Legal

AuthorMailingLists.com — Privacy Policy

What we collect, how we use it, and what we never do.

Last updated: 3 May 2026.

1. Who this policy applies to

This policy describes how AuthorMailingLists.com ("we", "the Service") handles two categories of data:

Author data — information about you, the user with an AuthorMailingLists account.
Subscriber data — information about the people who sign up for your mailing lists through the Service. You are the data controller for those subscribers; we are your data processor.

This policy describes our practices in both roles. The Archieboy Master Terms and Privacy Policy apply additionally.

2. What we collect about authors (you)

Account info: name, email address, password (stored as a salted one-way hash), and Stripe customer ID for paid plans.
Manuscripts and book metadata you upload, processed only to generate AI drafts and stored in your account database. Original uploads are not retained beyond the extraction step; the structured-themes JSON we derive is.
Email content you compose and send.
Operational data: sign-in timestamps, IP addresses (last 30 days), user-agent strings (last 30 days), and acquisition-source UTM parameters.
Payment data is handled entirely by Stripe; we never see your full card number. We store only the last 4 digits and expiry month for display purposes.

3. What we collect about your subscribers

Email address (required) and first name (optional).
Subscription status (pending, confirmed, unsubscribed, bounced, complained).
Confirmation token (one-time, deleted on confirm).
Source of signup (widget, import, manual).
IP address and user-agent at signup (truncated, retained 30 days for spam/abuse defence).
Engagement data: opens and clicks on your campaigns, last engagement timestamp, and per-campaign delivery status. Open- and click-tracking is enabled by default; you can ask us to disable it for your account.

We do not collect or process any subscriber data for our own commercial use. Your subscribers are your audience, not ours.

4. How we use the data

To operate the Service: deliver emails you compose, manage your account and billing, generate AI drafts when you request them, and surface analytics in your dashboard.
To enforce the Acceptable Use Policy in our Terms — for example, monitoring per-account bounce and complaint rates to suspend accounts that hurt deliverability for everyone.
To send you transactional emails about your account (welcome, password reset, suspension alerts, billing receipts) and a small number of onboarding emails. You can opt out of the onboarding sequence at any time.
To comply with legal obligations and respond to lawful requests.

We do not use your manuscripts, subscriber lists, or email content to train any AI model — ours or anyone else's — and we do not sell, rent, or license your data to anyone.

5. Third parties we share data with

We use the following sub-processors. Each receives only the data needed for its function:

Amazon Web Services (SES + S3 + EC2) — to send your campaigns and host the Service. Subscriber email addresses and the body of your campaigns are passed to SES at send time. SES does not retain the message body after delivery.
Stripe — to bill paid plans. Stripe receives your name, email, and payment-card data (which we never see).
OpenRouter / Anthropic Claude — to generate AI drafts when you upload a book. The relevant manuscript text excerpt is sent to OpenRouter (which proxies to Anthropic). Per the contractual terms with Anthropic via OpenRouter, the input is not retained or used to train models.
OpenAI — used only for marketing-asset generation (logo, hero imagery), no subscriber data sent.
Cloudflare Turnstile — anti-bot challenge on signup forms. Receives a one-time token plus client metadata.
Google Analytics 4 — usage analytics for the marketing pages (not the dashboard). Standard GA4 cookies; obeys Do Not Track.

6. Cookies

We set the following cookies:

Session cookie (name session) — keeps you logged in. Required.
Google Analytics cookies (_ga*) — anonymous usage measurement. You can block these in your browser without affecting Service functionality.
Cloudflare Turnstile cookie — short-lived, set during the signup challenge.

We do not set cross-site advertising cookies or sell first-party data to ad networks.

7. Data retention

Active account data — kept while your account is open.
After account deletion — your manuscripts, subscriber lists, and campaign content are deleted within 30 days. Suppression list entries (unsubscribed / bounced / complained addresses) are retained indefinitely to comply with anti-spam law.
Operational logs — IP and user-agent data retained 30 days. Send/bounce/complaint events retained 24 months for reputation auditing.
Billing records — retained 7 years for tax and accounting purposes.

8. Your rights (and your subscribers' rights)

If you are in the EU, UK, California, or another jurisdiction with data-protection law, you have the right to access, correct, delete, or export your personal data, and to object to or restrict processing. You also have the right to file a complaint with your data-protection authority. To exercise these rights, email hello@authormailinglists.com; we'll respond within 30 days.

Your subscribers exercise their rights through you (the data controller) in the first instance — including, at minimum, the right to unsubscribe via the link in every email and the right to be added to our cross-site suppression list.

9. Children

The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we'll delete it.

10. Changes to this policy

If we change this policy in a way that materially affects how we handle your data, we will notify you by email at the address on file at least 14 days before the change takes effect.

11. Contact

Questions, requests, or complaints: hello@authormailinglists.com.
Operator: Archieboy Holdings, LLC. See the Archieboy Master Privacy Policy for additional details.