Privacy Policy

MergeBird is built so that your email content never reaches our servers. This page explains exactly what does and doesn't happen to your data.

What we store on our servers

• License/usage: an identifier for your Microsoft account, your plan, and a monthly count of sends. No message content, ever.
• Billing: handled by Stripe. We store a Stripe customer ID; Stripe stores payment details. We never see your card number.
• Optional tracking (off by default): aggregate counts only — no recipient identities, no message content.

What we never receive

• Email subjects or bodies
• Recipient email addresses or names
• Attachments (shared or per-recipient)
• Your spreadsheet / CSV data

Where your data lives

• In the add-in (your device): templates, recipient data, column mappings, suppression list, and send progress, in local browser storage. Clear it any time by resetting a campaign or clearing the add-in's site data.
• In your Microsoft 365 mailbox: messages you send appear in your Sent Items, exactly like any other email.

Sending & permissions

To send on your behalf, MergeBird requests the minimum Microsoft Graph permission, Mail.Send (and Mail.Send.Shared only if you choose a shared mailbox). You can revoke access at any time from your Microsoft account.

Tracking (optional)

If you enable open/click tracking, MergeBird stores only aggregate counts keyed by a random campaign ID — no personal data. Open tracking is unreliable in modern mail clients, so we present it as approximate. The default is off.

Third parties

• Microsoft (Graph / Exchange Online): delivers your mail — it is your own mailbox.
• Stripe: payment processing.
• DigitalOcean: hosts the add-in assets and the license/tracking backend.

Your rights & contact

Email hello@mergebird.app for any request, including deletion of your license/usage record. We respond to verified requests promptly.

Changes

We'll update this page and the "last updated" date whenever this policy changes.