Privacy Policy
LAST UPDATED: JULY 6, 2026
1. Who we are
ColdOps ("we", "us") provides monitoring, alerting, and reporting software for cold email agencies ("the Service"). This policy explains what data we collect, why, and how we handle it. Questions: support@coldops.io.
2. Data we collect
Account data: your email address, password (hashed by our authentication provider), and agency name.
Connected platform data: when you connect a sending platform (e.g. Instantly) we store the API key you provide, encrypted with AES-256-GCM, and use it to read campaign names, aggregate campaign statistics (sends, opens, replies, bounces, opportunities), and mailbox account status. We do not read the content of your emails and we do not store your leads' personal contact data.
Client records you create: client names, company names, and the contact details you choose to store for sending weekly updates.
Usage data: product events (e.g. sync completed, report generated) and standard web analytics to improve the Service.
Billing data: payment is processed by Stripe. We never see or store full card numbers.
3. How we use data
To provide the Service: syncing campaign metrics, detecting issues, sending the alerts and digests you configure, and generating AI summaries. Campaign metrics are shared with our AI provider (Anthropic) solely to generate the summaries you request; they are not used to train models. We do not sell your data. We do not use your data for advertising.
4. Subprocessors
Supabase (database & authentication), Vercel (hosting), Stripe (payments), Resend (transactional email), Anthropic (AI summaries). Each processes data only as needed to provide their service to us.
5. Security
All traffic is encrypted in transit (TLS). Platform API keys are encrypted at rest with AES-256-GCM and are never displayed after entry. Database access is isolated per agency with row-level security. Deleting a connection permanently destroys its stored key; deleting your account removes your data within 30 days.
6. Data retention & your rights
We retain synced metrics while your account is active. You may export or request deletion of your data at any time by emailing support@coldops.io. If you are in the EEA/UK, you have the rights provided by the GDPR (access, rectification, erasure, portability, objection); we act as processor for the campaign data you connect and as controller for your account data.
7. Changes
We will notify account holders by email of material changes to this policy at least 14 days before they take effect.