Legal

Privacy Policy

Last updated: March 8, 2026

1. Introduction

Molted Email ("we", "us", "our") operates the molted.email platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a salted hash). We also generate a tenant identifier and API credentials for your account.

Email Data

When you send email through our API, we process sender addresses, recipient addresses, subject lines, and message content. We retain metadata (sender, recipient, timestamps, delivery status) for analytics and debugging. Message body content is not stored after successful delivery unless you enable the storage feature.

Usage Data

We collect API request logs, delivery events (sent, delivered, bounced, complained), and aggregate usage metrics for rate limiting and billing.

Cookies

We use session cookies for authentication in the portal dashboard. We use Plausible Analytics for privacy-friendly, cookie-free website analytics.

3. How We Use Your Information

• To provide and maintain the email delivery service
• To authenticate your identity and authorize API access
• To enforce sending policies and rate limits
• To monitor deliverability and prevent abuse
• To process billing and manage your subscription
• To communicate service updates and respond to support requests

4. AI Processing

If you enable the email humanization feature, message content is sent to third-party AI providers (Anthropic, OpenAI) for processing. This content is not used to train AI models. You can opt out of AI processing at any time by disabling humanization on your mailbox.

5. Data Sharing

We share data only with service providers necessary to operate the platform:

• Email delivery providers (Resend, Postmark, Amazon SES) - to deliver your messages
• Infrastructure providers - to host and run the service
• Payment processors - to handle billing

We do not sell your data. We do not share data with advertisers.

6. Data Retention

Account data is retained while your account is active. Email metadata is retained for 90 days. You can request deletion of your account and all associated data by contacting us.

7. Security

We use encryption in transit (TLS), hashed passwords, and tenant-isolated data access. API keys are hashed at rest. See our Security Knowledge Base for more on how we handle AI-specific threats.

8. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. Contact us at hello@molted.email.

9. Changes

We may update this policy from time to time. We will notify you of material changes via email or a notice on the service.

10. Contact

Questions about this policy? Email us at hello@molted.email.