MailWell Privacy Policy

When a merchant installs or uses MailWell, we collect the information needed to provide the MailWell AI Email Studio. This can include the Shopify shop domain, shop identifier, app installation state, granted access scopes, selected Shopify catalog and store context, product and collection details, product images, brand settings, generated email projects, version history, brief options, brand standards, export metadata, billing status, and AI credit usage.

If a merchant connects Klaviyo, MailWell stores the Klaviyo private API key in encrypted form so the merchant can publish custom HTML templates. The key is not returned to the browser after it is saved.

MailWell may also process support messages, app review messages, and operational logs needed to troubleshoot the service. We do not intentionally collect payment card details; Shopify manages app billing through Shopify App Pricing or Shopify Billing.

MailWell does not request customer or order scopes from Shopify and is not designed to store individual store customer records, customer addresses, order histories, payment details, or fulfillment data.

Generated email content may include merchant-provided campaign language, product references, discount text, images, links, or other content entered by a merchant. Merchants should avoid placing sensitive personal information in prompts, briefs, generated email copy, or uploaded reference material.

We use collected information to authenticate installed Shopify shops, load relevant product and brand context, generate and revise email creative, render previews, save email versions, export email-safe HTML, publish Klaviyo templates when requested, enforce plan and AI-credit limits, provide support, prevent abuse, improve reliability, and comply with Shopify and legal requirements.

MailWell is an email creative and export tool. It does not send marketing campaigns, manage subscriber lists, run automations, or track recipient engagement for merchants.

MailWell uses AI providers to generate and revise email plans, copy, and layouts from merchant-provided instructions and selected store context. AI requests can include the campaign brief, selected products, brand standards, generated email content, and reference material that the merchant chooses to provide.

We design MailWell to send only the context needed for the requested AI task. Merchants are responsible for making sure they have the right to submit any content or reference material they provide to MailWell.

We share information with service providers that help us operate MailWell, including hosting, database, AI generation, error monitoring, support, and email-platform integration providers. These providers are used to run the service and are not permitted by us to use merchant data for their own independent marketing.

When a merchant chooses to connect Klaviyo or publish a Klaviyo template, MailWell sends the necessary template content and authentication request to Klaviyo on that merchant's behalf.

We may disclose information if required to comply with law, protect the security or integrity of MailWell, respond to valid legal process, or enforce our rights.

MailWell uses administrative, technical, and organizational safeguards intended to protect merchant data. Shopify access state, studio data, generated email versions, and integration records are stored in server-side systems. Integration secrets are encrypted before storage.

No method of transmission or storage is perfectly secure. If we learn of a security incident that affects merchant data, we will take appropriate steps to investigate, mitigate, and notify affected parties as required.

We keep merchant data for as long as needed to provide MailWell, comply with legal obligations, resolve disputes, maintain security, and support legitimate business operations.

When a shop uninstalls MailWell, we disable stored Shopify access state and stop using the app to access that shop. When Shopify sends a shop/redact request, MailWell deletes the stored shop record and associated shop-level workspace data, including generated email projects, version history, brand settings, brief options, export metadata, integration records, cached catalog context, and AI credit ledger rows, subject to any legally required retention.

Merchants can request deletion of MailWell project data, brand settings, brief options, export metadata, and integration records by contacting support@usemailwell.com.

MailWell responds to Shopify's mandatory privacy webhooks, including customers/data_request, customers/redact, and shop/redact. Customer-level requests are acknowledged because MailWell does not currently request customer or order scopes or store customer records.

Shop-level redaction requests remove the shop record so database cascade rules erase associated shop-level workspace records, subject to legally required retention.

Merchants can uninstall MailWell from the Shopify admin, disconnect Klaviyo from MailWell settings, remove generated content from their workspace, or contact us to request access, correction, export, or deletion of data associated with their shop.

If you are a customer of a Shopify merchant using MailWell, contact the merchant directly to exercise privacy rights related to that merchant's store. Shopify may route certain privacy requests to installed apps through its required privacy webhook process.

We may update this Privacy Policy as MailWell changes or as legal, operational, or Shopify App Store requirements evolve. The effective date at the top of the page shows when this policy was last updated.