Thanks for using Mandrill. This policy explains the what, how, and why of the information we collect when you use Mandrill. It also explains the specific ways we use and disclose that information. We never sell lists or email addresses. Because Mandrill is run by the MailChimp team, you'll see some MailChimp references throughout this policy.
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we," "us," and "MailChimp,” we’re referring to The Rocket Science Group, LLC d/b/a MailChimp, a State of Georgia limited liability company. When we say “you” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services.
We provide online platforms that you may use to create, send, and manage emails (the “Services”). We offer the Services on our websites http://www.mailchimp.com, http://www.tinyletter.com, and http://www.mandrill.com (each a “Website” and together the “Websites”). In the course of providing the Services, we may collect Personal Information, which means information about a Member. A "Distribution List" is a list of email addresses that one of our Members has sent, or intends to send, emails to, and all information relating to those email addresses.
If you have any questions or comments, or if you want to update, delete, or change any Personal Information you’ve submitted on the Website, please use our contact form to get in touch. You may also contact us by postal mail at:
512 Means St. Suite 404
Atlanta, GA 30318
If you’re not satisfied with our response you can contact TRUSTe.
List and Email Information: When you add an email Distribution List or create an email with the Services, we have access to the data on your list and the information in your email.
Information from your Use of the Service: We may get information about how and when you use the Services. This information may include your IP address, time, date, browser used, and actions taken by you within the application.
Cookies: When you register to use MailChimp, we store "cookies," which are strings of code, on your computer. We use those cookies to collect information about when you visit our Website, when you use the Services, your browser type and version, your operating system, and other similar information. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block our cookies, it may be more difficult (and maybe even impossible) to use the Services. When you play one of the videos on the Websites, the Flash player may use local shared objects, which are also called Flash cookies. We don’t use these Flash cookies for anything, but we can’t stop the player from dropping them (we tried).
Web Beacons: When we send emails to registered MailChimp customers, we'll sometimes track who opened the emails and who clicked the links. We do that to measure our Email Campaigns’ performance and to improve our features for specific segments of customers. To do this, we include single pixel gifs, also called web beacons, in emails we send. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details. We also include Web Beacons in the emails we deliver for you. We use the data from those Web Beacons to create the reports you see about who has or hasn’t opened emails or clicked links. Reports are also available to us when we send you email, so we may collect and review that information.
We may use and disclose your Personal Information only as follows:
To promote use of our Services. For example, if you leave your Personal Information when you visit our Website and don’t sign up for any of the Services, we may send you an email asking whether you want to sign up. And if you use any of our Services, and we think you might benefit from using another Service we offer, we may send you an email telling you about it.
To bill and collect money owed to us. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see Section 7 below.
To provide customer support.
To protect the rights and safety of our Members and third parties, as well as our own.
To meet legal requirements like complying with court orders and valid subpoenas.
To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.
To prosecute and defend a court, arbitration, or similar proceeding.
To support and improve the Services we offer. This includes adding features that compare Members' Email Campaigns, or using data to suggest other publishers your subscribers may be interested in.
To communicate with you about your account for informational, not promotional, reasons.
To send you informational and promotional content that you may choose (or "opt in") to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
Blog. We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you’d like it to be removed, contact us here. If we’re not able to remove your information, we’ll let you know why.
Social Media Widgets. Our Websites include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.
When you send email marketing, it bounces around from server to server as it crosses the internet. Along the way, server administrators can read what you send. Email wasn’t built for confidential information. If you have something confidential to send, please don’t use MailChimp.
Your subscriber lists are stored on a secure MailChimp server. We don’t, under any circumstances, sell your lists, contact people on your lists, market to people on your lists, steal your lists, or share your lists with any other party, unless it’s required by law. If someone on your list complains or contacts us, we may then contact that person. Only authorized employees have access to view Distribution Lists. You may export (download) your lists from MailChimp at any time, as long as we have a copy.
We’ll use and disclose the information in your Distribution Lists only for the reasons listed under Use of Your Personal Information, except the following (In other words, we will not use and disclose the information in your Distribution Lists to):
Nobody’s safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your Distribution Lists, then MailChimp will notify you as soon as possible and later report the action we took in response.
To protect your information, our credit card processing vendor uses the latest 128-bit Secure Socket Layer (SSL) technology for secure transactions. Our vendor is certified as compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC).
MailChimp accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Distribution Lists is so sensitive, account passwords are encrypted, which means we can’t see your passwords. We can’t resend forgotten passwords either. We’ll only reset them.
MailChimp complies with the U.S.–E.U. and U.S.–Swiss Safe Harbor Framework, which is overseen by the U.S. Department of Commerce and covers the collection, use, and retention of personal data from European Union member countries and Switzerland. We certify that we follow the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes.
We only store data about you for as long as it’s reasonably required to fulfill the purposes that gave us the right to access it in the first place. We keep some data indefinitely, relating to when and where Emails were sent, which bounced, which resulted in a complaint, and similar information, because we use it to help us screen out people who violate SPAM laws, and for other reasons explained in this policy.
We’ll give you access to any Personal Information about you that we hold within 30 days of any request for that information you make by emailing firstname.lastname@example.org. Unless it’s prohibited by law, we’ll remove any Personal Information about you from our servers at your request.
Updated March 15, 2013