Is MailCraft really free?

Yes — MailCraft is free forever with unlimited subscribers, campaigns, templates, and workspaces. No credit card required. Enterprise plans are available for on-premise deployment and white-labeling.

Can I use my own SMTP server?

Absolutely. MailCraft supports custom SMTP configuration with full DKIM, SPF, and DMARC authentication. Connect any SMTP provider including Amazon SES, SendGrid, Postmark, or your own mail server.

How does the AI email template generation work?

MailCraft uses leading AI models (OpenAI, Anthropic Claude, Google Gemini) to generate complete HTML email templates from a simple text prompt. Specify your tone, style, and content — the AI handles the rest.

Does MailCraft support GDPR and CAN-SPAM compliance?

Yes. MailCraft includes automatic one-click unsubscribe links, physical address footers, full data portability exports, right-to-deletion with audit trails, and AES-256 encryption for all stored credentials.

Privacy Policy

Name: MailCraft
Availability: InStock
Author: STEPlus

Last updated: March 1, 2026

1. Introduction

STEPlus Technologies ("Company", "we", "us") operates the MailCraft email marketing platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data transparently.

2. Information We Collect

2.1 Account Information

When you register through our identity platform, we collect your name, email address, and authentication credentials. If you create or join a workspace, we store your role and membership information.

2.2 Subscriber Data

When you import or manage subscribers, we process and store the data you provide, including email addresses, names, custom fields, tags, and engagement history. You are the data controller for subscriber data; we act as the data processor.

2.3 Email Content

We store the email templates, campaign content, subject lines, and HTML bodies you create. AI-generated content is processed by third-party AI providers and stored within your workspace.

2.4 Campaign Analytics

When your subscribers interact with emails sent through the Service, we collect tracking data including opens, clicks, link URLs and timestamps. This data is used to provide you with campaign analytics.

2.5 SMTP Credentials

If you configure custom SMTP servers, we store your SMTP host, port, username, and password. SMTP passwords are encrypted at rest using AES-256-GCM encryption and are never stored in plaintext.

2.6 Usage Data

We automatically collect information about your interactions with the Service, including pages visited, features used, browser type. This data is used to improve the Service.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process and deliver your email campaigns
Generate campaign analytics and deliverability reports
Provide AI-powered template generation and spam analysis
Authenticate your identity and manage workspace access
Send you service notifications and security alerts
Detect and prevent fraud, abuse, and policy violations
Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

SMTP providers: Your email content is transmitted through your configured SMTP servers to deliver campaigns
AI providers: Email content may be sent to AI services (OpenAI, Anthropic, Google, or other configured providers) for template generation when you use AI features
Workspace members: Other members of your workspace can access shared templates, campaigns, and subscriber data based on their role permissions
Legal requirements: We may disclose information if required by law, subpoena, or government request

5. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS/SSL), encrypted storage for sensitive credentials (AES-256-GCM), role-based access controls, and secure authentication. While we strive to protect your information from unauthorized access, no method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

6. Data Retention

We retain your account data for as long as your account is active. Campaign analytics data is retained for the lifetime of the campaign. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Subscriber data you upload is deleted when you remove it or when your account is terminated.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your personal data
Export your data in a portable format
Object to or restrict processing of your data
Withdraw consent where processing is based on consent

To exercise these rights, contact us.

8. Subscriber Privacy

As a MailCraft user, you are responsible for obtaining proper consent from your subscribers before adding them to your lists and sending them emails. You must provide a clear privacy policy to your own subscribers explaining how their data is used. You must honor unsubscribe requests promptly. We provide tools such as one-click unsubscribe links and compliance features to help you meet these obligations.

9. Cookies and Tracking

The Service uses essential cookies for authentication and session management. We use local storage for user preferences such as theme settings and sidebar state. We do not use third-party advertising cookies. Campaign tracking (opens and clicks) uses tracking pixels and redirect URLs as part of the core email analytics functionality.

10. International Data Transfers

Your data may be processed in countries other than your country of residence. We ensure that appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws, including standard contractual clauses where required.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on the Service. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us.