Skip to content

Trust & Safety

Fair enforcement, written down.

Most providers reserve the right to suspend you at any time, for any reason, with no notice. We do the opposite: a transparent, warn-before-block policy with a real appeal path. This page is our commitment in plain language.

This page is a plain-language summary intended to be readable. It is not a substitute for our Terms of Service, Data Processing Addendum, or Privacy Policy, which govern in case of any conflict. Draft pending formal legal review.

Warn-before-block suspension policy

No silent suspension

When a sender trips a reputation or policy threshold, our default is to warn and work with you — not to silently flip your account off. Here is exactly how that works.

  1. Early warning

    When your bounce rate, complaint rate, or volume pattern crosses an internal warning threshold, we notify the account owner and relevant team members by email and in the dashboard. The notice explains which signal tripped, what we observed, and what to do about it. Your sending continues.

  2. Remediation window

    You get a defined window to respond — typically 72 hours for a reputation warning — to correct list hygiene, fix a misconfigured integration, or reply with context. We would rather help you fix the root cause than lose you as a customer.

  3. Throttle before block

    If a signal keeps deteriorating, we may temporarily reduce your send rate to protect shared infrastructure and your own reputation, rather than cutting you off. You are notified, and the throttle lifts once the signal recovers.

  4. Suspension only as a last resort

    A full suspension happens only after the steps above, or immediately in the narrow case of clear, serious abuse (active phishing, malware, or fraud) that endangers recipients and the platform. In every case you receive a written explanation of the reason and the evidence.

Appeal SLA

If your account is throttled or suspended, you can appeal by replying to the enforcement notice or writing to appeals@mailfully.com. We commit to:

  • Acknowledge within 1 business day that we received your appeal and that a human is reviewing it.
  • Substantive response within 2 business days with our decision and the reasoning, or a clear request for the specific information we still need.
  • Prompt reinstatement once the underlying issue is resolved — we do not hold accounts hostage after the problem is fixed.

Acceptable Use Policy

Before you send through Mailfully, you should be able to answer “yes” to all five of these. They are the foundation of good sending and the basis on which we evaluate reputation and abuse reports.

1. Permission

Every recipient has explicitly opted in to hear from you, or has a genuine transactional relationship with you (they made a purchase, created an account, requested a password reset). You do not send to purchased, rented, scraped, or appended lists.

2. Identity

Your messages clearly and truthfully identify who you are. From addresses, subject lines, and message content are not deceptive, spoofed, or designed to impersonate another brand or person.

3. Relevance

What you send matches what recipients expect. Transactional traffic stays transactional; you do not smuggle marketing or bulk promotional content through a transactional stream that people cannot meaningfully unsubscribe from.

4. Unsubscribe & honoring opt-out

Recipients can stop hearing from you easily, and you honor every opt-out, bounce, and complaint promptly. You do not attempt to re-mail addresses that have unsubscribed, hard-bounced, or filed a complaint.

5. Content & the law

Your sending complies with applicable anti-spam and privacy law (including CAN-SPAM, CASL, and GDPR where they apply) and does not involve prohibited content: phishing, malware, fraud, illegal goods, or the categories listed in our prohibited-use terms.

Prohibited uses

Regardless of consent, the following are never permitted on Mailfully and may result in immediate suspension:

  • Phishing, credential harvesting, or any attempt to deceive recipients into revealing sensitive information
  • Malware, ransomware, or links to malicious payloads
  • Purchased, rented, scraped, or appended recipient lists
  • Fraudulent, deceptive, or misleading content, including spoofed sender identity
  • Illegal goods or services, or content prohibited in the recipient's jurisdiction
  • Harassment, threats, or content that incites violence
  • High-complaint categories sent without clear, verifiable consent

Security & compliance posture

SOC 2

In progress

We are pursuing a SOC 2 Type II examination. Our controls are built around least-privilege access, encryption of data in transit and at rest, audit logging, and a documented incident-response process. Our report and current posture are available to prospective customers under NDA on request.

GDPR

For customers subject to the GDPR, Mailfully acts as a data processor for the personal data contained in the messages you send. We offer a Data Processing Addendum (DPA) covering the required processor obligations — purpose limitation, sub-processor transparency, security measures, breach notification, and assistance with data-subject requests. Message-log retention is bounded by your plan's retention window, after which message content ages out of the readable log.

EU data residency

Customers who need their data to stay in the EU can run on our EU region, where sending infrastructure and message-log storage are hosted in an EU AWS region. This keeps message metadata and content within the EU for the life of the retention window and supports data-residency requirements for EU-based businesses. Contact us to provision an EU-region account.

Report abuse

If you have received a message sent through Mailfully that you believe violates this policy, report it to abuse@mailfully.com. Include the message headers if you can. We investigate every report and act on confirmed abuse quickly.