Mailly.io Privacy Policy

Privacy Policy

Effective Date: 28.01
Operated by UnderBoss Media LLC, Casper, Wyoming, United States.

1. Introduction

This Privacy Policy describes how Mailly.io ("Mailly", "we", "us", "our") collects, uses, processes, transfers, stores, and protects personal data when individuals access or use our website, platform, APIs, and related services ("Service").

2. Data Controller

UnderBoss Media LLC
Casper, Wyoming, United States
Website: https://mailly.io
Email: privacy@mailly.io

3. Categories of Data Subjects

  • Clients: Users and customers of Mailly.
  • Prospects: Business contacts uploaded or processed by Clients.
  • Website Visitors: Individuals browsing mailly.io.

4. Categories of Personal Data

Client Data

  • Name, email address, phone number
  • Company details and job title
  • Billing information (processed via Stripe or equivalent)
  • Usage data, logs, device identifiers, IP address
  • Support communications

Prospect Data (Customer-Provided Data)

  • Name, professional email
  • Company name, employment history
  • Job titles
  • Email engagement metadata (opens, replies, bounces)

Mailly acts as a Data Processor for Prospect data. Clients are responsible for ensuring lawful collection and processing.

5. Purpose of Processing

  • To provide AI-powered outreach and contextual email generation
  • To perform ICP evaluation and campaign optimization
  • To secure and improve the platform
  • To comply with legal obligations
  • To prevent fraud, abuse, or unauthorized activity

6. Legal Basis (GDPR)

  • Contractual necessity
  • Legitimate interest (B2B marketing enablement, security, analytics)
  • Consent (where required)
  • Legal obligation

7. AI & Automated Processing Transparency

Mailly uses AI systems to generate contextual messaging. AI outputs are generated based on Client inputs. No legally binding decisions are made solely by automated means. Clients remain responsible for final usage of generated content.

8. Subprocessors

We may engage subprocessors including but not limited to:

  • Amazon Web Services (hosting infrastructure)
  • Stripe (payment processing)
  • Webflow (website hosting)
  • Google Analytics
  • Microsoft Clarity

A current subprocessor list may be requested at privacy@mailly.io. We require subprocessors to implement appropriate safeguards.

9. International Data Transfers

Data may be transferred to and processed in the United States and other jurisdictions. Where required, Standard Contractual Clauses (SCCs) or equivalent safeguards are applied.

10. Data Retention

  • Client data retained during active subscription and as required by law.
  • Prospect data retained as instructed by Clients.
  • Security logs retained for limited operational duration.

11. Security Measures

We implement administrative, technical, and organizational safeguards, including encryption in transit, access controls, monitoring systems, audit logging, and secure hosting environments.

12. Data Breach Notification

In the event of a confirmed data breach affecting personal data, we will notify affected Clients without undue delay and cooperate in compliance with applicable data protection laws.

13. Your Rights (GDPR, UK GDPR)

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

14. CCPA / CPRA (California)

California residents may request disclosure, deletion, or correction of personal information. Mailly does not sell or share personal information for cross-context behavioral advertising. Requests may be submitted to privacy@mailly.io.

15. PIPEDA (Canada)

For Canadian residents, we comply with applicable federal privacy laws. You may request access or correction of your data at any time.

16. EU & UK Representative

If required under GDPR or UK GDPR, Mailly may appoint a representative within the EU or UK. Details will be provided upon request.

17. Arbitration & Governing Law

This Privacy Policy shall be governed by the laws of the State of Wyoming, United States. Any disputes arising shall be resolved through binding arbitration unless otherwise required by mandatory law.

18. Do Not Sell / Share

Mailly does not sell personal data. Requests to restrict processing or object to data use may be sent to privacy@mailly.io.

19. Legal Disclosure

We may disclose personal data if required by law, court order, or governmental authority.

20. Changes to this Policy

We may update this Privacy Policy from time to time. The revised version will be posted with updated effective date.

21. Definitions

Personal Data: Information identifying a natural person.
Usage Data: Automatically collected technical data.
Controller: Entity determining purposes of processing.
Processor: Entity processing data on behalf of Controller.

22. Contact

UnderBoss Media LLC
Casper, Wyoming, USA
privacy@mailly.io