emcognito BETAemail collector
Sign inGet started

Privacy Policy

Last updated: March 2026

1. Who we are

emcognito ("we", "us", "our") operates the email collection service available at ec.emcognito.com. We provide a hosted API that allows website owners ("owners") to collect newsletter subscriber email addresses from their websites.

2. Data we collect

From owners (account holders)

  • Email address — used to send magic-link login emails and to identify your account.
  • Site origin URL — the domain you register to label and organize your subscriber lists.

From end subscribers (collected on behalf of owners)

  • Email address — the primary field submitted via the subscribe form.
  • Name — optional field submitted via the subscribe form.
  • Confirmation status — whether the address confirmed its double-opt-in, and timestamps.

Developer & deliverability data (for owners using the API)

  • API keys — secret API keys are stored only as a SHA-256 hash; the plaintext is shown once at creation.
  • Webhook endpoints — the URLs you register and their signing secrets, used to deliver subscriber events.
  • Bounce/complaint suppressions — addresses that hard-bounced or marked our mail as spam are recorded so we stop emailing them.

We do not collect payment information from subscribers, and we do not store subscriber IP addresses alongside subscriber records or use subscriber data for advertising or profiling. Our public marketing pages use first-party analytics (see "Cookies and analytics" below).

3. How we use your data

  • Owner email addresses are used solely to authenticate you via magic link and to contact you about your account.
  • Subscriber data is stored on behalf of the owner whose site collected it. We do not use subscriber email addresses for any purpose of our own (no marketing, no selling, no profiling).

4. Data storage and security

All data is stored in AWS DynamoDB in the us-east-1 region. Data is encrypted at rest and in transit. Authentication tokens are single-use and expire automatically via DynamoDB TTL.

5. Data retention

  • Subscriber records are retained until the owner deletes them or closes their account.
  • One-time authentication tokens expire automatically (typically within 15 minutes to 24 hours) and are then purged.
  • Owner accounts and all associated subscriber data are deleted upon account deletion request.

6. Data sharing

We do not sell, rent, or share personal data with third parties, except:

  • AWS — infrastructure provider (DynamoDB storage, SES email delivery).
  • As required by law or to protect our legal rights.

7. Your rights

If you are an owner, you may request deletion of your account and all associated data at any time by contacting us. If you are a subscriber and wish to be removed from an owner's list, contact the owner of the website where you subscribed.

8. Cookies and analytics

The emcognito app stores authentication state in sessionStorage for the duration of your browser session only — it does not use cookies for login. Our public marketing pages load Google Analytics, which may set first-party analytics cookies to measure aggregate site usage; this is not applied to subscriber data collected on owners' sites.

9. Contact

For privacy-related questions or data deletion requests, contact us at hello@wm.emcognito.com.