Privacy policy

We collect the following categories of information:

Account information. Name, email address, phone number (optional), password, and billing information you provide when registering or subscribing.

Subscriber data you upload. Email addresses, names, tags, and any custom fields associated with subscribers you import or sync to your Nashra account.

Content. Posts, newsletters, and assets you create and publish through the Service.

Usage data. IP address, browser type, device information, pages visited, referring URLs, and interactions with the Service.

Email engagement data. Open, click, bounce, and unsubscribe events for newsletters you send through the Service.

We collect information through the following channels:

Directly from you. When you create an account, contact us, subscribe to our newsletter, or fill in forms on nashra.ai.

Automatically. Through cookies, server logs, and similar technologies as you interact with the Service.

Through official integrations. When you install or authorize a Nashra integration — such as our official WordPress plugin — that integration may transmit data to the Nashra API on your behalf. For example, the WordPress plugin sends subscriber email addresses, names, tags, and (where WooCommerce is connected) purchase totals, order counts, and last-order dates so they can be added to your Nashra audience. The plugin operates under your control using an API token you generate in your Nashra account.

Through the Nashra API. When you or an authorized application calls our public API using your API token, the data included in those requests is received by Nashra and associated with your account.

We use the information we collect to:

• Provide, maintain, secure, and improve the Service
• Authenticate users, process transactions, and deliver the features you request
• Deliver, route, and monitor the newsletters and emails you send through the Service
• Send transactional messages, product updates, and (with consent) marketing communications
• Respond to inquiries and provide customer support
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service
• Comply with legal obligations and enforce our agreements

Our legal bases for processing personal data under the GDPR include: performance of a contract (providing the Service to you), legitimate interests (securing and improving the Service), consent (for marketing communications), and compliance with legal obligations.

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

Sub-processors. We use trusted third-party providers to operate the Service. These sub-processors process data on our behalf under contractual obligations and only to provide the functions we have engaged them to perform. Current sub-processors include:

• Mailgun — transactional and marketing email delivery
• Cloud infrastructure and hosting providers — storage, compute, content delivery, and backups
• Payment processors — subscription billing and invoicing
• Analytics and error-monitoring providers — understanding Service usage and identifying technical issues

For an up-to-date list of sub-processors, please contact us at support@nashra.ai.

Legal disclosures. We may disclose information when required by law, court order, or government request, or to protect the rights, property, or safety of Nashra, our users, or others.

Business transfers. If Nashra is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or material change in how your data is handled.

Storage location. Personal data is stored on cloud infrastructure operated by reputable hosting providers. Data may be processed and stored in the United States, the European Union, or other regions where our sub-processors operate.

Retention. We retain personal data for as long as your account is active and for as long as needed to provide the Service. After account closure:

• Account information and subscriber data are deleted within 30 days, except where a longer retention period is required for legal, accounting, fraud-prevention, or backup-recovery purposes
• Backup copies are purged on a rolling basis as part of our normal backup rotation, typically within 90 days
• Aggregate or de-identified data that can no longer be linked to you may be retained indefinitely for analytics and Service improvement

You can request earlier deletion at any time — see “Your Rights” below.

Nashra operates internationally. When we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not received an adequacy decision from the relevant authority, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and equivalent UK and Swiss mechanisms.

By using the Service, you understand that your information may be transferred to and processed in jurisdictions that may have data protection laws that differ from those in your country.

We take reasonable and appropriate technical and organizational measures designed to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption in transit (TLS) for all API and web traffic
• Encryption at rest for stored data and backups
• Authenticated access to the API via per-account tokens, which you can rotate or revoke at any time
• Role-based access controls for our internal systems
• Regular review of our security practices, dependencies, and sub-processors

However, no method of transmission over the internet or electronic storage is 100% secure. You are responsible for keeping your password and API tokens confidential.

If we become aware of a personal data breach that is likely to present a risk to your rights and freedoms, we will notify you and the appropriate supervisory authorities without undue delay, and in line with applicable laws (including, where applicable, the GDPR 72-hour notification requirement). Notifications will describe the nature of the breach, the categories of data involved, the likely consequences, and the measures we have taken or propose to take.

Depending on where you live, you may have the following rights with respect to your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate or incomplete data
• Deletion — request that we delete your personal data, subject to certain legal exceptions
• Portability — receive your data in a structured, commonly used, machine-readable format
• Restriction or objection — limit or object to certain types of processing, including direct marketing
• Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing
• Lodge a complaint — with your local data protection authority if you believe we have violated applicable law

California residents (CCPA/CPRA). California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the “sale” or “sharing” of personal information. Nashra does not sell personal information.

To exercise any of these rights, email support@nashra.ai. We will verify your request and respond within the timeframes required by applicable law.

We use cookies and similar technologies (such as pixels and local storage) to operate the Service, remember your preferences, measure performance, and understand how the Service is used. Categories include:

• Strictly necessary — required for the Service to function (e.g., authentication, security)
• Functional — remember your preferences and settings
• Analytics — understand usage patterns and improve the Service

You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent parts of the Service from working correctly.

The Service may contain links to third-party websites that are not operated by us. We are not responsible for the content or privacy practices of those sites. We encourage you to review their privacy policies before providing any information to them.

The Service is not intended for individuals under the age of 13, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at support@nashra.ai and we will promptly delete it.

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, or other factors. When we make material changes, we will update the version and “last updated” date at the top of this page and, where appropriate, notify account holders by email. We encourage you to review this Privacy Policy periodically.

If you have questions about this Privacy Policy, our data practices, or wish to exercise any of your rights, please contact us at support@nashra.ai.