Thanks for using TinyLetter. This policy explains the what, how, and why of the information we collect when you use TinyLetter. It also explains the specific ways we use and disclose that information. We never sell lists or email addresses. Because TinyLetter is run by the MailChimp team, you'll see some MailChimp references throughout this policy.
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we," "us," and "MailChimp,” we’re referring to The Rocket Science Group, LLC d/b/a MailChimp, a State of Georgia limited liability company. When we say “you” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services.
We provide online platforms that you may use to create, send, and manage emails (the “Services”). We offer the Services on our websites http://www.mailchimp.com, http://www.tinyletter.com, and http://www.mandrill.com (each a “Website” and together the “Websites”). In the course of providing the Services, we may collect Personal Information, which means information about a Member. A "Distribution List" is a list of email addresses that one of our Members has sent, or intends to send, emails to, and all information relating to those email addresses.
If you have any questions or comments, or if you want to update, delete, or change any Personal Information you’ve submitted on the Website, please use our contact form to get in touch. You may also contact us by postal mail at:
512 Means St. Suite 404
Atlanta, GA 30318
If you’re not satisfied with our response you can contact TRUSTe.
We may use and disclose your Personal Information only as follows:
When you send email marketing, it bounces around from server to server as it crosses the internet. Along the way, server administrators can read what you send. Email wasn’t built for confidential information. If you have something confidential to send, please don’t use MailChimp.
Your subscriber lists are stored on a secure MailChimp server. We don’t, under any circumstances, sell your lists, contact people on your lists, market to people on your lists, steal your lists, or share your lists with any other party, unless it’s required by law. If someone on your list complains or contacts us, we may then contact that person. Only authorized employees have access to view Distribution Lists. You may export (download) your lists from MailChimp at any time, as long as we have a copy.
We’ll use and disclose the information in your Distribution Lists only for the reasons listed under Use of Your Personal Information, except the following. (In other words, we will not use and disclose the information in your Distribution Lists to):
Nobody’s safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your Distribution Lists, then MailChimp will notify you as soon as possible and later report the action we took in response.
To protect your information, our credit card processing vendor uses the latest 128-bit Secure Socket Layer (SSL) technology for secure transactions. Our vendor is certified as compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC).
MailChimp accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Distribution Lists is so sensitive, account passwords are encrypted, which means we can’t see your passwords. We can’t resend forgotten passwords either. We’ll only reset them.
MailChimp complies with the U.S.–E.U. and U.S.–Swiss Safe Harbor Framework, which is overseen by the U.S. Department of Commerce and covers the collection, use, and retention of personal data from European Union member countries and Switzerland. We certify that we follow the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes.
We only store data about you for as long as it’s reasonably required to fulfill the purposes that gave us the right to access it in the first place. We keep some data indefinitely, relating to when and where Emails were sent, which bounced, which resulted in a complaint, and similar information, because we use it to help us screen out people who violate SPAM laws, and for other reasons explained in this policy.
We’ll give you access to any Personal Information about you that we hold within 30 days of any request for that information you make by emailing firstname.lastname@example.org. Unless it’s prohibited by law, we’ll remove any Personal Information about you from our servers at your request.
Updated March 15, 2013