Privacy Policy

At TrackMailBox, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email tracking service. We are committed to protecting your personal data and being transparent about our practices.

This Privacy Policy applies to information we collect when you use our website (https://trackmailbox.com), Chrome extension, and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information

When you sign up for TrackMailBox, we collect:

• Your email address (via Google OAuth authentication)
• Your name and profile picture (as provided by Google)
• Authentication tokens to maintain your session securely
• Your IP address (for security and analytics purposes)

1.2 Email Tracking Data

When you use our email tracking feature, we collect metadata about email interactions:

• Email subject lines (for display in your dashboard only)
• Recipient email addresses (for tracking purposes only)
• Open timestamps and approximate geographic location (derived from IP address)
• Link click data (which links were clicked and when)
• User agent information (device and browser type for analytics)

Important: We never store the content/body of your emails. We only collect metadata necessary for tracking opens and clicks.

1.3 How Tracking Technology Works

TrackMailBox uses two tracking mechanisms to provide its service:

• Tracking Pixel (Email Opens): When you send a tracked email, TrackMailBox embeds a tiny, invisible 1x1 transparent image (a "tracking pixel") into the email body. When the recipient opens the email, their email client loads this image from our servers. This request allows us to record the open event along with the timestamp, the recipient's IP address (used to derive approximate geographic location), and their device/browser information (from the User-Agent header). No data is stored on the recipient's device.
• Link Redirect (Link Click Tracking): When link tracking is enabled, links in your email are replaced with redirect URLs that route through TrackMailBox's servers. When the recipient clicks a link, the request first passes through our server where we record the click event, timestamp, and the recipient's IP address and device information, before the recipient is immediately and seamlessly redirected to the original destination URL. The recipient experiences no noticeable delay.

Both mechanisms collect data about email recipients who may not be users of TrackMailBox. This data is used solely to provide tracking analytics to the sender and is not shared with any third parties. Recipients who wish to have their data removed may contact us at info@nomosinsights.com.

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide and maintain our Service: To operate the email tracking functionality
• Display analytics: To show your email engagement data in the dashboard
• Send notifications: To notify you when emails are opened or links clicked
• Improve our Service: To analyze usage patterns and optimize performance
• Security: To detect and prevent fraud, abuse, or unauthorized access
• Support: To respond to your inquiries and provide customer support

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following limited circumstances:

• With your consent: When you explicitly authorize us to share information
• Service providers: With trusted third parties who assist in operating our Service (e.g., hosting providers, analytics services)
• Legal requirements: When required by law, court order, or governmental regulation
• Protection of rights: To protect the rights, property, or safety of Nomos Insights, our users, or others

4. Data Security

We implement appropriate technical and organizational security measures to protect your data:

• All data is transmitted over HTTPS using TLS encryption
• Database connections are encrypted and access-controlled
• We use secure authentication via Google OAuth (we never see your Google password)
• Regular security audits and vulnerability assessments
• Access to personal data is restricted to authorized personnel only

5. Data Retention

We retain your data for as long as your account is active or as needed to provide you with our Service. You can delete your data at any time from the settings page in your dashboard, or by contacting us at info@nomosinsights.com.

Upon data deletion, all your email templates, recipients, and tracking data will be permanently removed from our active systems. Your account information will remain active unless you specifically request account closure. Some information may remain in our backups for a limited period for disaster recovery purposes.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request transfer of your data to another service
• Restriction: Request restriction of processing your data
• Objection: Object to the processing of your personal data
• Withdraw consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at info@nomosinsights.com.

7. Cookies and Tracking Technologies

We use minimal cookies for essential purposes:

• Authentication cookies: To keep you signed in to your account
• Preference cookies: To remember your settings and preferences

Our email tracking pixel does not use cookies. The tracking pixel is a simple 1x1 transparent image that logs when an email is opened, without storing any information on the recipient's device.

8. Third-Party Services

We use the following third-party services to operate our Service:

• Google OAuth: For secure authentication. Subject to Google's Privacy Policy.
• Cloudflare: For CDN, DDoS protection, and security. Subject to Cloudflare's Privacy Policy.

9. Children's Privacy

Our Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at info@nomosinsights.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from those in your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

For significant changes, we will provide additional notice via email or through our Service prior to the change becoming effective.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

By using TrackMailBox, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. This Privacy Policy is incorporated into and subject to our Terms of Service.