← Back to MailPulse

Privacy Policy

Last updated: March 4, 2026

MailPulse is an email tracking service for Gmail. This policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account Information

  • Email address and name (from Supabase authentication)
  • Profile avatar (if provided by auth provider)
  • Billing information processed securely through Stripe (we do not store payment card details)

Email Tracking Data

  • Recipient email address and subject line of tracked emails
  • Tracking event metadata: open timestamps, link click timestamps, and PDF view timestamps
  • Links included in tracked emails

Recipient Interaction Data

  • IP address of the device that triggered a tracking event
  • User-agent string (browser and device information)
  • Whether the event was triggered by an automated bot or a human

What We Do NOT Collect

  • Email body content — only the subject line and recipient address are transmitted to our servers
  • Contacts, calendar data, or any Gmail data beyond the compose window
  • Browsing history, cookies, or data from other websites

2. How We Use Your Data

  • Provide real-time email open, link click, and PDF view notifications
  • Display tracking analytics on your dashboard
  • Detect and filter bot activity to ensure accurate reporting
  • Enforce plan limits (e.g., monthly email quotas)
  • Process subscription payments through Stripe
  • Improve and maintain the service

3. Chrome Extension Permissions

The MailPulse Chrome extension requests the following permissions:

  • activeTab — to inject the tracking toggle into Gmail compose windows
  • storage — to store your authentication token locally in the browser
  • notifications — to alert you when a tracked email is opened
  • Host access to mail.google.com — to integrate with Gmail's compose interface

The extension only activates on mail.google.com. It does not run on any other website or access any data outside of Gmail compose windows.

4. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

  • Supabase — database hosting and authentication (your data is stored in their infrastructure)
  • Stripe — payment processing for Pro subscriptions
  • Vercel — application hosting

These providers act as data processors and are bound by their own privacy policies and data protection agreements.

5. Data Retention

  • Account and tracking data is retained as long as your account is active
  • Deleting your account removes all associated tracked emails, events, and links
  • Waitlist entries (email only) are retained until you request removal

6. Data Security

  • All data is transmitted over HTTPS/TLS encryption
  • Row-level security ensures users can only access their own data
  • Authentication tokens are stored locally in the browser extension and are never exposed to third parties
  • Webhook signatures are verified for all Stripe communications

7. Email Recipients

When a MailPulse user tracks an email, the recipient's interaction data (IP address, user-agent, timestamps) is collected when they open the email or click a link. Recipients are not separately notified of tracking. This is consistent with standard email tracking practices used across the industry.

8. Your Rights

  • Access your data at any time through the MailPulse dashboard
  • Request deletion of your account and all associated data by contacting us
  • Export your tracking data from the dashboard

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of MailPulse after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or data deletion requests, contact us at support@thelevelteam.com.