Privacy Policy

December 26, 2021

The privacy of your data is a big deal to us. In this policy, we layout: what data we collect and why; how your information is handled; and your rights to your data. We promise we never sell your data: never have, never will.

We advise reading this privacy policy to ensure you are fully informed. However, we have divided this privacy policy into sections specific for Users (Section 3) and Subscribers (Section 2). Section 1 and 4 apply to everyone.

This policy applies to Tuemilio, maintained by Domingo Martin in Carrer Orient 30, Bellavista 08521, Barcelona, Spain.

1. Introduction

About us

Tuemilio is an online marketing platform operated by Domingo Martín Mancera, a company headquartered in Barcelona in Spain ("we," "us," "our," and "Tuemilio").

Our service enables our users to create product waitlists and update their subscribers via transactional emails. We also provide other related services, such as data analytics, campaign insights, and third-party integrations to help our users track and personalize their marketing activities.

Terms

In this privacy policy, we use the following terms.

"User" is a person that has registered directly with us to use and pay for our service. These are our customers.

"Subscriber" is a person that belongs to a user's waitlist. A user may contact a subscriber via email using the our service. Also, a subscriber joins a waitlist interacting with our service (via an installed widget on a user's website) or via the information a user has imported or sent to the service.

"Waitlist" is a list of subscribers our user can manage and contains all the information related to those subscribers.

"Service" has the meaning given to it in our terms of use.

"you" and "your" means either a subscriber or a user.

2. Privacy for subscribers

This section applies to the Personal Information we process about our users' subscribers as a data controller. Our service is intended for our users. The data we collect and process about subscribers through the service, we act as a processor on behalf of our users. Tuemilio is not responsible for our users' privacy or security practices, which may differ from those outlined in this privacy policy. Please check with individual users about the policies they have in place. For purposes of this section, "you" and "your" refer to subscribers.

Information we collect from subscribers.

Our guiding principle is to collect only data from subscribers that we need to provide our service to our users.

  1. An email address is required to join a waitlist. Users need to provide us with a subscriber's email address to enter and access our users' waitlists and for our users to have a way to contact their subscribers on the waitlist. We can receive your email address in three ways: you submit your address on a website with Tuemilio installed, a user imports a contact list with your email address, or a user saves your address using our API.
  1. Data provided about you by a user through the service. A user may ask you for additional information while joining a waitlist like your name, phone number, handles, etc. Our users may use this Personal Information to manage subscribers on their waitlist, market research, and onboarding you on their service. This data is recorded when you join a waitlist on a website using Tuemilio and we call them “custom fields”.
  1. Persistent first-party cookies are stored to remember visitors' and subscribers' sessions. We use two cookies (”tu” and “tu-referrer-id”) to store the usage data of visitors and subscribers. Keep a session for subscribers to enable them to access information regarding their position on the waitlist and avoid abuse of subscriptions. Keep track of referrals links as well as prevent false referrals. To learn more about cookies, including how to view which cookies have been set and how to manage and delete them, please visit www.allaboutcookies.org. At this time, our sites and applications do not respond to Do Not Track beacons sent by browser plugins. For more information about our cookies, visit our cookie policy.
  1. Subscriber's usage data is collected automatically. When you interact with a waitlist installed on a user's website, your browser automatically shares information such as which operating system and browser version you are using. We track that information, along with the pages you are visiting and which website referred you for statistical purposes like conversion rates and to avoid abuse of subscriptions on the waitlist. These data points are tied to your IP address and our cookies. We may also collect email opens and clicks from emails the user sends using our service. We collect this data to serve web analytics and campaign performance to our users, monitor and prevent service abuse, ensure compliance with our terms of use, and keep usage metrics of our service.

Use of Personal Information of subscribers

We may use the Personal Information we collect or receive about you in reliance on our (and where applicable, our users') legitimate interests for the following purposes:

  • Providing the service to our users.
  • To ensure compliance with our terms of use and applicable law.
  • To protect the rights and security of subscribers, users, third parties, or Tuemilio.
  • To troubleshoot or squash a software bug. If at any point, we need to access a user's account to help them with a support case, we may need to see your data for debugging purposes.
  • Improving the services. We use data to improve our service, including system administration, security, and new features.
  • Business operations. We use data for aggregate analyses and business intelligence to get insights into the business's performance.

The service offers first-party integrations with external sub-providers listed in section 4. Our users may use them on their waitlist, and so your personal data may be processed by these sub-providers. To know if these integrations are active in a specific waitlist, you should contact the users using our service to create waitlists and refer to their individual privacy policies.

Your rights concerning your information

At Tuemilio, we apply the same data rights to all subscribers, regardless of their location. Currently, some of the most privacy-forward regulations in place are the European Union's General Data Protection Regulation ("GDPR") and California Consumer Privacy Act ("CCPA") in the US. Tuemilio recognizes all rights granted in these regulations, except as limited by applicable law. These rights include:

  • Right to Know. You have the right to know what Personal Information is collected, used, shared, or sold. We outline both the categories and specific bits of data we collect and how they are used in this privacy policy.
  • Right of Access. This includes your right to access the Personal Information we gather about you and your right to obtain information about the sharing, storage, security, and processing of that information.
  • Right to Correction. You have the right to request the correction of your Personal Information.
  • Right to Erasure / "To Be Forgotten." This is your right to request, subject to certain limitations under applicable law, that your Personal Information be erased from our possession and, by extension, all of our service providers. Fulfilling some data deletion requests may prevent you from participating in any waitlist because our service will not recognize you. In such cases, a data deletion request may result in ending your participation in any waitlist.
  • Right to Restrict Processing. This is your right to request the restriction of how and why your Personal Information is used or processed, including opting out of the sale of Personal Information. (Again: we never have and never will sell your personal data.)
  • Right to Object. You have the right, in certain situations, to object to how or why your Personal Information is processed.
  • Right to Portability. You have the right to receive the Personal Information we have about you and the right to transmit it to another party.
  • Right to Non-Discrimination. This right stems from the CCPA. We will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, the exercise of certain rights (such as the right "to be forgotten") may prevent you from using our service by exercising those rights.

For all the Personal Information we collect and process about you as a subscriber, we act as a data processor on behalf of our users. If you want to exercise any of the rights listed above or have any questions about your data being processed by Tuemilio as a processor, you should contact the users using our service to create waitlists and refer to their individual privacy policies.

We provide all of our users with a set of tools on their dashboards to exercise all of your data protection rights on time.

If you want to unsubscribe from any email sent by one of our users via our service, you can unsubscribe directly from an unsubscribe link on any email received. For updating or deleting your data, contact the user directly.

3. Privacy for users

This section applies to the Personal Information we process about our users. Our service is intended for our users. If you are not a user (a customer of Tuemilio) section 2 may apply to you and your data. For purposes of this section, "you" and "your" refer to our users.

Information we collect from users.

Our guiding principle is to collect only data that we need to provide our service to our users.

  1. Identity and access. When you sign up for a Tuemilio, we typically ask for identifying information such as your name, email address, the name of your project or company, and its website. That's just so you can personalize your new account, and we can send you invoices, updates, or other essential information. When registered using Github OAuth, a link to your profile picture is stored, and your profile picture will display on your dashboard, but we do not usually look at or access the link to that picture. We'll never sell your Personal Information to third parties, and we won't use your name or company in marketing statements without your permission either.
  1. Billing information. When you pay for Tuemilio, we ask for your credit card and billing address. That's so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and never through our servers. We store a record of the payment transaction, including the last four digits of the credit card number and the billing address, for account history, invoicing, and billing support. We store your billing address to calculate any sales tax due, detect fraudulent credit card transactions, and print on your invoices. We use Stripe for this purpose.
  1. Geolocation data. We also log IP addresses used to sign up a Tuemilio account. We keep these records forever because they are used to mitigate spammy signups.
  1. Website interactions. When you browse our marketing page or application, your browser automatically shares certain information, such as which operating system and browser version you are using. We track that information, along with the pages you are visiting, page load timing, and which website referred you for statistical purposes like conversion rates and to test new designs. We sometimes track specific link clicks to help inform some design decisions. If applicable, these web analytics data are tied to your IP address and user account, and you are signed in to our Services. We use Google Analytics for this purpose.
  1. Cookies and Do Not Track We use persistent first-party cookies to store specific preferences, make it easier for you to use our applications, and support some in-house analytics. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your browser. To learn more about cookies, including how to view which cookies have been set and how to manage and delete them, please visit www.allaboutcookies.org. At this time, our sites and applications do not respond to Do Not Track beacons sent by browser plugins.
  1. Voluntary correspondence When you write Tuemilio with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future. We use Crisp and email as the main channel for communication.
  1. Log data: Our servers keep log files that record data each time a device accesses our service, including IP addresses, user agents, pages viewed, and error messages.

Use of Personal Information of users

We may use the Personal Information we collect or receive about you in reliance on our (and where applicable, your subscribers') legitimate interests for the following purposes:

  • Providing the service to you. We do use some third-party services to run Tuemilio and only to the extent necessary process some or all of your Personal Information via these third parties. You can view the list of third-party services in section 4. Having subprocessors means we are using technology to access your data. No Tuemilio human looks at your data for these purposes unless an error stops an automated process from working and requires manual intervention to fix. These are rare cases, and when they happen, we look for root cause solutions as much as possible to avoid them from reoccurring.
  • To ensure compliance with our terms of use and applicable law.
  • To protect the rights and security of subscribers, users, third parties, or Tuemilio.
  • To troubleshoot or squash a software bug. If at any point, we need to access a user's account to help them with a support case, we may need to see your data for debugging purposes.
  • Improving the services. We use data to improve our service, including system administration, security, and new features.
  • Business operations. We use data for aggregate analyses and business intelligence that enable us to get insights into the business's performance.

Third-party integrations

We may use the information we collect as a processor from the integrations available via the service to make them work. These integrations are the ones you decide to connect to your Tuemilio account. We support the following integrations that share subscriber’s information:

  • Zapier
  • Mailchimp
  • Typeform.

A full description of all data shared with these three providers is available in section 4.

Waitlists

To manage a waitlist or send email addresses to a waitlist, you need to import data from your subscribers using a CSV file, post them to our API, or collect them using our widget on your website. This data is at least your subscriber's email address and any other data point you decide to collect using “custom fields”. We collect and process this data to offer you the service according to our contract with you and this privacy policy.

We do not, under any circumstances, sell your waitlists.

You can always access and export in CSV format your waitlist from your dashboard.

When a subscriber forwards your email campaigns to someone else, the content of your email will be shared with an individual that is not on your waitlist. We do not have access, and we do not store the email address of these recipients.

If one of your subscribers invites a friend from the subscriber's popup on your website, we will process the email address of the subscriber's friend to send an email invitation. Our transactional email provider will process the invitation email address, and we will store the hashed email address using sha512. This is needed to send the email invitation and prevent abuse on a single email address. The invited email address will not be added to the waitlist, only when the invited email submits their data via the widget form.

When using the team feature on Tuemilio, you can invite your teammates to work on your waitlist. If you invite your teammate, we will use their email address to send an invitation via email using our transactional email provider and we will store the email address to verify their identity when they join your team.

Your rights concerning your information

At Tuemilio, we apply the same data rights to all users, regardless of their location. Currently, some of the most privacy-forward regulations in place are the European Union's General Data Protection Regulation ("GDPR") and California Consumer Privacy Act ("CCPA") in the US. Tuemilio recognizes all rights granted in these regulations, except as limited by applicable law. These rights include:

  • Right to Know. You have the right to know what Personal Information is collected, used, shared, or sold. We outline both the categories and specific bits of data we collect and how they are used in this privacy policy.
  • Right of Access. This includes your right to access the Personal Information we gather about you and your right to obtain information about the sharing, storage, security, and processing of that information.
  • Right to Correction. You have the right to request the correction of your Personal Information.
  • Right to Erasure / "To Be Forgotten." This is your right to request, subject to certain limitations under applicable law, that your Personal Information be erased from our possession and, by extension, all of our service providers. Fulfilling some data deletion requests may prevent you from using our service because our service will not recognize you. In such cases, a data deletion request may result in ending your account.
  • Right to Restrict Processing. This is your right to request the restriction of how and why your Personal Information is used or processed, including opting out of the sale of personal information. (Again: we never have and never will sell your personal data.)
  • Right to Object. You have the right, in certain situations, to object to how or why your Personal Information is processed.
  • Right to Portability. You have the right to receive the Personal Information we have about you and the right to transmit it to another party.
  • Right to Non-Discrimination. This right stems from the CCPA. We will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, the exercise of certain rights (such as the right "to be forgotten") may prevent you from using our service by exercising those rights.

You can exercise your data protection rights at any time by contacting us. If we receive a request from one of your subscribers, we will redirect them to you. If needed, we may answer a subscriber's request on your behalf.

4. General information

Tuemilio is a Spanish company, and our data infrastructure is currently based in Germany and US. That means if you are in another country and you use our products, your data are transferred to Germany and the US.

We are serious about treating our customers fairly. For that reason:

  • We never have and never will sell subscribers' or users' data.
  • We don't run ads for other services in Tuemilio.
  • We limit the data we collect: we don't ask for it if we don't need it.
  • We put a lot of security measures into place, including in-transit encryption and encryption at rest.
  • When you contact us through our real-time chat regarding your data, someone from our Privacy Working Group will get back to you. You are always speaking with a human! No bots.

How we share your information

We use third-party subprocessors, such as cloud computing providers and customer support software to run Tuemilio.

The following is a list of personal data subprocessors we use.

  • DigitalOcean. Cloud services provider located in Germany. All user and subscriber data are stored in their cloud.
  • Mailgun. Transactional email service located in the US and EU. Used to send users and subscribers notifications. Email addresses and custom fields are shared.
  • Stripe. Payment processing services are located in the US. Used for subscription management and payment processing. Email addresses from users and billing details are shared.
  • Sentry. Error reporting software. All user and subscriber data except billing information may be shared.
  • Crisp. Help desk software. Used to help set up users’ accounts. User email and IP address are shared.
  • Google Analytics. Analytics tool used to understand user behavior inside Tuemilio. IP Address and User IDs shared.
  • Github. OAuth provider. We receive email addresses and a profile picture link from them.
  • Cloudflare. DNS and proxy service based in the US used for security activities, IP address shared.

We offer the following service integrations to our users, which they may use to process subscribers’ data:

  • Mailchimp. Transactional email service located in the US. Subscriber’s data is shared with them if enabled by the user: address, referral link, dashboard link, referral id, country, city, language, and custom fields.
  • Zapier. Automation service located in the US. Subscriber’s data is shared with them if enabled by the user: email address, IP address, referral link, dashboard link, referral id, country, city, language, and custom fields. Also, if applicable: referrer email address, IP address, dashboard link, cookie UUID, and custom fields.
  • Typeform. Form service based in Spain with data stored in the US. Subscriber’s data shared with them if enabled by the user: email address and custom fields using Typeform feature “hidden fields.”