Last updated: March 2026. The service is run by IT Dijaspora.
This service (“Email Campaigns Manager”) is a free service operated by IT Dijaspora. We do not charge you to use it. IT Dijaspora operates this service from the European Union. IT Dijaspora is responsible for the operation of this service and for handling personal data as described in this policy. For privacy-related inquiries, please contact us at contact@emailoutreach.me or via our contact form.
We process personal data on the basis of legitimate interests (Article 6(1)(f) GDPR), namely to enable user-initiated communication through this platform.
Where applicable, processing is also necessary for the performance of a service requested by the user (Article 6(1)(b) GDPR).
IT Dijaspora acts as the controller for the operation of this platform.
Campaign organisers act independently as controllers for the recipient data they provide and for their own use of that data outside this platform.
When you connect your Gmail account:
gmail.send scope).If you connect Gmail but do not complete a send: We may keep your name, Gmail address, and OAuth tokens for up to 48 hours so you can finish the flow and for abuse prevention. If you do not send within that time, we remove the tokens and clear those fields from our records (see section 7).
During sending: Your data is processed temporarily in memory to transmit the email.
After sending: We record participation only by a hashed identifier. We remove your OAuth tokens and clear your name and Gmail address from our records. We do not store the content of emails after they are sent. We store only a one-way hash of your email address for up to 3 months for “already contributed” checks; this hash cannot be reversed to recover your email address.
Send metadata (separate from the participant hash): For operational and statistical purposes we may store which recipient address each send attempt referred to, an optional provider message identifier, and error details, for up to 90 days; after that we redact or remove those details while keeping non-identifying status counts.
Link tracking (some campaigns): If a campaign uses tracked links, certain URLs in the email may go through our service first and then redirect to the destination. We keep only an aggregate count of how many times each such link was used. We do not store per-click records, and we do not tie those counts to your name, Gmail address, or a specific message in our application database. As with any web request, our hosting environment may still create short-lived server logs as described below.
If you are a recipient: Campaign messages are composed and sent by individual supporters from their own Gmail accounts. Campaign organisers configure recipient names, email addresses, and related fields in our system so messages can be routed correctly; how they obtain and use that information is governed by their relationship with you and their own policies. We process recipient email addresses on the basis of legitimate interests (Article 6(1)(f) GDPR), namely to enable user-initiated communication through this platform. We process that configuration data to operate the service and apply retention for inactive campaigns as described in this policy and in our internal technical documentation. If you prefer not to receive further messages that are sent through this platform, please contact us (see Contact below) and include the email address that received the message. We store that address on an internal suppression list so our systems can omit it from future sends initiated via our service. We do not store free-form personal notes about recipients. Any suppression entry contains only the email address and the minimum information necessary to process the opt-out request. Suppression entries are kept for 3 years from when they are added so that opt-out requests can be respected across future campaigns and to reduce repeated unwanted contact; they are then deleted automatically unless we extend retention to continue honouring your request. This does not change how a campaign organiser may store or use your details in their own systems, and it does not guarantee that you will not be contacted through other channels.
Admin users: If you log in to the admin dashboard, we store your session and (if configured) your username, email, and password hash for authentication. Two-factor secrets are stored if you enable 2FA.
Cookies and session: We use session cookies for admin sign-in and, during the send flow, to complete the OAuth and send process. No long-term tracking cookies are set for participants.
We use Google user data only to provide the email-sending functionality you request, to improve security and compliance, and as required by law. We do not use Google user data for advertising, and we do not sell or share it with third parties for marketing or other unrelated purposes. Our use is limited to what is described in this policy and in Google’s User Data Policy.
Google: When you connect Gmail, you sign in with Google and authorise us to send emails on your behalf. Google’s privacy policy applies to that sign-in and to the emails sent via Gmail. We do not share your data with other third parties for marketing.
Hosting: The service may be hosted by IT Dijaspora or a subprocessor. Server logs (such as IP address and request metadata) are used solely for security and abuse prevention, are access-restricted, and are not used for profiling or behavioural analysis. They may be retained for up to 30 days.
We use encrypted connections (HTTPS) and restrict system access to authorised administrators only. OAuth tokens are removed after you successfully send (or when an abandoned session is cleaned up, within the period in section 2).
If you participated as a sender, we do not retain your name or Gmail address after you send (see section 2), so there is no ongoing participant profile to access, port, or correct in that respect. If you connected Gmail but did not send, any identifiers are cleared within the abandoned-session period in section 2. If you are a recipient and we hold your address on the suppression list, you may ask us to remove it earlier than the automatic expiry date (see sections 2 and 7). For any privacy request, contact us (see below); we will respond in line with applicable law (e.g. GDPR).
Participant email hashes are retained for up to 3 months for “already contributed” checks, then deleted. If you connect Gmail but do not send, your name, Gmail address, and tokens are cleared after at most 48 hours of inactivity on that session. Anonymised send history (without your name or Gmail address) may be retained for statistics. Recipient addresses and provider identifiers in send logs are redacted after 90 days while keeping non-identifying status counts. Aggregate tracked-link click counts may be retained for statistics; they do not identify who clicked. Recipient opt-out (suppression) entries store the email address and are used only to prevent sends via this platform; they are kept for 3 years from creation so that opt-outs can be respected across future campaigns and repeated unwanted contact reduced, then deleted automatically unless we extend retention to keep honouring an opt-out. You may ask us to remove an entry earlier (see Contact). Admin account data (including password hash and, if enabled, two-factor secret) is retained while your account is active. Deleted or redacted data may persist for a limited time in encrypted backups or server logs.
We may update this privacy policy from time to time. The “Last updated” date at the top will be revised. Continued use of the service after changes constitutes acceptance of the updated policy.
For privacy-related questions or requests, contact us at contact@emailoutreach.me or via our contact form.