Thanks for using MailChimp. This policy explains the what, how, and why of the information we collect when you use our Services. It also explains the specific ways we use and disclose that information. We take your privacy extremely seriously, and we never sell lists or email addresses.
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say “we,” “us,” and “MailChimp,” we’re referring to The Rocket Science Group, LLC d/b/a MailChimp, a State of Georgia limited liability company. We provide online platforms that you may use to create, send, and manage emails (the “Services”). When we say “you” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services. A “Subscriber” is a person you contact through our Services. A “Distribution List” is a list of email addresses that one of our Members has sent, or intends to send, emails to, and all information relating to those email addresses. We may combine information about you or your Subscribers with information provided by other Members or third parties to create ”Aggregate Information,” which may include, but isn’t limited to, names, email addresses, demographic information, IP addresses and location.
We offer the Services on our websites http://www.mailchimp.com, http://www.tinyletter.com, and http://www.mandrill.com (each a “Website” and together the “Websites”). While providing the Services, we may collect Personal Information, which means information about a Member or Subscriber.
The TRUSTe program covers our Websites, http://www.mailchimp.com, http://www.tinyletter.com, http://www.mandrill.com, as well as the MailChimp online and mobile app. To learn more about our relationship with TRUSTe, please click on the TRUSTe seal to see our validation page. You may also contact TRUSTe directly.
4. Questions & Concerns
If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter please use our contact form to get in touch. You may also contact us by postal mail or email at:
Attn. Privacy Officer
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308
5. Information We Collect
List and Email Information: When you add an email Distribution List or create an email with the Services, we have and may access the data on your list and the information in your email.
Information from your Use of the Service: We may get information about how and when you use the Services, store it in log files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you’ve taken within the application.
Cookies and Tracking: When you use MailChimp, we may store “cookies,” “tags,” or “scripts,” which are strings of code, on your computer. We and our analytics Service Providers (like Google) use those cookies to collect information about your visit and your use of our Website or Services. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block cookies, it may be more difficult (and maybe even impossible) to use some aspects of the Services.
Web Beacons: When we send emails to Members, we may track behavior such as who opened the emails and who clicked the links. We do that to measure the performance of our email campaigns and to improve our features for specific segments of Members. To do this, we include single pixel gifs, also called web beacons, in emails we send. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details. We also include Web Beacons in the emails we deliver for you. We use the data from those Web Beacons to create the reports about how your email campaign performed and what actions your Subscribers took. Reports are also available to us when we send email to you, so we may collect and review that information.
Information from Other Sources: We may get more information about you or your Subscribers, like name, age, and use of social media websites, by searching the internet or querying third parties (we’ll refer to that information as Supplemental Information). We use Supplemental Information to develop features like Social Profiles, a tool that helps you learn about your Subscribers and send them more relevant content.
Information from the use of our Mobile Apps: When you use our mobile apps, we may collect information about the type of device and operating system you use. We may ask you if you want to receive push notifications about activity in your account. If you opt in to these notifications and no longer want to receive them, you may turn them off through your operating system. We don’t access or track any location-based information from your mobile device unless you’ve given us permission. We may use mobile analytics software (like Fabric.io) to help us better understand how people use our application. We may collect information about how often you use the application and other performance data. We don’t collect or link that data with any personally identifiable information.
6. Use and Disclosure of Your Personal Information
We may use and disclose your Personal Information only as follows:
To promote use of our Services. For example, if you leave your Personal Information when you visit our Website and don’t sign up for any of the Services, we may send you an email asking if you want to sign up. And if you use any of our Services and we think you might benefit from using another Service we offer, we may send you an email about it. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send.
To send you informational and promotional content that you may choose (or “opt in”) to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
To bill and collect money owed to us. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see Section 12 below.
To communicate with you about your account and provide customer support.
To protect the rights and safety of our Members and third parties, as well as our own.
To meet legal requirements like complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.
To prosecute and defend a court, arbitration, or similar legal proceeding.
To provide, support, and improve the Services we offer. This includes aggregating information from your use of the Services and sharing such Aggregated Information with third parties.
To provide suggestions to you. This includes adding features that compare Members’ email campaigns, or using data to suggest other publishers your Subscribers may be interested in.
7. Data Collected for and by our Users.
As you use our Services, you may import into our system personal information you’ve collected from your Subscribers. We have no direct relationship with your Subscribers, and you’re responsible for making sure you have the appropriate permission for us to collect and process information about those individuals. We may transfer personal information to companies that help us provide our Services (“Service Providers.”) All Service Providers enter into a contract with us that protects personal data and restricts their use of any personal data in line with this policy. As part of our Services, we may use and incorporate into features information you’ve provided or we’ve collected about Subscribers as Aggregate Information. We may share this Aggregate Information, including Subscriber email addresses, with third parties in line with the approved uses in Section 6.
If you’re a Subscriber and no longer want to be contacted by one of our Members, please unsubscribe directly from that Member’s newsletter or contact the Member directly to update or delete your data. If you contact us, we may remove or update your information within a reasonable time and after providing notice to the Member of your request.
We’ll retain personal data we process on behalf of our Members for as long as needed to provide services to our Members or to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements.
8. Public Information and Third Parties
Blog. We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you want it removed, contact us here. If we’re unable to remove your information, we’ll let you know why.
Social Media Platforms and Widgets. Our Websites include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. We also maintain presences on social media platforms like Facebook, Twitter, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Service Providers. If it’s necessary to provide you something you’ve requested, like send you a T-shirt or enable a feature like Social Profiles, then we may share your personal information to a Service Provider for that purpose. We’ll tell you we’re working with a Service Provider whenever reasonably possible, and you may request at any time the name of our Service Providers.
9. Contest and Sweepstakes
We may, from time to time, offer surveys, contests, sweepstakes, or other promotions on our Websites or through social media (collectively “Our Promotions”). Participation in our Promotions is completely voluntary. Information requested for entry may include personal contact information like your name, address, date of birth, phone number, email address, username, and similar details. We use the information you provide to administer Our Promotions. We also may, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Services. We may share this information with our affiliates and other organizations or Service Providers in line with this policy and the rules posted for the Promotion.
10. Content of Email Campaigns
When you send an email marketing campaign, it bounces around from server to server as it crosses the Internet. Along the way, server administrators can read what you send. Email wasn’t built for confidential information. If you have something confidential to send, please don’t use MailChimp.
11. Your Distribution Lists
Your Distribution Lists are stored on a secure MailChimp server. We don’t, under any circumstances, sell your Distribution Lists. If someone on your Distribution List complains or contacts us, we might then contact that person. Only authorized employees have access to view Distribution Lists. You may export (download) your Distribution Lists from MailChimp at any time.
We’ll use and disclose the information in your Distribution Lists only for the reasons listed under Use of Your Personal Information. We will not use and disclose the information in your Distribution Lists to:
- bill or collect money owed to us;
- send you system alert messages;
- communicate with you about your account; or
- send you informational and promotional content.
We may derive Aggregate Information from your Distribution List and will use that information as described in Section 7. If we detect abusive or illegal behavior related to your Distribution List, we may share your Distribution List or portions of it with affected ISPs or anti-spam organizations.
12. Notice of Breach of Security
Nobody is safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your Distribution Lists, then MailChimp will notify you as soon as possible and later report the action we took in response.
13. Safeguarding Your Information
Our credit card processing vendor uses security measures to protect your information both during the transaction and after it’s complete. Our vendor is certified as compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC). We also perform annual SOC II audits. If you have any questions about the security of your personal information, you may contact us at firstname.lastname@example.org.
MailChimp accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Distribution Lists is so sensitive, account passwords are encrypted, which means we can’t see your passwords. We can’t resend forgotten passwords either. We’ll only reset them.
14. We Operate in the United States
Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering a data processing agreement. By using our Websites, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this policy.
15. Data Transfers from the EU to the United States
Previously MailChimp has certified our compliance with the U.S.–E.U. and U.S.–Swiss Safe Harbor Framework. In light of a recent European Court of Justice ruling, we no longer rely on the Safe Harbor Framework to justify the transfer of the personal data of European and Swiss residents to the United States. Instead Members located in the EU or Switzerland must request our updated data processing agreement which incorporates the Standard Contractual Clauses here.
16. Members located in Australia
If you are a Member who lives in Australia then this section applies to you. We are subject to the operation of the Privacy Act 1988 (“Australian Privacy Act”). We have some specific points to make you aware of.
Where we say we assume an obligation about Personal Information then we are also requiring our subcontractors to undertake a similar obligation, where relevant.
We will not use or disclose personal information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for the marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may nevertheless continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts and other information related to your account.
Our servers are primarily located in the United States. In addition, we, or our subcontractors, may utilise cloud technology to store or process personal information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over such off-shore activities. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas.
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information if you so request.
If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.
17. Accuracy of Data, Transparency, and Choice
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes.
We’ll retain your information for as long as your account is active or as long as needed to provide you services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
We’ll give an individual, either you or a Subscriber, access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request this information from us by contacting us here. Unless it’s prohibited by law, we’ll remove any Personal Information about an individual, be it you or a Subscriber, from our servers at their request. There is no charge for an individual to access or update his or her personal information.
18. Do Not Track Disclosure
“Do Not Track” is a standard that’s currently under development. Because it’s not yet finalized, MailChimp adheres to the standards in this policy and does not monitor or follow any Do Not Track browser requests. That said, some of our features may.
Updated February 24, 2016