Skip to main content
Emailens
Get Started
Back to home

Privacy Policy

Last updated: March 24, 2026

Introduction

Emailens ("we", "us", "our") operates the emailens.dev website and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Emailens, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

Information we collect

Information you provide

  • Account information — when you sign in with Google or GitHub, we receive your name, email address, and profile picture from the OAuth provider.
  • Email content — when you use the preview feature, you submit HTML, React Email JSX, or MJML source code. This content is processed to generate previews and is stored for authenticated users (30-day retention).
  • Newsletter subscription — if you subscribe to our newsletter, we collect your email address. This is stored separately from your account and is used only to send you occasional email development tips.
  • Payment information — if you subscribe to a paid plan, payment is processed by Polar.sh. We do not store credit card numbers or payment details directly.

Information collected automatically

  • Usage data — we track the number of previews you generate per day to enforce plan limits. This is stored as an aggregate count, not individual request logs.
  • Analytics data — OpenPanel (self-hosted) collects anonymous, aggregated page view and interaction data. No personally identifiable information is included.
  • Log data — our hosting provider (Vercel) may collect standard server logs including IP addresses, browser type, and request timestamps. These are retained per Vercel's data retention policies.

Figma Plugin

When you use the Emailens Figma plugin, the following data is collected:

  • Design content — the plugin reads the structure, text, images, and styles of the Figma frame you select. This content is sent to the Emailens API for HTML conversion and preview rendering. Design content is not stored persistently unless you create a share link.
  • Uploaded images — images extracted from your Figma design are uploaded to Cloudflare R2 for use in the generated email HTML. These images are automatically deleted after 30 days.
  • Plugin telemetry — the plugin sends anonymized usage events (e.g., "preview started", "conversion completed") to help us improve the plugin. Telemetry includes frame dimensions, node counts, and error messages but no personally identifiable information and no design content.
  • Rate limiting identifier — for anonymous users (without an Emailens account), we use your IP address or Figma user ID solely for rate limiting (15 previews per day). This identifier is not stored long-term.
  • API key — if you sign in via the plugin, a plugin-specific API key is generated and stored in Figma's client storage on your device. The key is hashed before storage in our database and can be revoked from your Emailens dashboard at any time.

How we use your information

  • Provide the Service — process your email source code, generate previews, and deliver compatibility reports.
  • Authentication — manage your account, maintain your session, and associate previews with your account.
  • Usage enforcement — track daily preview counts against your plan limits.
  • Service improvement — analyze anonymous usage patterns to improve features, fix bugs, and optimize performance.
  • Communication — send service-related emails such as account verification, plan changes, or critical security notices. If you subscribe to our newsletter, we send periodic email development content. We do not send unsolicited marketing emails.
  • Security — detect and prevent abuse, fraud, and unauthorized access through rate limiting and monitoring.

How we share your information

We do not sell your personal information. We share data only in the following circumstances:

  • Service providers — we use third-party services to operate Emailens:
    • Vercel — application hosting
    • OpenPanel — self-hosted, privacy-friendly analytics
    • Supabase — database hosting (PostgreSQL)
    • Cloudflare R2 — screenshot storage
    • Browserless — screenshot rendering
    • Polar.sh — payment processing and subscription management
    • Upstash — rate limiting via Redis (receives anonymized IP hashes and user IDs for request throttling)
  • Share links — if you create a share link for a preview, the preview content (per-client transformed HTML, compatibility scores, dark mode variants, and analysis reports) becomes accessible to anyone with the link. Share links expire based on your plan (24 hours for free, 7 days for Dev, permanent for Pro).
  • Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request.

Data retention

  • Preview data — stored for 30 days from creation for authenticated users, then automatically deleted. Unauthenticated preview data is processed server-side but not persisted in our database. Screenshots generated during any preview (authenticated or not) may be temporarily stored in Cloudflare R2.
  • Account data — retained as long as your account is active. If you delete your account, we remove your personal data within 30 days.
  • Screenshots — stored in Cloudflare R2 with the same 30-day retention as preview data.
  • Usage counts — daily usage records are retained for billing and abuse prevention purposes.
  • Newsletter emails — retained until you unsubscribe. You can unsubscribe at any time by replying to any newsletter email or contacting us.

Data security

We implement appropriate technical and organizational measures to protect your information, including:

  • All data in transit is encrypted via HTTPS/TLS.
  • Database connections use encrypted connections to Supabase.
  • API keys are hashed before storage and cannot be retrieved in plaintext.
  • Session tokens use secure, HTTP-only cookies with SameSite protection.
  • Rate limiting and IP-based throttling protect against abuse.

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your rights

Depending on your location, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate personal data.
  • Erasure — request deletion of your personal data and account.
  • Portability — request your data in a structured, machine-readable format.
  • Objection — object to processing of your personal data for specific purposes.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Children's privacy

Emailens is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe we may have collected data from a child, please contact us at [email protected].

International data transfers

Your information may be transferred to and processed in countries other than your country of residence. Our service providers (Vercel, Supabase, Cloudflare) operate globally. When we transfer data, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact us

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].

See also: Terms of Service / Cookie Policy