Thanks for using TinyLetter. This policy explains the what, how, and why of the information we collect when you use TinyLeytter. It also explains the specific ways we use and disclose that information. We never sell lists or email addresses. Because TinyLetter is run by the MailChimp team, you'll see some MailChimp references throughout this policy.
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we," "us," and "MailChimp,” we’re referring to The Rocket Science Group, LLC d/b/a MailChimp, a State of Georgia limited liability company. We provide online platforms that you may use to create, send, and manage emails (the “Services”). When we say “you” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services. A "Subscriber" is a person you contact through our Services. A "Distribution List" is a list of email addresses that one of our Members has sent, or intends to send, emails to, and all information relating to those email addresses. We may combine information about you or your Subscribers with information provided by other Members or third parties to create ”Aggregate Information,” which may include, but isn’t limited to, names, email addresses, demographic information, IP addresses and location.
We offer the Services on our websites http://www.mailchimp.com, http://www.tinyletter.com, and http://www.mandrill.com (each a “Website” and together the “Websites”). While providing the Services, we may collect Personal Information, which means information about a Member or Subscriber.
The TRUSTe program covers our Websites, http://www.mailchimp.com, http://www.tinyletter.com, http://www.mandrill.com, as well as the MailChimp online and mobile app. To learn more about our relationship with TRUSTe, please click on the TRUSTe seal to see our validation page. You may also contact TRUSTe directly.
If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter please use our contact form to get in touch. You may also contact us by postal mail or email at:
Attn. Privacy Officer
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308
We may use and disclose your Personal Information only as follows:
As you use our Services, you may import into our system personal information you’ve collected from your Subscribers. We have no direct relationship with your Subscribers, and you’re responsible for making sure you have the appropriate permission for us to collect and process information about those individuals. We may transfer personal information to companies that help us provide our Services (“Service Providers.”) All Service Providers enter into a contract with us that protects personal data and restricts their use of any personal data in line with this policy. As part of our Services, we may use and incorporate into features information you’ve provided or we’ve collected about Subscribers as Aggregate Information. We may share this Aggregate Information, including Subscriber email addresses, with third parties in line with the approved uses in Section 6.
If you’re a Subscriber and no longer want to be contacted by one of our Members, please unsubscribe directly from that Member’s newsletter or contact the Member directly to update or delete your data. If you contact us, we may remove or update your information within a reasonable time and after providing notice to the Member of your request.
We’ll retain personal data we process on behalf of our Members for as long as needed to provide services to our Members or to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements.
We may, from time to time, offer surveys, contests, sweepstakes, or other promotions on our Websites or through social media (collectively “Our Promotions”). Participation in our Promotions is completely voluntary. Information requested for entry may include personal contact information like your name, address, date of birth, phone number, email address, username, and similar details. We use the information you provide to administer Our Promotions. We also may, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Services. We may share this information with our affiliates and other organizations or Service Providers in line with this policy and the rules posted for the Promotion.
When you send an email marketing campaign, it bounces around from server to server as it crosses the Internet. Along the way, server administrators can read what you send. Email wasn’t built for confidential information. If you have something confidential to send, please don’t use MailChimp.
Your Distribution Lists are stored on a secure MailChimp server. We don’t, under any circumstances, sell your Distribution Lists. If someone on your Distribution List complains or contacts us, we might then contact that person. Only authorized employees have access to view Distribution Lists. You may export (download) your Distribution Lists from MailChimp at any time.
We’ll use and disclose the information in your Distribution Lists only for the reasons listed under Use of Your Personal Information. We will not use and disclose the information in your Distribution Lists to:
We may derive Aggregate Information from your Distribution List and will use that information as described in Section 7. If we detect abusive or illegal behavior related to your Distribution List, we may share your Distribution List or portions of it with affected ISPs or anti-spam organizations.
Nobody is safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your Distribution Lists, then MailChimp will notify you as soon as possible and later report the action we took in response.
Our credit card processing vendor uses security measures to protect your information both during the transaction and after it’s complete. Our vendor is certified as compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC). We also perform annual SOC II audits. If you have any questions about the security of your personal information, you may contact us at [contact email].
MailChimp accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Distribution Lists is so sensitive, account passwords are encrypted, which means we can’t see your passwords. We can’t resend forgotten passwords either. We’ll only reset them.
Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering a data processing agreement. By using our Websites, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this policy.
Previously MailChimp has certified our compliance with the U.S.–E.U. and U.S.–Swiss Safe Harbor Framework. In light of a recent European Court of Justice ruling, we no longer rely on the Safe Harbor Framework to justify the transfer of the personal data of European and Swiss residents to the United States. Instead Members located in the EU or Switzerland must request our updated data processing agreement which incorporates the Standard Contractual Clauses here.
If you are a Member who lives in Australia then this section applies to you. We are subject to the operation of the Privacy Act 1988 ("Australian Privacy Act"). We have some specific points to make you aware of.
Where we say we assume an obligation about Personal Information then we are also requiring our subcontractors to undertake a similar obligation, where relevant.
We will not use or disclose personal information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for the marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may nevertheless continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts and other information related to your account.
Our servers are primarily located in the United States. In addition, we, or our subcontractors, may utilise cloud technology to store or process personal information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over such off-shore activities. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas.
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information if you so request.
If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes.
We’ll retain your information for as long as your account is active or as long as needed to provide you services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
We’ll give an individual, either you or a Subscriber, access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request this information from us by contacting us here. Unless it’s prohibited by law, we’ll remove any Personal Information about an individual, be it you or a Subscriber, from our servers at their request. There is no charge for an individual to access or update his or her personal information.
“Do Not Track” is a standard that’s currently under development. Because it’s not yet finalized, MailChimp adheres to the standards in this policy and does not monitor or follow any Do Not Track browser requests. That said, some of our features may.
Updated February 24, 2016