MailZoo
Sign inStart free

Privacy Policy

Last updated: May 4, 2026

1. Who we are

MailZoo ("we", "us", "our") is an AI-powered lead qualification and appointment-setting platform operated by MailZoo, based in the United States. When you use MailZoo, we collect and process data in order to provide you with the service. This policy explains what data we collect, how we use it, how long we keep it, and your rights.

2. Data we collect from you (the customer)

  • Account data — your name, email address, and password hash when you sign up.
  • Lead and contact data — names, email addresses, phone numbers, company names, and any other information you import via CSV or enter manually about your prospects.
  • Conversation data — messages sent and received through the platform on your behalf, across SMS, email, web chat, Facebook Messenger, and Instagram Direct Messages.
  • Usage data — pages visited, features used, and actions taken inside the app, used to improve the product.
  • Billing data — payment information is processed directly by Stripe and is not stored on our servers. We retain only billing receipts and subscription status.

3. Data we collect from connected platforms (Meta)

When you connect a Facebook Page or Instagram Business account to MailZoo, Meta provides us with the following data on your behalf:

  • Page identifiers — Facebook Page ID and Instagram Business Account ID.
  • Page metadata — Page name, profile picture, and category.
  • Page access tokens — short-lived tokens used to send and receive messages on the connected page. Tokens are stored encrypted at rest.
  • Inbound messages — the text content, timestamp, and sender ID (Page-Scoped ID or Instagram-Scoped ID) of any message sent to your connected page.
  • Sender profile — the public name and profile picture of the lead, when made available by Meta.

We use this data exclusively to: (a) receive inbound messages from leads via Meta's webhook, (b) generate AI replies based on your configured strategy and qualification flow, and (c) send those replies back to the lead through Meta's Graph API. We do not use Meta data to build profiles of users for advertising, and we do not share Meta data with any third party other than the AI processing provider listed in section 6.

We retain Meta data for as long as your MailZoo account is active. If you disconnect a Page from MailZoo, all access tokens for that Page are deleted immediately, and message history is deleted within 30 days. If you delete your MailZoo account, all Meta-derived data is deleted within 30 days. Users can also trigger deletion of their data at any time via our Data Deletion page.

4. How we use your data

  • To operate, maintain, and improve the MailZoo platform.
  • To send AI-generated messages on your behalf to your leads, according to your configured strategies.
  • To send transactional emails (billing receipts, account alerts).
  • To comply with legal obligations.

We do not sell your data or your leads' data to third parties. We do not use your lead data, conversation content, or Meta-platform data to train shared AI models.

5. Data storage, retention, and security

Your data is stored on Supabase (PostgreSQL) infrastructure hosted in the United States. We use industry-standard encryption in transit (TLS 1.2+) and at rest (AES-256). Access is strictly scoped — no other MailZoo customer can access your leads or conversations.

Account data and conversation history are retained for the lifetime of your account. Upon account deletion, all data is permanently removed within 30 days. Meta-platform access tokens are deleted immediately when a Page is disconnected.

6. Third-party services

We use the following third-party services to operate the platform:

  • Supabase — database and authentication
  • Vercel — hosting and edge compute
  • Stripe — payment processing
  • Anthropic — AI message generation (the content of your conversations is processed by Anthropic's Claude API to generate replies; Anthropic does not retain or train on this data per their commercial agreement)
  • Twilio — SMS delivery (only when you connect your own Twilio account)
  • Resend — transactional email delivery
  • Meta Platforms — Facebook Messenger and Instagram messaging APIs

Each provider has their own privacy policy governing how they handle data.

7. Your rights

You may request access to, correction of, or deletion of your personal data at any time. You can:

  • Delete your account from the Settings page, which removes your profile and all associated data within 30 days.
  • Disconnect a connected Facebook Page or Instagram account at any time from the Channels page; access tokens are deleted immediately.
  • Request deletion of your data via our Data Deletion page.
  • Email privacy@mailzoo.net for any other access, correction, or deletion request.

If you are an EU/UK resident, you have additional rights under GDPR including the right to object to processing, the right to data portability, and the right to lodge a complaint with your supervisory authority.

8. Children

MailZoo is not directed to anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.

9. Cookies

We use only functional cookies necessary to keep you logged in. We do not use advertising or cross-site tracking cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes via email or a notice within the app. Continued use of the service after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions about this policy or how your data is handled, email us at privacy@mailzoo.net.