Privacy Policy
Last updated: March 27, 2026
1. Introduction
mlr. ("we", "us", "our") is operated by Mohammed Azirar. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our email campaign management platform at app.getmlr.com (the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Data We Collect
2.1 Account Data
When you create an account, we collect:
- Email address
- First and last name
- Password (hashed, stored by Supabase Auth)
2.2 Payment Data
Payment information (credit card numbers, billing address) is collected and processed directly by Stripe. We store your Stripe customer ID and subscription status but never your full card details.
2.3 Recipient Data
You may upload recipient lists containing email addresses, names, opt-in URLs, opt-in timestamps, and opt-in IP addresses. This data is stored on your behalf as a data processor (see our Data Processing Agreement).
2.4 Server Credentials
SSH credentials for your MTA servers are encrypted at rest using Fernet symmetric encryption before storage.
2.5 Usage Data
We collect IP addresses and basic request metadata for security and error tracking purposes.
3. How We Use Your Data
- To provide and maintain the Service
- To manage your account and subscription
- To process payments via Stripe
- To send emails on your behalf through your configured MTA servers
- To detect and prevent abuse, fraud, and security incidents
- To troubleshoot errors and improve the Service
4. Data Storage & Security
Your data is stored in:
- Supabase (PostgreSQL database and file storage) — with Row Level Security ensuring tenant isolation
- Render — application hosting
SSH credentials are encrypted using Fernet symmetric encryption. All data is transmitted over HTTPS/TLS.
5. Third-Party Processors
We share data with the following third-party processors, each under appropriate data processing agreements:
| Processor | Purpose |
|---|---|
| Supabase | Database, authentication, file storage |
| Stripe | Payment processing |
| Render | Application hosting |
| Sentry | Error tracking and monitoring |
| hCaptcha | Bot protection |
6. Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights:
- Access — request a copy of your personal data
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — request your data in a structured, machine-readable format
- Objection — object to processing of your data
- Restriction — request restriction of processing
To exercise any of these rights, contact us at support@getmlr.com.
7. Data Retention
We retain your account data for as long as your account is active. When you delete your account, we delete all associated data (recipient lists, offers, campaigns, server configurations) within 30 days. Payment records may be retained longer as required by applicable tax and accounting laws.
8. Cookies
We use a single session cookie (Flask session) to maintain your logged-in state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
9. Children's Privacy
The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.
11. Contact
If you have questions about this Privacy Policy, contact us at:
Mohammed Azirar
Email: support@getmlr.com