Privacy Policy

How we collect, use, and protect your personal information.

Last updated: February 2026

PrawnMail (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered sales outreach platform.

By using PrawnMail, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Your name and email address
  • Company name and job title
  • Password (stored securely using encryption)

Payment Information

When you subscribe to a paid plan, our payment processor (Stripe) collects:

  • Billing name and address
  • Payment card details (processed securely by Stripe; we do not store card numbers)

Prospect Data

To provide our services, we process information about your sales prospects:

  • Contact information you upload (names, emails, companies)
  • Publicly available information we research on your behalf
  • Email content generated for your campaigns

Managed Service Data

If you subscribe to our Managed Service, we additionally collect and process:

  • Business information you provide (company details, branding, target market descriptions)
  • Target market and ideal customer profile data
  • Prospect data sourced from third-party B2B databases on your behalf
  • Subdomain configuration and email sending account details
  • Landing page content and lead capture data
  • Campaign performance data and analytics

Usage Data

We automatically collect certain information when you use PrawnMail:

  • Log data (IP address, browser type, pages visited)
  • Feature usage and interaction data
  • Email campaign performance metrics (opens, replies)

2. How We Use Your Information

We use the information we collect to:

  • Provide our services: Research prospects, generate personalised emails, and manage your campaigns
  • Process payments: Handle subscriptions and billing through Stripe
  • Improve our platform: Analyse usage patterns to enhance features and user experience
  • Communicate with you: Send service updates, respond to enquiries, and provide support
  • Ensure security: Detect and prevent fraud, abuse, or security incidents
  • Deliver managed services: Source prospect data, configure outreach infrastructure, create landing pages, and manage campaigns on your behalf

3. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide our services to you
  • Legitimate interests: Improving our services, ensuring security, and marketing (where appropriate)
  • Consent: Where you have given explicit consent for specific processing
  • Legal obligation: Where required to comply with applicable laws
  • Contract (Managed Service): Processing necessary to deliver our Managed Service, including configuring infrastructure, creating landing pages, and managing campaigns
  • Legitimate interests (Prospect Data Sourcing): Sourcing B2B prospect data from third-party databases on behalf of Managed Service clients who have confirmed a legitimate interest in contacting those prospects

4. Data Sharing and Third Parties

We share your information with the following third-party services:

Stripe

We use Stripe to process payments securely. Stripe’s privacy policy can be found at stripe.com/privacy.

Brevo

We use Brevo (formerly Sendinblue) for transactional and marketing emails. Brevo’s privacy policy can be found at brevo.com/legal/privacypolicy.

B2B Data Providers

For Managed Service clients, we source prospect data from third-party B2B databases (such as Apollo.io and similar professional data providers). These providers supply publicly available business contact information that we use to build targeted prospect lists on your behalf.

Managed Service Data Processing

When delivering our Managed Service, PrawnMail acts as a data processor on behalf of the client (the data controller). We process prospect data, lead data, and campaign data strictly according to the client’s instructions and for the purpose of delivering the agreed service. We do not use Managed Service client data for our own marketing purposes.

Landing Page Visitors

For Managed Service clients, we host landing pages on subdomains of prawnmail.co.uk. Data submitted by visitors to these landing pages (such as name, email, and company) is collected on behalf of the client. The client is responsible for ensuring an appropriate privacy notice is displayed on their landing page and for their own compliance with data protection laws regarding the leads they receive.

We may also share information:

  • With your consent or at your direction
  • To comply with legal obligations or valid legal requests
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (with notice to you)

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. After account deletion, we may retain certain information for up to 6 years for legal, tax, or accounting purposes.

Prospect data you upload is retained until you delete it or close your account.

Managed Service Data

Upon termination of a Managed Service subscription, you may request an export of your lead and campaign data within 30 days. We retain Managed Service data (including prospect lists, campaign records, and lead data) for up to 6 months after termination for legal and accounting purposes, after which it is securely deleted. Subdomains and landing pages are deactivated within 30 days of termination.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure hosting infrastructure

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Restriction: Request we limit how we use your data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests or for marketing
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at matthew@prawnmail.co.uk.

8. Cookies

We use cookies and similar technologies to:

  • Keep you signed in to your account
  • Remember your preferences
  • Understand how you use our platform
  • Improve our services

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of PrawnMail.

9. International Transfers

Your data may be transferred to and processed in countries outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO).

10. Children’s Privacy

PrawnMail is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: matthew@prawnmail.co.uk
Website: prawnmail.co.uk

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been violated. Visit ico.org.uk for more information.