Privacy Policy
Last updated: July 2, 2026
Proofel (“we”, “us”) is a review and approval platform for email campaigns, operated by MangoRocket Apps. This policy explains what we collect, why we collect it, and the choices you have. The short version: we collect what the product needs to work, we don’t sell your data, and the email designs you upload stay yours.
Information we collect
Account information. When you create an account we collect your email address, name, and password (stored as a salted hash — we never see it). If you subscribe to a paid plan, our payment provider collects billing details; we store only your subscription status, plan, and card brand/last-four for display.
Content you upload. The core of Proofel is content you choose to put in it: email designs (HTML, images, and metadata such as subject lines and sender names), versions, comments, annotations, approval decisions, tags, and labels. Emails forwarded to your canvas address are parsed and stored the same way; images inside them are cached to our storage so your previews keep working.
Guest reviewer information. Reviewers who open a share or review link without an account provide a display name so feedback is attributable. We associate that name (and, for approval links, the email address the link was issued to) with the comments and decisions they make.
Usage information. We keep standard operational logs (IP address, browser type, timestamps) and product events (e.g. share-link view counts) needed to run, secure, and debug the service.
How we use it
- To provide the service: rendering your emails, syncing comments in real time, routing approvals, sending the notifications you configure.
- To operate the business: billing, support, abuse prevention, and service emails about your account.
- To improve the product: aggregate, de-identified usage patterns. We do not train machine-learning models on your email content.
- We do not sell personal information, and we do not share your content except with the subprocessors below, as needed to run the service.
Subprocessors
We use a small set of infrastructure providers to run Proofel:
- Supabase — database, authentication, file storage, and realtime infrastructure (hosts your account data and content).
- Netlify — web hosting and content delivery for the application, plus processing of contact-form submissions.
- Stripe — payment processing and subscription billing. Your card details go to Stripe directly and never touch our servers.
- Resend — outbound email delivery (notifications, digests, approval requests).
- Mailgun — inbound email ingestion for your canvas addresses (receives emails you forward to Proofel).
- Browserless — headless-browser screenshots of link destinations for the Link Visualizer, when you run it.
Cookies & tracking
Proofel uses first-party storage (cookies and browser localStorage) for essential purposes only: keeping you signed in, remembering preferences like your theme, and caching data so pages load fast. We don’t use tracking cookies for the product itself.
Advertising & analytics
We plan to use the following advertising and analytics services on our marketing website (not inside the app): Google Analytics and Microsoft Clarity for understanding how visitors use these pages, and Google Ads and Meta (Facebook/Instagram) Ads conversion measurement for our own advertising. Where required by law (for example for visitors in the EU/UK), these will only run after you consent via a cookie banner, and you can withdraw consent at any time. Until those tools are enabled, no third-party advertising or analytics scripts load on this site.
Data retention & deletion
Your content stays in your account until you delete it or delete the account. Deleting a canvas removes its versions, comments, annotations, and share links; deleting your account removes your content from production systems, with residual copies in encrypted backups expiring on our backup rotation schedule. To request account deletion, contact us at the address below.
Security
All traffic is encrypted in transit (TLS) and data is encrypted at rest by our infrastructure providers. Access to content is enforced with row-level security in the database; share-link passwords are stored only as bcrypt hashes. If we learn of a breach affecting your data, we will notify you as required by law.
Your rights
Depending on where you live (including under GDPR and CCPA), you may have the right to access, correct, export, restrict the processing of, or delete your personal information, and to object to certain uses. Write to us and we’ll honor these requests for both account holders and guest reviewers. We don’t discriminate against you for exercising them.
Contact
Privacy questions or requests: sales@proofel.com. We’ll respond within 30 days.
This policy is a draft pending legal review; material changes will be announced on this page with an updated date above.