How we handle your data and your customers' data.

For account, billing, support, website, and product usage data, MeSquared generally acts as a controller. For contact lists and campaign recipient data you upload or generate in your workspace, MeSquared generally acts as a service provider or processor acting on your instructions.

• Account data, including name, email, business name, website, login details, and workspace membership.
• Billing data handled through Stripe, such as customer ID, subscription status, invoices, and plan metadata.
• Brand and campaign data, including sender identity, physical mailing address, website content, images, goals, drafts, approvals, and reports.
• Contact data you import, including email, names, phone numbers, addresses, source, consent status, group membership, suppressions, bounces, complaints, and unsubscribes.
• Usage, security, and diagnostic data, including logs, device/browser data, IP address, cookies, events, and error reports.
• Support and communications data when you email us or interact with support.

• Provide, secure, maintain, troubleshoot, and improve the service.
• Create workspaces, manage memberships, process billing, and enforce plan limits.
• Import contacts, maintain suppressions, render campaigns, send approved campaigns, and report performance.
• Generate draft campaign sections, recommendations, subject lines, previews, and summaries.
• Detect abuse, investigate complaints, enforce acceptable use rules, and protect sender reputation.
• Comply with law, tax, accounting, security, and contractual obligations.

AI providers may process business profile information, website excerpts, campaign goals, selected brand assets, audience descriptions, and approved instructions to generate draft campaign content. We do not intentionally send full contact lists to AI providers for campaign drafting. Do not submit sensitive personal data, protected health information, financial account data, government identifiers, or confidential third-party information into campaign prompts unless a separate written agreement allows it.

Mailgun/Sinch Email is used to send campaigns and process delivery events, bounces, complaints, unsubscribes, opens, and clicks. Mailgun built-in tracking may be used in v1. Public tracking and unsubscribe values are random opaque tokens. We do not place raw emails, names, or decodable personal information in Mailgun custom variables, public tracking links, or unsubscribe URLs.

We use service providers that support the product, including:

• Supabase for database, authentication, storage, and row-level security.
• Vercel for hosting, build, deployment, and runtime infrastructure.
• Mailgun/Sinch Email for email delivery, events, suppressions, and tracking.
• Inngest for background jobs and workflow execution.
• Stripe for subscriptions, checkout, billing portal, invoices, and payment processing.
• OpenAI and Anthropic for AI generation where configured through our provider layer.
• Sentry for error monitoring and diagnostics.
• DNS providers such as Vercel or Cloudflare when you authorize sending-domain setup.

We do not sell contact lists or customer contact data.

Depending on the context, we process personal information to perform a contract, operate and secure the service, comply with legal obligations, pursue legitimate business interests, or based on consent. You are responsible for establishing the lawful basis for marketing emails sent to your contacts and for honoring privacy, unsubscribe, and consent obligations that apply to your business.

We keep account, billing, campaign, and contact data while your workspace is active and as needed for legal, tax, security, backup, dispute, and abuse-prevention purposes. Suppression, unsubscribe, bounce, and complaint records may be retained after deletion requests where needed to avoid sending future unwanted email and to comply with anti-spam obligations.

We use technical and organizational safeguards including authentication, row-level security, access controls, HTTPS, provider security controls, logging, and environment-secret separation. No internet service is perfectly secure. You are responsible for using strong passwords, limiting workspace access, securing exported data, and protecting your own systems.

You may request access, correction, deletion, export, or other privacy assistance by emailing privacy@mesquared.ai. Contacts who receive email from one of our customers should use the unsubscribe link in the message or contact the sender directly. We may need to verify identity and authority before acting on a request.

We and our providers may process information in the United States and other countries. Where required, we rely on appropriate transfer mechanisms, provider agreements, and safeguards for cross-border processing.

MeSquared Marketing is a business service and is not directed to children under 13. We do not knowingly collect personal information from children under 13.