Privacy Policy / Cookies Policy

Last Update: 23/03/2026 – this is an automatic translation for your convenience, original source

Introduction

This privacy policy is written in accordance with French Law No. 78-17 of January 6, 1978 (known as the “Data Protection Act” or “LIL”) and the General Data Protection Regulation (“GDPR”) No. 2016/679.

This policy is organized into three distinct parts:

Part 1 concerns the processing of personal data carried out by MailerPress as the data controller in connection with the management of its website www.mailerpress.com.
Part 2 concerns the processing of personal data carried out within the framework of the MailerPress solution (corrective maintenance and support).
Part 3 constitutes the Cookie Policy applicable to the website www.mailerpress.com.

Table of Contents

PART 1 – Data processing by MailerPress as data controller

MailerPress, acting as data controller, processes personal data as part of its activities, including the management of its website www.mailerpress.com, the marketing and management of subscriptions to the MailerPress solution, customer relations, technical support, and communication and marketing activities.

1.1 Purpose of the policy

This policy informs you of the characteristics of these processing operations and your rights regarding your personal data.

1.2 Data Controller

The data controller is MailerPress, a French limited company (SAS) with a share capital of 1000 euros, whose registered office is located at 5 rue Pierre de Coubertin, 40110 MORCENX-LA-NOUVELLE, registered with the Mont de Marsan Trade and Companies Register under number 100118645. The legal representative of MailerPress is Mr. Aurélien Denis.

The contact email address is: [email protected]

1.3 Persons concerned

This policy applies to the following individuals:

Customers of our online store
Individuals who contact us using the website’s contact form
Individuals who subscribe to our newsletter
Individuals who join our affiliate program
Website visitors (connection data and tracking technologies)

1.4 Purposes and legal bases for processing

Treatment	Purposes	Legal basis
Managing subscription orders on the online store	– Order management (with and without subscription)	Execution of the contract (the order placed by the client)
Customer area management	– Access to license key – Support tickets: opening and past tickets + AI chatbot (chatbase) – Personal data update – Newsletter subscription management	Contract execution (the subscription)
Customer Relationship Management	– Transactional and onboarding emails – Communications	Contract execution (the subscription)
Handling inquiries via the contact form	– Receiving and processing requests – Answering questions	Legitimate interest (enabling online communication) or performance of pre-contractual measures or of the contract
Support service ticket management	– Opening and tracking tickets – Support via AI chatbot and form	Contract execution
Technical site management	– Hosting – Security – Maintenance	The company has a legitimate interest in ensuring the proper functioning, security and availability of its website.
Managing trackers (cookies)	– Functionality cookies – Personalization cookies (language selection) – Matomo audience measurement cookies – YouTube embedded video playback cookies	Legitimate interest for functional cookies; consent for other cookies
Affiliate program management	– Program enrollment – Affiliate tracking and commission payments	Contract with affiliated persons
Newsletter subscription management	– Subscription and unsubscription – Sending of the newsletter	Spontaneous subscription by the subscriber or, for existing customers, the company’s legitimate interest in informing its customers of its news and offers
Customer loyalty and marketing initiatives	– Customer loyalty initiatives – Marketing to customers and prospects	The company has a legitimate interest in promoting its offerings, either to professionals by virtue of their role or to existing customers (similar products/services).
Product improvement	– Collection of pseudonymized usage statistics for the plugin	The company has a legitimate interest in improving its product.

1.5 Categories of personal data collected

Treatment	Categories of data collected
Managing subscription orders on the online store	– Identification data (surname, first name, postal address, email address, telephone number, VAT for sole proprietorships) – Connection data – Customer type: professional or personal – Transaction data (order details, purchase history, payment methods)
Managing the customer area on the website	– Identification data (surname, first name, email address, postal address) – Login data – Order and invoice list – License key – List of licensed managed sites – Bank details (last 4 digits and expiry date of the bank card) – Support ticket data
Customer Relationship Management	– Identification data (surname, first name, email address, postal address) – Login data – License key
Handling inquiries via the contact form	– Identification data (surname, first name, email address, telephone number if applicable) – Message content
Support service ticket management	– Identification data (name, surname, email address) – Content of exchanges – Technical data related to the problem
Technical management of the website (hosting, security)	– Connection data: IP addresses, connection logs, device identifiers, timestamp information
Managing trackers (cookies)	– Connection data: IP address, browser and version, operating system, pages visited, timestamp – For third-party cookies (YouTube, Twitter, Google): data according to their respective policies
Affiliate program management	– Identification data (name, surname, email address) – Tracking data (customers brought in, commissions)
Newsletter subscription management	– Identification data (surname, first name, email address) – Connection data (registration date, click history on links)
Customer loyalty and marketing initiatives	– Identification data (name, surname, email address) – Connection data (click history)
Product improvement (pseudonymized usage statistics)	– Pseudonymized instance identifier (hash) – Usage statistics (number of campaigns, number of contacts per range) – Technical errors encountered

1.6 Data retention periods

Data undergoing processing is kept for a period not exceeding that necessary for the purposes for which it is recorded (principle of minimization of processing).

The maximum storage times are as follows:

Treatment	Shelf life
Managing subscription orders on the online store	5 years from the end of the contract. Connection data: maximum 45 days.
Customer area management	Active subscription duration + 14 months, then automatic cancellation
Customer Relationship Management	Active subscription duration + 5 years. Connection data: maximum 45 days.
Handling inquiries via the contact form	12 months from the date of application
Support service ticket management	Active subscription duration + 14 months, then automatic cancellation
Technical management of the website (hosting, security)	Connection data: maximum 45 days
Managing trackers (cookies)	Consent validity period: maximum 13 months. Data collected by trackers: maximum 25 months.
Affiliate program management	5 years from the end of the affiliation
Newsletter subscription management	A maximum of 3 years from the date of collection or the last contact from the person (e.g., clicking on a hyperlink in an email)
Customer loyalty and marketing initiatives	3 years from the date of data collection, last contact or last click by the individual
Product improvement (pseudonymized usage statistics)	24 months from the date of collection

1.7 Mandatory or optional nature of data collection

The data collected is mandatory for the purposes of processing.

For online orders, the data collected is required for the conclusion and execution of the order (contract).

1.8 Data Sources

The data is transmitted directly by the person concerned.

1.9 Data Recipients

Sauf loExcept when necessary for the provision of our services, we do not share your data with third parties.

However, please be aware that we use external service providers for certain activities:

our hosting provider;
our website security and protection provider;
our customer support and pre-sales chat provider;
our artificial intelligence provider for the chatbot;
our provider for sending transactional emails and mailings;
our online payment service providers.

These providers may have access to certain data about you, strictly within the limits of

1.10 AI Chatbot

As part of our support service, you have the option to interact with an AI-powered chatbot from your customer account.

When you use this chatbot, your interactions are processed by a third-party AI solution (Chatbase) to provide you with automated assistance. The data exchanged (content of your messages, information related to your request) is transmitted to this provider to enable the service to function.

Please note that you are interacting with artificial intelligence and not with a human agent. You can always choose to use the standard contact form to communicate directly with our support team.

1.11 Security Measures

MailerPress, as the data controller, implements appropriate technical and organizational measures to ensure a level of security commensurate with the risk.

We implement security measures to protect your data, such as the HTTPS protocol. We regularly monitor our systems to detect potential vulnerabilities and attacks. However, this does not allow us to guarantee the absolute security of your data.

We take measures to ensure that any natural person acting under the authority of the data controller or the data processor, who has access to personal data, does not process it except on the instructions of the data controller, unless legally obligated to do so.

1.12 Transfers outside the European Union

MailerPress may transfer personal data outside the European Union, particularly to the United States, through the use of certain technical service providers (Stripe, PayPal, Cloudflare, Helpscout, Chatbase).

These transfers are governed by:

the EU-US Data Privacy Framework for certified providers;

standard contractual clauses adopted by the European Commission;

any other appropriate safeguards as provided for in Article 46 of the GDPR.

1.13 Automated decision-making

The treatment does not include fully automated decision-making.

1.14 Rights of the persons concerned

The data subject may define instructions regarding the storage, erasure, and communication of their personal data after their death. These instructions may be general or specific.

The data subject also has the right to access, object to, rectify, restrict, erase, and, under certain conditions, transfer their personal data. The data subject has the right to withdraw their consent at any time if consent constitutes the legal basis for the processing.

You may object at any time to the use of your data for marketing purposes, including profiling related to such marketing. To unsubscribe from our newsletter, you can click on the unsubscribe link in each email or contact us directly.

The request must include the data subject’s full name, email or postal address, and be signed and accompanied by a valid proof of identity.

She can exercise these rights by contacting: MailerPress Company – Mr. Aurélien Denis – email: [email protected]

1.16 Complaint

The person concerned by a processing has the right to lodge a complaint with the supervisory authority (CNIL).

PART 2 – Data Processing – MailerPress Solution

This section is for MailerPress customers.

It concerns the processing of personal data carried out in connection with the MailerPress subscription (WordPress plugin).

2.1 Processing activities for which the Client is the data controller

2.1.1 General principle

The MailerPress plugin is a technical tool that is installed within the Client’s WordPress environment. Personal data processed via the plugin is stored in the Client’s database, hosted on their own server. MailerPress does not have access to this data and does not intervene in the relationship between the Client and their contacts.

For all personal data processing carried out via the MailerPress plugin as described in this section, the Client (or, in the case of an agency, the end user who publishes the website) is the data controller within the meaning of the GDPR.

MailerPress is neither the data controller nor the data processor for this processing. It provides a technical tool, the use of which is the sole responsibility of the Client.

2.1.2 Using the plugin and managing contacts

When the Client uses the MailerPress plugin to manage contacts, organize mailing lists, segment audiences, and send marketing email campaigns, they process personal data under their sole responsibility.

Contact data (names, email addresses, segmentation data, etc.) is stored in the Client’s WordPress database. This data does not pass through MailerPress’s servers and is not accessible to them.

The Client is responsible for ensuring their own data processing complies with the GDPR, particularly regarding the lawfulness of their contact databases, informing data subjects, and respecting their rights.

2.1.3 Campaign tracking data

The MailerPress plugin allows the Client to receive and display tracking data for their email campaigns: opens, clicks, unsubscribes, IP addresses, and interaction timestamps.

This tracking data is displayed and stored by the plugin in the Client’s WordPress database.

MailerPress does not receive, store, or have access to the Client’s campaign tracking data. This data remains entirely within the Client’s environment.

The Client is solely responsible for processing this tracking data. In particular, they are responsible for defining the data retention periods, informing their contacts about this tracking, and respecting their rights (especially the right to object and the right to erasure).

The plugin also manages the unsubscription of contacts who have exercised their right to object. The Client is responsible for ensuring that these unsubscriptions are effectively processed.

2.1.4 Connections to third-party services and artificial intelligence APIs

The MailerPress plugin allows the Client to connect to third-party services:

email marketing providers (e.g., Brevo, Mailchimp, etc.);
WordPress extensions (e.g., WooCommerce);
artificial intelligence APIs (e.g., OpenAI, Gemini, Mistral, DeepSeek, etc.) for content creation and image generation features.

These connections are established directly between the Client’s WordPress site and the relevant third-party services, without going through MailerPress’s servers.

The Client uses its own API keys and accounts with these providers. The decision to enable a connection to a third-party service rests solely with the Client. AI features and connections to third-party services are disabled by default and are only activated by a deliberate action from the Client.

Consequently, when the Client enables these connections, the third-party providers become subcontractors of the Client (and not of MailerPress). It is the Client’s responsibility to ensure the compliance of these providers, in particular by verifying the existence of data protection guarantees (DPA, standard contractual clauses, certifications).

The plugin interface clearly indicates the providers and models used for the AI features, enabling the Client to make informed decisions.

2.1.5 Client’s Obligations as Data Controller

For all processing activities described in this section 2.2, the Client is solely responsible for data processing within the meaning of the GDPR. As such, it is responsible for:

informing data subjects (contacts, subscribers, customers) about the processing activities carried out via its own privacy policy;
ensuring the lawfulness of its contact databases and the legal basis for each processing activity;
defining and implementing the retention periods for all data processed via the plugin;
responding to requests from data subjects to exercise their rights (access, rectification, erasure, objection, data portability);
verifying the compliance of any third-party service providers to which it chooses to connect the plugin;
ensuring data security within its own environment (WordPress site, hosting, database);
and, where applicable, managing any data transfers outside the European Union resulting from its choice of service providers.

2.2 MailerPress as a subcontractor

2.2.1 Definition of a subcontractor

A data processor, according to the GDPR, is a person who, alone or jointly, processes personal data on behalf of a data controller.

In some cases, the data processor, in turn, subcontracts all or part of the processing to a sub-processor in a chain of sub-processors.

2.2.2 Role of MailerPress

La société MailerPress réalise des traitements de données dans le cadre de la maintenance corrective et du support MailerPress processes data as part of corrective maintenance and technical support for the MailerPress solution.

When MailerPress performs this processing, it acts:

either as a data processor, directly on your behalf. The website on which MailerPress works is yours, and you are the data controller;
or as a sub-processor. The website on which MailerPress works is your client’s website. In this case, your client is generally the data controller for the website’s activities, and you act as a data processor. MailerPress then becomes a sub-processor.

In both cases, you are the data controller with respect to MailerPress (as MailerPress has no direct relationship with your client).

Therefore, MailerPress cannot access the data.

2.2.3 Processing Instructions

Purpose and objective of the processing

The purpose of this service is corrective maintenance of the MailerPress solution, specifically fixing any bugs that may appear on a website following the solution’s configuration.

The service may also include assistance with implementing a new feature.

It is important to note that, as part of this maintenance, MailerPress does not access personal data stored on the website. Data will only be consulted if absolutely necessary.

Your instructions for this service are as follows:

Create a temporary administrator account on the Client’s website, using a dedicated email address for this service.
Log in to the website’s back office or the server.
Perform the necessary fixes to the MailerPress plugin.
Assist with the plugin installation.
Inform the Client when the service is complete.

Important: When creating a temporary administrator account, the password will be provided via an internal note in MailerPress’s ticketing system (Helpscout). Following the intervention, the Client agrees to delete the administrator account created for maintenance purposes.

Nature of operations: Consultation, correction, and updating. MailerPress does not access personal data stored on the Client’s website. Only occasional data access is performed, without modification or extraction.

Categories of data potentially involved: Depending on the Client’s website configuration, MailerPress may need to access identification data (name, surname, email), contact data (address, telephone number), connection data (usernames, logs), contact list data (emails, segmentation), or campaign data (history, statistics) stored in the website’s database.

Categories of people concerned: Administrators of the Client’s WordPress site, users of the MailerPress plugin, Client’s contacts/subscribers (mailing lists), site visitors (if logs are consulted).

2.2.4 Data Retention

Exchanges related to support tickets opened for maintenance purposes are retained for the duration of the active subscription plus 14 months.

Personal data used to access the website (or server) is retained only for the time necessary to perform the maintenance.

Following the intervention, MailerPress deletes all access data (usernames, passwords, access URLs) from its systems. It does not make any copies of personal data stored on the Client’s website.

2.2.5 Customer Obligations

The Client, in its capacity as Data Controller for MailerPress, undertakes to comply with all obligations incumbent upon it under the General Data Protection Regulations, including, when acting as a data processor, the instructions of its own client.

The Client specifically undertakes to delete the temporary administrator account created by MailerPress on its website (or that of its client) as soon as the maintenance ticket is closed. This deletion is the sole responsibility of the Client.

The Client undertakes to indemnify MailerPress against any judgment and any financial consequences to which it may be exposed as a result of the Client’s failure to comply with its obligations.

2.2.6 MailerPress Obligations

MailerPress is committed to complying with all its obligations under data protection regulations.

These obligations are detailed below:

Compliance with treatment instructions

MailerPress, as a data processor, undertakes to strictly comply with your written instructions regarding the use of personal data. In particular, MailerPress is prohibited from processing any personal data that is not expressly provided for herein.

Use of cascading subcontracting

MailerPress uses Helpscout as a subcontractor for managing support tickets.

When MailerPress uses another subcontractor to perform specific processing activities on behalf of the Client, the same data protection obligations as those set forth herein apply to that other subcontractor by contract, particularly regarding providing sufficient guarantees for the implementation of appropriate technical and organizational measures.

If that other subcontractor fails to fulfill its data protection obligations, MailerPress remains fully liable to you for the other subcontractor’s performance of its obligations.

Obligation to provide aid and assistance

MailerPress takes into account the nature of the processing and assists you, through appropriate technical and organizational measures, in fulfilling your obligation to respond to requests from data subjects exercising their rights under Chapter III of the GDPR.

MailerPress helps you ensure compliance with the obligations set out in Articles 32 to 36, taking into account the nature of the processing and the information available to it.

MailerPress provides you with all the necessary information to demonstrate compliance with the obligations set out herein.

Audit

You may, at your own expense, conduct or have conducted, by any service provider of your choice bound by professional secrecy, during the term of this agreement, audits relating to MailerPress’s compliance with its obligations regarding the processing of personal data. This right to conduct an audit is limited to one audit per year, except in exceptional circumstances.

You undertake to notify us in writing of any audit assignment with a minimum of ten (10) calendar days’ notice, specifying the purpose of the assignment, the name of the expert, and the anticipated duration of the assignment, it being understood that this may not exceed four (4) days.

The auditor must cause minimal disruption to MailerPress’s operations.

A copy of the audit report prepared by the auditor will be provided to each party and will be discussed jointly.

If this audit confirms that MailerPress has failed to meet its obligations, the company will bear the audit costs and implement, at its own expense, the necessary corrective measures within thirty (30) business days of receiving the audit report. Except as provided above, the audit costs will remain your responsibility.

Obligation to provide information

MailerPress will inform you as soon as possible, as soon as it becomes aware of it, if, in its opinion, an instruction constitutes a violation of the regulations relating to the protection of personal data.

Confidentiality obligation

MailerPress is bound by a confidentiality agreement and will not disclose personal data to any third party, whether free of charge or for payment, except as required for the provision of its services.

MailerPress ensures that individuals authorized to process data are bound by confidentiality agreements or are subject to an appropriate confidentiality obligation.

Notification in case of personal data breach

MailerPress undertakes to notify you as soon as possible and as soon as it becomes aware of any breach or security vulnerability affecting personal data and to provide you with the information necessary to allow you to inform the supervisory authority and, if necessary, the persons concerned.

Transfers of personal data outside the European Union

MailerPress may transfer personal data outside the European Union, particularly to the United States, in connection with the use of Helpscout for managing support tickets. These transfers are governed by:

the EU-US Data Privacy Framework for certified providers;

standard contractual clauses adopted by the European Commission;

any other appropriate safeguards provided for in Article 46 of the GDPR.

Processing register

MailerPress keeps a register of subcontracting processing activities at your disposal and will provide it upon request.

2.2.7 Security – Allocation of Responsibilities

The MailerPress plugin is installed in the Client’s WordPress environment. Personal data is stored in the Client’s database, on their hosting. This architecture implies distinguishing four levels of responsibility regarding data security:

Level	Perimeter	Person in charge	MailerPress company obligation
1. MailerPress plugin	Code, business logic, interface, connections to third-party services	MailerPress	Yes (articles 25 and 32 of the GDPR)
2. Third-party provider APIs *	Availability and security of APIs (emailing, AI)	Third-party service providers	No *
3. Client’s WordPress Site	WordPress version, other plugins, installed themes	Client (ou agency)	No
4. Client Accommodation	Server, database, SSL, backups, firewall	Host + Client	No

* The Client uses their own API key and account with the service provider (e.g., the Client’s OpenAI account). The service provider is a subcontractor of the Client, not of MailerPress.

MailerPress is responsible for the security of the plugin (level 1) and commits to:

Develop secure code that adheres to WordPress best practices (protection against SQL injection, XSS vulnerabilities, CSRF vulnerabilities, validation and sanitization of user input);
Encrypt sensitive data stored by the plugin (API keys, authentication tokens), which is never stored in plain text in the database;
Secure connections to third-party services (only HTTPS calls, SSL certificate validation, no data stored in transit on intermediate servers);
Respect the WordPress role and permission hierarchy (access to sensitive functions is restricted to the administrator);
Do not transmit any personal data to MailerPress by default (except for pseudonymized or anonymized data for plugin improvement);
Ensure that the plugin’s deletion functions have a real effect on the database, without leaving any personal data residue.

The following are not the responsibility of MailerPress (levels 2 to 4):

Element	Person in charge	Comments
Hosting Security	Hosting Provider + Client	Choosing a reliable and secure hosting provider
Website SSL Certificate	Client	Updated versions of WordPress, themes, and plugins
WordPress Updates	Client	Up-to-date versions of WordPress, themes and plugins
Security of Other Plugins	Client	Audit of installed third-party plugins
Administrator access management	Client	Strong passwords, account restrictions
Backup and restore plan	Hosting Provider	Backup and Restore Plan
Firewall and DDoS protection	Hosting Provider	Protection infrastructure

2.2.8 Coordinates

MailerPress Company – Mr. Aurélien Denis – Email: [email protected]

3.1 Purpose of the charter

When you visit our website www.mailerpress.com, cookies (and other tracking technologies) are placed or read on the device you are using (your computer, mobile phone, or tablet).

This policy explains what types of cookies we use and for what purposes.

We also explain your rights regarding these cookies and how you can exercise them.

This policy provides additional information to that found in the cookie banner you see when browsing our website.

This Cookie Policy is written in accordance with French Law No. 78-17 of January 6, 1978 (known as the “Data Protection Act” or “LIL”) and the General Data Protection Regulation (“GDPR”) No. 2016/679.

3.2 Definition of cookies

A cookie is a tracking technology. When a user browses a website, it allows the collection of personal information about them.

When a user uses their computer, cookies are managed by their web browser (Internet Explorer, Firefox, Safari, or Google Chrome).

There are other types of tracking technologies besides cookies (e.g., web beacons, fingerprinting, local storage, Flash cookies).

Some cookies are internal to the website, while others are third-party cookies placed on the site by third-party companies.

For simplicity, we will use the term “cookies” in this policy to refer to different types of tracking technologies.

A cookie can collect various personal data about you, such as your computer’s IP address, the browser used, the date and time of connection, the pages visited on the site, etc.

Generally, five types of cookies can be used on a website:

Cookies necessary for the website to function
Cookies for personalizing content based on usage
Analytical cookies (to measure website traffic)
Advertising cookies
Social media sharing cookies

3.3 Types of cookies used

The types of cookies we use on this website are as follows:

Cookies that enable and facilitate the website’s operation (managed by the Complianz plugin)
Cookies for content personalization (language selection)
Audience measurement cookies. We use Matomo. Visitor IP addresses are not anonymized. This setting requires the user’s prior consent before these trackers are placed.
Cookies for playing embedded videos (YouTube). These cookies are placed when you watch an embedded video on our site. The YouTube/Google privacy policy can be found here: https://policies.google.com/privacy?hl=fr&gl=fr

In accordance with Article 82 of the French Data Protection Act of January 6, 1978, users are informed about the processing of personal data carried out through cookies.

This policy fulfills this obligation to provide information.

Furthermore, for cookies requiring user consent, consent is obtained when a cookie banner appears on the website.

Until the user has been informed and has given their explicit consent, this type of cookie is not placed or read on their device.

Consent is requested for each type of cookie (by purpose).

The list of third-party cookie providers is provided at the time consent is obtained.

Users have the option to postpone their choice and decide later. Until their consent is given, no cookies requiring consent are placed.

Users have the option to refuse the placement of these cookies.

Users can withdraw their consent at any time, just as easily as they gave it.

Cookies have a maximum lifespan of 13 months. After this period, consent is requested again.

Users are informed that they can disable cookies by configuring their internet browser:

If users wish to delete cookies stored on their device and configure their browser to refuse cookies, they can do so via their internet browser’s preferences.

These cookie settings are usually found in the browser’s “Options,” “Preferences,” or “Tools” menus.

For more information on applicable cookie regulations, users can consult the following links:

https://www.cnil.fr/fr/cookies-et-autres-traceurs-la-cnil-publie-de-nouvelles-lignes-directrices

https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000038783337

3.5 Rights of the persons concerned