Bottled
← Back to Home

Privacy Policy

Last updated: March 2026

Your Privacy Matters

Bottled is committed to protecting your privacy. This policy explains what data we collect and how we use it to provide our email forwarding and sending service.

Data We Collect

To provide our service, we collect and store:

  • Google Account Data: Your name, email address, and profile picture via Google OAuth for authentication
  • Domain Information: Domains you register and their DNS verification status
  • Email Addresses: Custom email addresses you create and their forwarding destinations
  • Email Metadata: Basic information about emails you send and receive (sender, recipient, subject, timestamp) for logging purposes
  • Payment Information: Subscription status and plan tier are stored in our database. Payment details are processed by Stripe; we never store credit card numbers
  • API Keys: Stored as SHA-256 hashes in our database. Raw API keys are shown only once at the time of generation
  • Usage Metrics: Monthly sent and received email counts, and API call counts, tracked per your plan tier for limit enforcement

Email Content

We do not store the content of emails you send or receive:

  • Incoming emails are forwarded via Cloudflare Email Routing directly to your destination address
  • Outgoing emails are sent via Amazon SES and are not stored on our servers
  • Email content passes through but is not retained or analyzed

Email Content Modification

Outgoing emails sent on the Starter plan include a small branded footer appended to the message body. This footer is automatically removed on paid plans (Studio and Agency).

Data Retention

Email history (metadata only, not content) is retained based on your plan tier:

  • Free: 3 days
  • Pro: 30 days
  • Business: 90 days

After the retention period, email log entries are permanently deleted and cannot be recovered. Account data is retained while your account is active. If you delete your account, we will remove your personal data within 30 days, except where required by law to retain it.

Payment Processing

Payments for paid plans are processed by Stripe, Inc. We receive subscription status updates but never access or store your full payment details. For more information on how Stripe handles your data, please review Stripe's Privacy Policy.

Third-Party Services

Bottled uses the following third-party services:

  • Google OAuth: For user authentication
  • Cloudflare Email Routing: For receiving and forwarding emails
  • Amazon SES: For sending emails
  • Stripe: For payment processing
  • Neon PostgreSQL: For storing account and configuration data
  • Vercel: For hosting and analytics

Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS
  • Database connections use encrypted connections
  • Authentication tokens and API keys are securely hashed
  • Access to production systems is strictly controlled

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data

Contact

For privacy-related questions, please contact us at privacy@bottled.email.