Privacy Policy

• Account Information: Email address, username, name, password and optional website address
• Newsletter Subscribers: Email addresses of people who subscribe to newsletters created using BandTools
• Session Data: IP addresses and user agents for security and authentication
• User Activity: Interaction data tracked via Plausible Analytics (no tracking cookies used)
• Content Data: Newsletters, attachments, and related files uploaded by users
• Inbound Emails: Replies to newsletters are temporarily stored for up to 24 hours before being automatically deleted
• SendTo Emails: Emails sent to BandTools using the SendTo feature are temporarily stored for up to 24 hours before being automatically deleted. The newsletters created from these emails are retained like any other newsletter content
• Feed Source Data: URLs of RSS or Atom feeds configured by users for the automatic newsletters feature, along with feed metadata (feed title, site URL, latest entry title and URL)
• Collaboration Invitations: Email addresses of people the account holder invites to help edit a draft newsletter (Artist and Headliner plan feature). Invited email addresses are stored encrypted and are deleted when the invitation is revoked or the associated newsletter is deleted

• Send newsletters on behalf of users
• Manage subscriptions and payments for paid plans
• Determine your approximate country from your IP address to display localised pricing in your local currency
• Notify users about account activity (e.g. confirmations, subscriber changes)
• Send operational service communications to all users with active accounts (e.g. platform maintenance, security alerts, or policy changes). These emails are a necessary part of providing the service and cannot be opted out of
• Display public newsletter archives if the user opts in
• Monitor service usage and improve performance
• Fetch content from external RSS or Atom feeds configured by the user to create newsletter drafts or send newsletters automatically (Artist and Headliner plan feature)
• Transmit subscriber data and account information to external applications authorised by the user via an API access token, at the user’s instruction
• Transmit subscriber data to external services configured by the newsletter owner via webhooks, as instructed by the user (Headliner plan feature)
• Send collaboration invitation emails on behalf of users who choose to share a draft newsletter with another person for editing (Artist and Headliner plan feature)
• Support and moderate service safety

AI-Assisted Content Moderation

We use automated content moderation tools to help identify potentially harmful or prohibited content in newsletters prior to sending. When users create or submit newsletter content, that content may be securely processed by AI-based moderation services for classification and safety analysis. Content flagged by these systems is automatically held and not delivered to subscribers until it has been reviewed by a human reviewer. Users will be notified by email if content is held for review.

• Backblaze B2: For image and database backup storage (EU Central region)
• Bunny Fonts: For serving web fonts on subscriber-facing pages (EU). Bunny Fonts operates a zero-logging policy and does not store personal data. See their about page for details
• Hetzner: For hosting infrastructure in the EU
• Honeybadger: For error tracking and application performance monitoring
• Lemon Squeezy: For payment processing and subscription billing as Merchant of Record
• Mailgun: For email delivery and receipt of incoming emails (EU region)
• MaxMind: For IP-based geolocation to determine visitor country for localised pricing. This product includes GeoLite2 Data created by MaxMind. No personal data is transmitted to MaxMind; the lookup is performed locally using a downloaded database
• OpenAI Platform: For AI-based content moderation services
• Plausible Analytics: For non-cookie-based website analytics

User-Authorised API Integrations

Users can generate API tokens from the Settings → API tab and provide them to external applications (including tools they build themselves). When a third-party application uses a token to access BandTools, that application is not a BandTools subprocessor. The user is solely responsible for the choice of applications they authorise, for the secure handling of API tokens, and for ensuring that any personal data retrieved via the API is handled in compliance with applicable data protection laws. Tokens can be deleted by the user at any time from the Settings → API tab, which immediately invalidates them.

User-Configured Webhook Endpoints

Users on the Headliner plan may configure webhooks that instruct BandTools to transmit event data (including subscriber email addresses and newsletter metadata) to external URLs specified by the user. These external services are not BandTools subprocessors. The user is solely responsible for ensuring that the receiving service handles personal data in compliance with applicable data protection laws. BandTools signs outgoing webhook payloads cryptographically so the receiving service can verify their authenticity.

A current list of subprocessors is available upon request.

Each subprocessor is contractually required to process data in compliance with applicable data protection laws. If we engage additional subprocessors in the future, we will update this policy accordingly.

• Unsubscribing: Newsletter recipients can unsubscribe at any time via the unsubscribe link in emails
• Service Communications: While you have an active BandTools account, you will receive essential operational emails such as platform maintenance notices, security alerts, and policy changes. These communications cannot be opted out of because they are necessary for the provision of the service. The only way to stop receiving them is to delete your account
• Account Deletion: Users can delete their account, which removes their newsletters, settings, and subscription records linking them to subscribers
• Access Requests: Users can request access to their data

• User data is stored on Hetzner servers in the EU, Mailgun (EU region), and Backblaze B2 (EU Central region) and other subprocessors where applicable
• All personally identifiable information (PII) is encrypted at rest
• HTTPS is enforced for secure data transmission
• We use Honeybadger to monitor application performance and errors. Error data and logs may include metadata such as IP addresses and request context. Logs are securely transmitted and stored by Honeybadger in accordance with their privacy practices

• Session Cookies: Used for authentication and required functionality
• Preference Cookies: A dark_mode cookie is used to remember your display preference (light or dark mode). This cookie expires after 1 year
• No Tracking Cookies: BandTools does not use tracking cookies for advertising or third-party analytics

• Contractual necessity: Processing your account information and subscriber data is necessary to provide the BandTools service. This includes sending operational service communications (such as maintenance notices, security alerts, and policy changes) to users with active accounts
• Consent: Newsletter subscribers provide consent when they subscribe via the double opt-in process
• Legitimate interests: We process certain data (such as session information, error logs, and newsletter content for AI-assisted content moderation) for the legitimate interests of maintaining service security, preventing abuse, and improving the service

• Account data: Retained until you delete your account
• Subscriber data: Retained for as long as the subscriber has an active subscription. Subscriber records without active subscriptions are periodically removed by an automated cleanup process
• Newsletters and content: Retained until deleted by the user or until account deletion
• Inbound emails (replies): Automatically deleted after 24 hours
• SendTo emails: Raw emails automatically deleted after 24 hours. Newsletters created from them are retained like any other newsletter
• Session data: Retained for the duration of the session
• Encrypted backups: May persist for up to 30 days before being overwritten in the normal backup rotation cycle

• Data Controller: For user account information (your email address, username, name, and account settings). We determine the purposes and means of processing this data to provide the service.
• Data Processor: For subscriber data managed by our users. When you use BandTools to manage a newsletter mailing list, you are the Data Controller and BandTools processes subscriber data on your behalf. This relationship is governed by our Data Processing Agreement.

• UK Data Protection Act 2018 and the UK GDPR
• General Data Protection Regulation (EU GDPR) for EU users
• Privacy and Electronic Communications Regulations (PECR) 2003
• CAN-SPAM Act 2003 for US users
• Canada’s Anti-Spam Legislation (CASL) for Canadian users