legal obligations

4. Third-Party Services

We share your data with the following third-party services, each of which has their own privacy policies:

Anthropic (AI provider)

Email content prompts and context are sent to Anthropic’s API to generate AI-powered email designs. Anthropic does not use this data to train their models. See Anthropic’s Privacy Policy.

Resend (email delivery)

Email content and recipient addresses are shared with Resend to deliver your campaigns. See Resend’s Privacy Policy.

Supabase (database and authentication)

Account data, email content, and contact lists are stored in Supabase’s hosted PostgreSQL database. See Supabase’s Privacy Policy.

Paddle (payments)

If you subscribe to a paid plan, Paddle processes your payment information as our merchant of record. We do not have access to your full payment details. See Paddle’s Privacy Policy.

Sentry (error monitoring)

We use Sentry to capture application errors and a small sample of session replays so we can debug crashes. Captured payloads can include your email address, IP address, and the URL you were on when an error occurred. See Sentry’s Privacy Policy.

5. Data Retention & Account Deletion

We retain your account data and email content for as long as your account is active. You can permanently delete your account and all associated data at any time from your account settings. Once initiated, deletion is processed within 30 days, except where we are required to retain specific records for legal or compliance purposes (e.g. financial records related to past payments).

Email analytics data (open rates, click rates) is retained in aggregate, anonymized form and may be kept after account deletion for service improvement purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted storage, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Portability — request your data in a structured, machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking cookies or advertising cookies.

9. Children’s Privacy

The Service is not intended for children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

10. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States (where our service providers operate). We ensure appropriate safeguards are in place for international transfers in compliance with GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The “Last updated” date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at:

[email protected]

See also: Terms of Service · Refund Policy