Privacy Policy

We collect information you provide directly to us when you create an account, send emails through our platform, or contact us for support. This includes: • Account information: name, email address, password (hashed), billing details • Email campaign content: subject lines, email body, recipient lists you upload • Usage data: features used, campaigns created, templates selected • Device and log data: IP addresses, browser type, pages visited, access times We do not buy, sell, or broker data about you or your subscribers.

We use the information we collect to: • Provide, maintain, and improve the iyloo platform • Process transactions and send related information, including purchase confirmations and invoices • Send transactional messages (e.g., password resets, account alerts) • Send marketing communications if you have opted in • Monitor and analyze trends, usage, and activities • Detect, investigate, and prevent fraudulent transactions and other illegal activities

We retain personal data for as long as is necessary to provide our services and comply with legal obligations. Specifically: • Account data: retained for the lifetime of your account plus 30 days after deletion • Email campaign data: retained for 24 months from the send date, then anonymized • Billing records: retained for 7 years as required by law • Log data: retained for 90 days You may request deletion of your personal data at any time by contacting privacy@iyloo.com.

We do not share, sell, rent, or trade personal information with third parties for their commercial purposes. We share data only in these limited circumstances: • Service providers: vendors who help us operate the platform (hosting, payments, analytics) under strict data processing agreements • Legal requirements: when required by law, court order, or governmental authority • Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate notice • With your consent: for any other purpose with your explicit consent

We take reasonable measures to protect your information from unauthorized access, theft, and loss: • All data is encrypted in transit (TLS 1.3) and at rest (AES-256) • Access to production systems is restricted to authorized personnel only • We undergo annual third-party security audits • Our infrastructure targets SOC 2 Type II compliance No method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact security@iyloo.com immediately.

Depending on your location, you may have the following rights: • Access: request a copy of the personal data we hold about you • Correction: request correction of inaccurate or incomplete data • Deletion: request deletion of your personal data • Portability: receive your data in a machine-readable format • Objection: object to certain processing activities • Restriction: request that we limit processing of your data To exercise any of these rights, email privacy@iyloo.com. We will respond within 30 days.

If you have questions or concerns about this Privacy Policy, please contact us: Iyloo Inc. Privacy Team privacy@iyloo.com 548 Market St, Suite 12345 San Francisco, CA 94104