Back home

Legal

Privacy Policy

Last updated

This Privacy Policy explains how Work Reactor Inc., operating as Unitpost (“Unitpost,” “we,” “us,” or “our”), collects, uses, and protects personal information when you use our website, API, dashboard, and related services (the “Service”).

Unitpost is email infrastructure for developers. Two very different kinds of data flow through us, and we treat them differently: the account data you give us to run your account, and the recipient and message data you send through us to deliver email. For the latter we act only as your processor — we handle it on your instructions and never sell it.

01Scope: controller vs. processor

Data-protection laws distinguish between a controller (who decides why and how data is processed) and a processor(who processes data on a controller’s behalf). Unitpost plays both roles:

  • We are the controller of the information about you as our customer — your account details, billing information, support conversations, and how you use the dashboard and website.
  • We are a processor for the personal data contained in the emails you send — recipient addresses, names, message content, and the resulting delivery, open, and click events. You are the controller of that data; we process it solely to provide the Service to you and as described in our Terms of Service.

If you received an email delivered through Unitpost and want to know how your data is used or exercise your rights, please contact the sender (our customer) — they control that data. We will support our customers in responding to those requests.

02Information we collect

Information you provide

  • Account information. Your email address, name, and workspace/organization details. Unitpost signs in with a one-time passcode by email (and optionally SMS) — we do not store passwords.
  • Billing information. Plan selection and billing contact details. Card payments are handled by our payment processor, Stripe; Unitpost does not store full card numbers.
  • Sending configuration. Sending domains, DNS/DKIM records, API keys (stored only as a hash), webhook endpoints, templates, and suppression entries.
  • Support & communications. Messages you send us and any information you choose to include.

Information collected automatically

  • Usage & log data. IP address, browser and device type, pages and features used, timestamps, and diagnostic data, used to operate, secure, and improve the Service.
  • Sending activity. Records of API calls, message events (queued, sent, delivered, bounced, complained, opened, clicked), and rate-limit and abuse signals tied to your account.

03How we use information

  • Provide, maintain, and secure the Service and your account.
  • Deliver the emails you send and provide deliverability analytics, logs, and webhooks.
  • Process payments, manage subscriptions, and enforce plan limits.
  • Detect, prevent, and investigate fraud, spam, and abuse, and enforce our Terms and Acceptable Use rules.
  • Communicate with you about your account, security, and service-related notices.
  • Send product or marketing messages where permitted — you can opt out at any time; account and transactional notices are not optional.
  • Comply with legal obligations and enforce our agreements.

04Recipient & message data

When you send email through Unitpost, we process the recipient addresses and message content you supply purely to deliver that email and give you the associated logs and analytics. We act as your processor for this data and do not sell it or use it for our own marketing. We do not read the content of your messages except as needed to operate the Service — for example automated scanning to prevent spam, phishing, and abuse, or to troubleshoot a delivery issue.

You are responsible for having a lawful basis (such as consent) to email your recipients and for honoring unsubscribe and suppression requests. Unitpost maintains suppression lists to help prevent sending to addresses that have bounced, complained, or unsubscribed.

05Cookies & analytics

We use strictly necessary cookies to keep you signed in and to operate the dashboard securely; the Service will not function properly without them. We do not use advertising cookies and we do not sell your information for advertising.

We may use privacy-respecting, first-party or aggregate analytics to understand how the website and dashboard are used and to improve them. Where such analytics are added, we will keep this policy current and, where required by law, present a cookie choice.

06How we share information

We share personal information only as described here:

  • Subprocessors. Vendors that process data on our behalf to run the Service (see below), under contracts that require appropriate safeguards.
  • Legal & safety. When required by law, to enforce our Terms, or to protect the rights, property, or safety of Unitpost, our users, or the public.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, with notice consistent with this policy.

We do not sell personal information, and we do not share your recipients’ data except to deliver the Service you asked for.

07Subprocessors

We use the following subprocessors to provide the Service. We may update this list as our infrastructure evolves and will keep this page current.

SubprocessorPurposeLocation
Amazon Web Services (AWS)Cloud hosting, email delivery (SES), file/object storage (S3), encryption key management (KMS), and content delivery (CloudFront)United States
SupabasePrimary application database and authenticationUnited States
StripePayment processing and subscription billingUnited States
InngestBackground job and event processing for email sendingUnited States
TwilioDelivery of one-time passcodes over SMS (where enabled)United States

08Data retention

We keep account information for as long as your account is active and as needed to provide the Service. Message logs and event data are retained according to your plan’s retention window; after that they are deleted or aggregated. Message content is retained only as long as needed to deliver it and support the Service.

You can delete your account at any time from your settings, which removes your workspace data. We may retain limited information as required for legal, tax, accounting, security, and anti-abuse purposes.

09Security

We apply industry-standard safeguards, including encryption of data in transit and at rest, encryption of sensitive credentials (such as DKIM keys) with managed keys, hashing of API keys, signed webhooks, rate limiting, and access controls. No method of transmission or storage is completely secure, but we work continuously to protect your information.

10International transfers

We operate primarily in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States and other countries. Where required, we rely on appropriate safeguards such as the Standard Contractual Clauses for such transfers.

11Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. To exercise these rights for data we control, contact us at legal@unitpost.com. For recipient data we process on a customer’s behalf, please contact that customer.

12GDPR (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases: performance of a contract (to provide the Service), our legitimate interests (to secure and improve the Service and prevent abuse), consent (where required, e.g. certain marketing), and compliance with legal obligations. You have the right to lodge a complaint with your local supervisory authority. When we process recipient data, we do so as your processor under our Terms, which incorporate our data-processing commitments.

13California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it, to request deletion or correction, and to not be discriminated against for exercising your rights. We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. To make a request, contact us at legal@unitpost.com.

14Children's privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

15Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised policy.

16Contact us

Questions about this policy or our data practices? Reach us at legal@unitpost.com.

Work Reactor Inc.
2055 Limestone Road STE 200-C
Wilmington, DE 19808
United States