Privacy Policy

This Privacy Policy explains how Temway ("we", "us") collects, uses, and protects your information when you use our visual email builder and related services (the "Service"). By using the Service, you agree to the practices described here.

1. Information We Collect

Account information

We use Google to authenticate sign-in. When you create an account, we receive the name, email address, and profile picture associated with your Google account.

Workspace and team data

To enable collaboration, we store workspace names, team member email addresses and roles, and the email addresses of people you invite to join a workspace.

Content you create

We store the emails, layouts, branding settings, and images you upload while using the Service. Images you upload are stored in our cloud storage. You own your content — see our Terms of Service.

Billing information

Payments are processed by our payment service provider, LemonSqueezy. We do not collect or store your full card number. We receive subscription status, plan, and transaction records from LemonSqueezy to manage your account.

Transactional and test emails

We send invitation, welcome, and test emails on your behalf through our email delivery provider, Resend. This involves processing the recipient email address, subject line, and email content you provide for those messages.

Technical and operational data

We collect standard technical data such as IP addresses, browser type, and usage information in operational logs used to run, secure, and troubleshoot the Service. We also maintain an audit log of activity within each team, retained according to your plan (30, 90, or 365 days).

2. How We Use Information

  • To provide, maintain, and improve the Service;
  • To create and manage your account, workspaces, and team memberships;
  • To process subscription payments and enforce plan limits;
  • To send transactional messages you request (invitations, test sends, account notices);
  • To monitor for abuse, fraud, and security issues; and
  • To comply with our legal obligations.

For users in the European Economic Area, the United Kingdom, and Switzerland, we process personal data under the following lawful bases under the GDPR:

  • Performance of a contract — to provide the Service you signed up for;
  • Legitimate interests — for security, fraud prevention, and service improvement;
  • Consent — for any non-essential communications or features we add; and
  • Legal obligation — where we are required to retain records.

4. Service Providers

We rely on trusted third parties to operate the Service:

  • Google — account sign-in (Google OAuth) and web fonts;
  • LemonSqueezy — payment and subscription processing;
  • Resend — transactional and test email delivery;
  • Cloud hosting and storage providers — to host the Service and store uploaded files.

Each provider processes data on our behalf under appropriate terms and is bound to protect it.

5. Cookies and Similar Technologies

We use only the cookies strictly necessary to operate the Service and keep you signed in. We do not use advertising cookies or sell data to advertisers. Third-party tools such as Google Fonts may set their own cookies when loaded in your browser; consult their policies for details.

6. Data Retention

We keep your information for as long as your account is active or as needed to provide the Service. Audit logs are retained according to your plan. When you delete your account or workspace, we remove associated content within a reasonable period, except where we must retain records to comply with legal obligations.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access, correct, or delete your personal data;
  • Restrict or object to certain processing;
  • Receive a copy of your data in a portable format; and
  • Withdraw consent at any time where processing relies on it.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law.

8. Security

We use reasonable technical and organizational measures to protect your information, including encrypted authentication tokens, access controls, and regular monitoring. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. International Transfers

Your information may be processed in countries other than your own. Where this involves a transfer out of your jurisdiction, we rely on appropriate safeguards such as standard contractual clauses to help protect your data.

10. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. The "Last updated" date above reflects when it was last revised.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at [email protected].