Privacy Policy

Templ8.email (“Templ8”, “we”, “us”, “our”) is the data controller responsible for the processing of your personal data as described in this Privacy Policy.

We process personal data for the following purposes:

• Providing the Service — account management, template creation, storage, and export functionality
• Billing and payments — processing subscriptions, invoicing, and refunds
• Security and fraud prevention — monitoring for suspicious activity, enforcing our Terms of Use
• Service improvement — analyzing usage patterns to improve features, performance, and user experience
• Customer support — responding to your inquiries and resolving issues
• Communications — sending service-related notifications (e.g., password resets, billing alerts) and, with your consent, marketing emails about new features and offers
• Legal compliance — meeting our obligations under applicable law, such as tax reporting and responding to lawful requests

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases for processing your personal data:

We use the following types of cookies and similar technologies:

Our primary analytics tool (Umami) is privacy-friendly and does not use cookies or collect personally identifiable information. Where we use cookie-based third-party analytics or marketing tools, we will request your consent before setting those cookies.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

We do not sell your personal data. We share data only as described below:

• Service providers / processors: We use trusted third-party providers for hosting (Google Cloud), authentication (Firebase), payment processing (Stripe), analytics (Umami, self-hosted), error tracking (Sentry), and customer support. These processors act only on our instructions under data processing agreements.
• Legal requirements: We may disclose personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Business transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity, subject to the same privacy commitments.
• With your consent: We may share data for purposes not listed here if we obtain your explicit consent.

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our service providers are located.

Where such transfers occur, we ensure an adequate level of protection through appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Data Processing Agreements with all processors

We retain personal data only as long as necessary for the purposes described in this Policy:

• Account data: retained for the duration of your Account and deleted or anonymized within 30 days of Account closure, unless longer retention is required by law
• Billing data: retained as required by applicable tax and accounting laws (typically 7 years in the Netherlands)
• Usage and analytics data: retained in aggregated/anonymized form for service improvement; identifiable logs are deleted after 90 days
• Support communications: retained for the duration of your Account plus 12 months

When data is no longer needed, we securely delete it or render it anonymous so that it can no longer be associated with you.

Under the GDPR, if you are located in the European Economic Area, you have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@templ8.email. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to know: You may request that we disclose what personal information we have collected, used, disclosed, and sold about you in the preceding 12 months.
• Right to delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to opt-out of sale: We do not sell personal information. If this practice changes, we will provide a “Do Not Sell My Personal Information” link.
• Non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, contact us at privacy@templ8.email. We will verify your identity and respond within 45 days.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of sensitive data at rest
• Access controls and authentication for internal systems
• Regular security assessments and monitoring
• Employee and contractor confidentiality obligations

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the revised version on this page with an updated “Last updated” date.

For material changes, we will provide additional notice (e.g., via email or an in-app notification). Your continued use of the Service after any changes constitutes acceptance of the updated Policy.

If you have questions or concerns about this Privacy Policy or our data practices: