FROSTSENDER

Privacy Policy

Last updated: May 10, 2026

1. Introduction

This Privacy Policy describes how FrostSender ("we," "our," or "us") collects, uses, and protects information when you visit frostsender.com, create an account, or use our services. FrostSender is a cold-outreach platform that lets authenticated users send and schedule email campaigns from their own connected email accounts.

2. Information We Collect

We collect only the information needed to operate the service:

  • Account information: name, email address, password (hashed), and billing details if applicable.
  • Campaign content you create: subject lines, message bodies, sequence steps, and recipient lists you upload.
  • Sending metadata: send timestamps, opens, clicks, replies, bounces, and deliverability events for emails you send through the platform.
  • Connected email account credentials, encrypted at rest. For Google accounts this is either an OAuth refresh token or a Gmail App Password, depending on how you connected.
  • Standard web logs: IP address, browser, OS, and pages visited, retained for security and abuse-prevention purposes.

3. Google API Services and Gmail Data

FrostSender's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect a Google account, FrostSender requests the following OAuth scope:

  • https://www.googleapis.com/auth/gmail.send — used solely to send the campaign messages you have composed and queued in FrostSender, on your behalf, from your own Gmail account.

We explicitly do not use the gmail.send scope, or any other Gmail OAuth scope, to:

  • Read, search, scan, or index the contents of your inbox, sent folder, drafts, or any other Gmail folder.
  • Send messages other than those you have explicitly composed and scheduled in FrostSender.
  • Send on behalf of any party other than the account holder who completed the OAuth grant.
  • Train, improve, develop, or otherwise feed any artificial-intelligence or machine-learning model with the contents of your Gmail account or messages obtained via Google APIs.
  • Transfer your Gmail data to any third party for purposes unrelated to providing or improving the FrostSender service to you.
  • Serve advertising of any kind based on your Gmail data.

For warmup engagement signals (open detection, reply detection, spam-folder rescue), FrostSender may use a Gmail App Password supplied by you for IMAP access. App Passwords are independent of OAuth, are encrypted at rest, and are revocable from your Google Account settings at any time. The IMAP path is used only against inboxes you have explicitly added to your warmup pool, and only to operate the warmup workflow you enabled.

4. How We Use Information

We use information solely to:

  • Operate the FrostSender service: deliver your campaign messages, log delivery outcomes, surface analytics in your dashboard, and run the warmup workflow you enabled.
  • Authenticate you, secure your account, and prevent abuse.
  • Provide customer support when you contact us.
  • Send transactional notifications (account, billing, security) related to your use of the service.
  • Comply with our legal obligations.

We do not sell personal information. We do not use Gmail message contents or recipient data for advertising, profiling, or model training.

5. Sharing of Information

We share information only with the infrastructure providers strictly necessary to operate the service: our hosting provider (Vercel), database provider (Supabase), and queue/cache provider (Upstash Redis). These providers process data on our behalf under written agreements that restrict use to providing services to FrostSender. We do not share your data with advertisers, data brokers, or any third party for their own marketing or profiling purposes. We may disclose information in response to a valid legal process or to protect the rights, property, or safety of FrostSender, our users, or the public.

6. Data Retention

Account and campaign data is retained for the lifetime of your FrostSender account so the service can continue to operate. When you delete your account, we delete or anonymize your personal data, connected email account credentials, and campaign history within 30 days, except where a longer retention period is required by law (for example, billing records). You may request earlier deletion of specific data via info@frostsender.com. Refresh tokens and IMAP App Passwords are deleted immediately when you disconnect the corresponding inbox in FrostSender.

7. Security

All connected email account credentials (OAuth refresh tokens, IMAP App Passwords) are encrypted at rest using AES-256-GCM. Data in transit is protected with TLS 1.2 or higher. Access to production systems is restricted to a small number of authorized personnel and gated by multi-factor authentication. While no system is perfectly secure, we apply industry-standard safeguards proportional to the sensitivity of the data.

8. Your Choices and Rights

You can at any time:

  • Disconnect a Google account from FrostSender via your account settings; this revokes the refresh token and deletes any associated App Password.
  • Revoke FrostSender's access to your Google account directly at myaccount.google.com/permissions.
  • Request access to, correction of, or deletion of personal data we hold about you, subject to verification.
  • Export your campaign and recipient data via the dashboard or by request.

Depending on your jurisdiction (EU/EEA, UK, California, etc.), you may have additional statutory rights. Contact info@frostsender.com to exercise any of them; we respond within 30 days.

9. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to remember UI preferences. We do not use third-party advertising cookies, tracking pixels, or cross-site fingerprinting.

10. Children's Privacy

FrostSender is not directed to individuals under 18 and we do not knowingly collect data from minors. If we learn we have collected data from a minor, we delete it promptly.

11. International Transfers

FrostSender operates from and stores data in the United States. By using the service from outside the U.S., you consent to the transfer and processing of your data in the United States.

12. Changes to this Policy

If we make material changes to this Privacy Policy we will update the "Last updated" date and, where the change affects how we handle your data, notify you by email or in-app banner before the change takes effect.

13. Contact

For questions or requests relating to this Privacy Policy, contact us at info@frostsender.com.

beta v1.0