Flick MailMergeSEND SMARTER · GROW FASTER
Sign in
The Trust Page

Your data, treated like our own.

Flick MailMerge is a small, focused tool. We hold the minimum data needed to send your mail well — encrypted at rest, isolated per user, never sold or rented.

Last updated · 2026-04-30 v4 · Studio EU-aligned · GDPR-friendly
🛡️

Privacy

What we collect, what we don't, who we share with.

🔒

Security

Encryption, sessions, audit log, infrastructure.

📜

Terms

Service, billing, cancellation, liability, law.

§ 01 · Privacy

What we collect, what we don't.

We hold the minimum needed to send mail and run your account. Nothing is sold or rented; nothing is read for advertising.

📋

What we collect

  • Account basics — username, email, password (hashed), plan, daily cap
  • Provider tokens — Gmail / Outlook OAuth refresh + access tokens, encrypted
  • Recipient lists you upload (CSV / XLSX / Sheets)
  • Send activity — timestamps, recipient, subject, status, opens, clicks, replies, bounces
  • Audit events — sign-in attempts, IP, user-agent, ID-mismatch flags
  • Operational logs — error traces, request IDs (kept ≤ 30 days)
🚫

What we don't

  • The body of your recipients' replies (we count, not store)
  • Your provider account password — OAuth only, never on our wire
  • Tracking pixels for our marketing on this page (none)
  • Data sold or rented to third parties · ever
  • Cross-site fingerprinting or third-party advertising cookies
🔁

Third parties & sub-processors

  • DigitalOcean — application hosting (containerised, BLR1 region)
  • PostgreSQL — managed database on the same private network
  • Google & Microsoft — OAuth providers (you authorise scope)
  • Let's Encrypt — TLS certificates for HTTPS

We use no analytics, no ad networks, no session-replay tools.

🍪

Cookies

  • session — keeps you signed in (HttpOnly, Secure, SameSite=Lax)
  • csrf — anti-CSRF token for write actions
  • mm-theme — local-storage only, your colour preference

That's the entire cookie list. No tracking, no advertising IDs.

🧾

Your rights

  • Access — export every row tied to your account
  • Correction — fix inaccuracies in profile, contacts, settings
  • Deletion — wipe your account & all derived data within 7 days
  • Portability — JSON / CSV export of campaigns & recipients
  • Objection — stop processing anytime by signing out / cancelling

Reach: info@codeftech.com

🗓️

Data retention

  • Active account — kept while you use the service
  • Cancelled account — full wipe within 7 days, including backups
  • Audit log — 24 months (regulatory traceability)
  • Operational error logs — 30 days, anonymised IPs
🔐

Google user data — Limited Use

Flick MailMerge's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • gmail.send / gmail.compose — to send and draft your personalised campaign emails from your own mailbox
  • gmail.readonly — to read delivery status and detect replies/bounces for your campaigns
  • spreadsheets.readonly — to import recipient lists you choose from Google Sheets

Your Google data is used only to provide these features — never for advertising, never sold or transferred to third parties. No human reads your Gmail content; access is automated, except with your consent (e.g. support), for security/abuse investigation, or to comply with law.

§ 02 · Security

Built so we can't see your secrets.

Every credential — provider tokens, SMTP passwords — is sealed with Fernet AES-128 before it touches the database. Single-session, idle auto-logout, and a full audit log on top.

🔐

Encryption at rest

OAuth tokens, refresh tokens, SMTP passwords and any user-uploaded credentials are encrypted with Fernet (AES-128-CBC + HMAC-SHA256) using a per-deployment key held outside the database.

  • Postgres column-level encrypted blobs
  • Per-deployment master key, rotated yearly
  • Backups inherit the same encryption
🔁

Encryption in transit

TLS 1.3 only, on every endpoint, with HSTS preloaded. We refuse old ciphers, refuse plain HTTP, and refuse mixed content.

  • Cloudflare TLS termination
  • HTTP → HTTPS at the edge
  • HSTS · max-age 1 year
👤

Single-session enforcement

One active login per ID. Signing in elsewhere kicks the previous session immediately — and the audit log records both events with IP and user-agent.

  • Session tokens · server-stored · invalidated on rotate
  • ID-match rule — connected mailbox must equal assigned email

Idle auto-logout

5-minute inactivity timer with a 60-second warning. Tab visibility checks fire on return so a session left open overnight is killed before you blink twice.

  • Client + server enforced (heartbeat every 20s)
  • Graceful warning UI, "Stay signed in" recovery
📜

Audit log

Every authentication event, password change, OAuth connect/disconnect, and impersonation request is appended to an immutable activity log with IP, user-agent, and detail string.

  • 24-month retention
  • Visible to admins for forensics
🛡️

Operational hardening

  • Auth-storm circuit breaker (rate-limit on /login)
  • Auto-purge of stale OAuth tokens
  • Bcrypt password hashing (Werkzeug default rounds)
  • CSRF tokens on every write endpoint
  • Postgres-only architecture (no shared file state)
📤
You connect

Standard Gmail / Outlook sign-in returns a refresh token to our server.

OAuth 2.0
🔐
We seal it

Fernet encrypts the token with a per-deployment master key before it touches Postgres.

AES-128-CBC
📨
We send mail

For each dispatch we decrypt in memory, send via your provider, then forget the plaintext token.

In-memory only
§ 03 · Terms of service

A small set of plain rules.

By using Flick MailMerge, you agree to the following. None of it is exotic.

Service description
Flick MailMerge is a multi-tenant tool for sending personalised mail through your own Gmail, Outlook, or SMTP mailbox. Provided on a subscription basis, no warranty of fitness beyond the published feature list.
Acceptable use
No spam, no phishing, no malware payloads, no harvested address lists, no scraped emails without consent. We reserve the right to suspend any account whose recipients consistently mark mail as junk, or whose campaigns trigger rate-limit cascades on Gmail / Outlook.
Subscription & billing
Plans renew monthly or annually. Invoices issued via Stripe. Pricing changes communicated 30 days in advance. Refunds within 14 days of first payment, pro-rata thereafter at our discretion.
Cancellation
Cancel anytime from your profile. Service runs until the end of the current billing period. Account & derived data wiped within 7 days; audit log retained 24 months for regulatory traceability.
Uptime & SLA
Best-effort 99.5% monthly uptime on Team and Bureau plans. Solo is best-effort, no SLA. Scheduled maintenance announced ≥ 48 hours in advance.
Limitation of liability
To the maximum extent permitted by law, our aggregate liability is capped at the fees you paid in the 12 months preceding the claim. No liability for incidental, consequential, or punitive damages, including lost profits or sender reputation.
Changes to these terms
Substantive changes notified by email and a banner inside the tool ≥ 14 days before they take effect. Continued use after the effective date constitutes acceptance.
Governing law
These terms are governed by the laws of India, without regard to conflict-of-laws principles. Disputes resolved in the courts of Bengaluru, Karnataka.
Contact
Code Flick Technologies · info@codeftech.com · codeftech.com

Questions about anything on this page?

Email us in plain language — we'll respond in plain language.