Privacy Policy

Last Updated: Sat, 4 October, 2025

Privacy Policy

Last Updated: [Current Date]
Effective Date: [Current Date]

1. Introduction and Overview

EvoxMails (“we,” “our,” “us,” or “the Platform”) is a comprehensive email marketing automation platform developed and operated by Cotlas Web Solution. We recognize that privacy is fundamental to our relationship with users and are deeply committed to protecting the confidentiality, integrity, and security of your personal information.

This comprehensive Privacy Policy meticulously outlines our practices concerning the collection, use, storage, processing, disclosure, and protection of information that we obtain through your use of our services, including our website, mobile applications, API integrations, and all related services (collectively, the “Services”).

By accessing or using EvoxMails, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, your choice is to not use our Services.

2. Detailed Information Collection

2.1 Account Registration Information

When you create an account with EvoxMails, we collect:

  • Personal Identifiers: Full name, business name, email address, telephone number
  • Professional Details: Job title, company size, industry sector, business type
  • Authentication Data: Encrypted passwords, security questions, two-factor authentication details
  • Communication Preferences: Marketing communication opt-ins, notification preferences, language settings

2.2 Billing and Payment Information

For premium services and subscriptions, we collect:

  • Payment Details: Credit card information (processed through PCI-compliant payment processors), billing history, invoice records
  • Billing Address: Street address, city, state, postal code, country, tax identification numbers where applicable
  • Subscription Data: Plan type, renewal dates, upgrade/downgrade history, payment method details

2.3 Technical and Usage Information

Automatically collected technical data includes:

  • Device Information: IP addresses, browser type and version, operating system, device type, unique device identifiers
  • Network Information: Internet service provider, connection type, bandwidth information
  • Usage Analytics: Feature usage patterns, session duration, clickstream data, error logs, performance metrics
  • Location Data: Generalized location information based on IP address, time zone settings

2.4 Customer Content and Campaign Data

As part of our service delivery, we process:

  • Subscriber Information: Email lists, contact details, demographic information, segmentation data
  • Campaign Content: Email templates, subject lines, body content, images, personalization tags
  • Performance Metrics: Delivery rates, open rates, click-through rates, conversion tracking, bounce analysis
  • Automation Data: Workflow configurations, trigger conditions, scheduled campaigns, A/B testing results

2.5 Communication Records

  • Support Interactions: Customer service tickets, chat transcripts, email correspondence, phone call recordings (where applicable)
  • Feedback and Surveys: User feedback, satisfaction ratings, product improvement suggestions
  • Marketing Communications: Email open/click data, campaign engagement metrics

3. Comprehensive Use of Information

3.1 Service Delivery and Operation

  • Account Management: Creating and maintaining user accounts, authentication, access control
  • Platform Functionality: Delivering core email marketing features, campaign management, automation workflows
  • Performance Optimization: Monitoring system performance, load balancing, infrastructure management
  • Technical Support: Troubleshooting issues, resolving technical problems, providing customer assistance

3.2 Business Operations and Improvement

  • Service Enhancement: Analyzing usage patterns to improve existing features and develop new functionality
  • Quality Assurance: Monitoring service quality, identifying areas for improvement, implementing enhancements
  • Research and Development: Conducting market research, developing new products, testing new features
  • Business Analytics: Analyzing business performance, user engagement, market trends

3.3 Communication and Marketing

  • Service Communications: Sending essential service announcements, policy updates, security alerts
  • Customer Support: Responding to inquiries, providing technical assistance, resolving issues
  • Marketing Outreach: Sending promotional materials, product updates, special offers (with explicit consent)
  • Educational Content: Providing tutorials, best practices, industry insights, training materials

3.4 Legal and Compliance

  • Regulatory Compliance: Meeting legal obligations, responding to lawful requests, complying with regulations
  • Fraud Prevention: Detecting and preventing fraudulent activities, security breaches, unauthorized access
  • Dispute Resolution: Addressing user complaints, resolving disputes, enforcing terms of service
  • Record Keeping: Maintaining business records, transaction history, compliance documentation

4. Data Sharing and Disclosure Practices

4.1 Service Providers and Partners

We engage carefully vetted third-party service providers who assist in delivering our Services:

Provider Category Purpose Data Shared
Cloud Infrastructure Hosting, storage, content delivery Account data, campaign content, subscriber lists
Payment Processors Payment processing, subscription management Billing information, transaction data
Analytics Services Usage analysis, performance monitoring Anonymized usage data, technical metrics
Customer Support Help desk services, user assistance Contact information, support tickets
Marketing Tools Communication management, campaign analytics Marketing preferences, engagement data

4.2 Legal Obligations and Protection

We may disclose your information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or governmental requests
  • Protect the security, integrity, and safety of our Services, users, or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our Terms of Service, including investigation of potential violations
  • Protect against harm to the rights, property, or safety of EvoxMails, our users, or the public

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for various purposes including:

  • Industry analysis
  • Demographic profiling
  • Marketing analytics
  • Business intelligence
  • Research purposes

5. Comprehensive Data Security Measures

5.1 Technical Security Safeguards

  • Encryption Protocols: Industry-standard TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
  • Network Security: Firewalls, intrusion detection systems, DDoS protection, regular security audits
  • Access Controls: Multi-factor authentication, role-based access permissions, principle of least privilege
  • Monitoring Systems: 24/7 security monitoring, real-time threat detection, automated alert systems
  • Vulnerability Management: Regular security patching, penetration testing, vulnerability assessments

5.2 Administrative Security Measures

  • Security Policies: Comprehensive information security policies, incident response plans, business continuity protocols
  • Employee Training: Regular security awareness training, background checks for employees with data access
  • Data Classification: Systematic data categorization, appropriate protection levels, retention scheduling
  • Third-Party Audits: Regular security assessments of vendors, contractual security requirements

5.3 Physical Security Controls

  • Data Center Security: Biometric access controls, 24/7 surveillance, environmental controls, redundant systems
  • Disaster Recovery: Geographic redundancy, regular backups, tested recovery procedures
  • Equipment Security: Secure disposal of storage media, asset tracking, inventory management

5.4 User Security Responsibilities

While we implement robust security measures, users are responsible for:

  • Maintaining the confidentiality of account credentials
  • Implementing strong, unique passwords
  • Enabling available security features (two-factor authentication)
  • Regularly monitoring account activity
  • Promptly reporting any suspicious activities

6. Data Retention and Deletion Policies

6.1 Retention Periods by Data Category

Data Category Retention Period Rationale
Account Information Duration of account + 30 days Service delivery, legal compliance
Billing Records 7 years from last transaction Tax, accounting, legal requirements
Subscriber Data Until deletion request or account closure Service functionality, user control
Technical Logs 2 years Security monitoring, troubleshooting
Marketing Data Until consent withdrawal Consent-based processing
Support Records 3 years from resolution Quality assurance, training

6.2 Data Deletion Procedures

  • User-Initiated Deletion: Immediate processing of deletion requests through account settings
  • Account Closure: 30-day grace period for data recovery before permanent deletion
  • Automated Cleanup: Regular removal of obsolete, redundant, or outdated information
  • Secure Erasure: Industry-standard data destruction methods for complete removal

6.3 Data Archiving

Certain information may be archived for:

  • Legal hold requirements
  • Regulatory compliance
  • Dispute resolution
  • Historical analysis (in anonymized form)

7. International Data Transfers

7.1 Global Operations

EvoxMails operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

7.2 Transfer Safeguards

We ensure appropriate safeguards for international data transfers through:

  • Standard Contractual Clauses: EU-approved model clauses for data transfers
  • Adequacy Decisions: Leveraging countries with adequacy determinations
  • Binding Corporate Rules: Internal policies for intra-company transfers
  • Supplementary Measures: Additional technical and organizational protections

7.3 Specific Regional Compliance

  • GDPR Compliance: Full adherence to General Data Protection Regulation requirements for EU/EEA users
  • CCPA/CPRA Compliance: California Consumer Privacy Act compliance for California residents
  • Other Jurisdictions: Compliance with local data protection laws in all operating regions

8. Your Rights and Choices

8.1 Access and Control Rights

  • Right to Access: Obtain confirmation of processing and access to your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of personal data under certain circumstances
  • Right to Restriction: Request limitation of processing in specific situations
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or direct marketing

8.2 Communication Preferences

  • Marketing Communications: Opt-out of promotional emails through account settings or unsubscribe links
  • Service Notifications: Manage essential service announcements and security alerts
  • Frequency Controls: Adjust communication frequency and delivery methods
  • Channel Preferences: Choose preferred communication channels (email, in-app notifications)

8.3 Cookie and Tracking Controls

  • Browser Settings: Manage cookies through browser preferences and settings
  • Opt-Out Mechanisms: Industry-standard opt-out tools for analytics and advertising
  • Do Not Track: Honor browser “Do Not Track” signals where technically feasible
  • Consent Management: Granular control over different cookie categories

8.4 Automated Decision Making

  • Transparency: Clear information about automated processing and logic involved
  • Human Intervention: Right to request human review of automated decisions
  • Challenge Rights: Ability to contest automated decisions and express your point of view

9. Cookies and Tracking Technologies

9.1 Detailed Cookie Classification

Cookie Type Purpose Examples Duration
Essential Core platform functionality Session management, security, load balancing Session to 1 year
Performance Analytics and improvement Usage statistics, feature performance 2 years
Functionality Personalization and preferences Language settings, layout preferences 1 year
Marketing Advertising and retargeting Campaign tracking, conversion measurement 1-2 years

9.2 Third-Party Tracking

We utilize various third-party services that may set cookies and tracking technologies:

  • Analytics Providers: Google Analytics, Mixpanel, Hotjar
  • Advertising Networks: Social media pixels, retargeting services
  • Customer Support: Live chat tools, help desk systems
  • Marketing Automation: Email marketing platforms, CRM integration

9.3 Mobile Tracking

Similar technologies in mobile applications include:

  • Mobile Analytics: App usage patterns, performance metrics
  • Push Notifications: Device tokens, notification preferences
  • Location Services: Generalized location data (with consent)

10. Third-Party Services and Integrations

10.1 Integrated Platform Services

EvoxMails integrates with numerous third-party services to enhance functionality:

  • Payment Processors: Stripe, PayPal, authorized.net
  • Cloud Services: AWS, Google Cloud, Microsoft Azure
  • Analytics Tools: Google Analytics, Amplitude, Segment
  • Communication Platforms: Twilio, SendGrid, Mailgun

10.2 API Integrations

Users may connect EvoxMails with external services through our API:

  • CRM Systems: Salesforce, HubSpot, Zoho
  • E-commerce Platforms: Shopify, WooCommerce, Magento
  • Social Media: Facebook, Twitter, LinkedIn integration
  • Custom Applications: User-developed integrations and custom connections

10.3 External Website Links

Our platform may contain links to external websites, applications, and services. This Privacy Policy does not apply to third-party practices, and we encourage users to review the privacy policies of any external sites they visit.

11. Children’s Privacy

11.1 Age Restrictions

EvoxMails is not intended for, designed for, or directed at children under the age of 16. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 16.

11.2 Protective Measures

  • Age Screening: Account creation processes designed to identify underage users
  • Parental Controls: Mechanisms for parental consent and control where applicable
  • Verification Procedures: Age verification for potentially underage users
  • Prompt Deletion: Immediate removal of discovered underage user information

11.3 Educational Resources

We provide resources for parents and educators about online safety and privacy protection for children.

12. Policy Updates and Changes

12.1 Update Procedures

We may update this Privacy Policy periodically to reflect:

  • Changes in our data practices and processing activities
  • Evolution of our Services and feature offerings
  • Legal and regulatory developments
  • Industry standards and best practices

12.2 Notification Methods

  • Email Notification: Direct communication for significant changes
  • Platform Alerts: In-app notifications and banners
  • Website Posting: Prominent posting on our website with version history
  • Advance Notice: Reasonable advance notice for material changes

12.3 Acceptance Mechanism

Continued use of our Services after changes become effective constitutes acceptance of the revised Privacy Policy. Users who do not agree with modifications should discontinue use of our Services.

13. Contact Information and Support

13.1 Primary Contact Details

For privacy-related inquiries, requests, and concerns:

Data Protection Officer
Cotlas Web Solution
7, Mangoe Lane
Kolkata, 700001
West Bengal, India
Email: support-evoxmail@cotlas.net
Response Commitment: Within 48 hours during business days

13.2 Regional Representatives

  • EU Representative: [Details if applicable for GDPR compliance]
  • UK Representative: [Details if applicable for UK GDPR compliance]
  • Other Jurisdictions: Local representatives as required by regional laws

13.3 Complaint Resolution

We are committed to resolving complaints about our collection or use of your personal information. Users with inquiries or complaints should first contact us at the details provided above.

13.4 Regulatory Authorities

Users have the right to lodge complaints with relevant data protection authorities:

  • Information Commissioner’s Office (ICO) – UK
  • Data Protection Commission – Ireland
  • Commission Nationale de l’Informatique et des Libertés (CNIL) – France
  • Federal Data Protection and Information Commissioner (FDPIC) – Switzerland
  • Other local supervisory authorities as applicable

14. Specific Legal Frameworks

14.1 GDPR Compliance (EU/EEA)

For users in the European Union and European Economic Area:

  • Lawful Bases: Clear identification of processing legal bases (consent, contract, legitimate interests)
  • Data Protection Officer: Designated DPO contact information
  • International Transfers: Appropriate safeguards for extra-EEA data transfers
  • Individual Rights: Comprehensive rights fulfillment procedures

14.2 CCPA/CPRA Compliance (California)

For California residents:

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Procedures for deletion requests
  • Right to Opt-Out: Sale and sharing opt-out mechanisms
  • Non-Discrimination: Assurance of equal service regardless of privacy choices

14.3 Other Jurisdictions

Compliance with specific requirements of:

  • PIPEDA (Canada)
  • LGPD (Brazil)
  • PDPA (Thailand, Singapore)
  • APP (Australia)
  • Other applicable regional data protection laws

15. Definitions and Interpretation

15.1 Key Terminology

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data (collection, recording, organization, etc.)
  • Controller: The entity that determines purposes and means of processing
  • Processor: The entity that processes data on behalf of the controller
  • Consent: Freely given, specific, informed, and unambiguous indication of wishes

15.2 Interpretation Rules

  • Section headings are for convenience only and do not affect interpretation
  • Examples are illustrative and not exhaustive
  • “Including” means “including without limitation”
  • References to laws and regulations include amendments and successors

Acceptance and Acknowledgment

By using EvoxMails, you explicitly acknowledge that:

  1. You have read and understood this Privacy Policy in its entirety
  2. You consent to the collection, use, and sharing of your information as described herein
  3. You agree to be bound by the terms and conditions of this Privacy Policy
  4. You understand your rights and how to exercise them
  5. You accept our commitment to continuous privacy improvement and compliance

EvoxMails – Powered by Cotlas Web Solution
Enterprise-Grade Email Marketing Solutions with Uncompromising Privacy Standards

This Privacy Policy is effective as of the date stated above and replaces all previous versions. We recommend reviewing this policy regularly to stay informed about our privacy practices.