Privacy Policy
This Privacy Policy explains how Helton Labs LLC (“Helton Labs,” “we”) handles personal data in connection with Emit (rssemit.com). We act in two roles: as a controller for data about account holders, and as a processor for the subscriber data our customers send through the Service.
Data we collect
| Category | Examples | Role |
|---|---|---|
| Account data | Name, email, hashed API key, credit balance, billing records | Controller |
| Subscriber data | Subscriber email addresses, status, your feed/email content | Processor (on your behalf) |
| Operational data | Send/bounce/complaint events, request logs, IP for rate limiting | Controller |
How we use data
- To operate the Service: poll feeds, render and send emails, and bill for usage.
- To maintain deliverability and security: bounce/complaint suppression, abuse and rate limiting.
- To communicate with account holders about their account and the Service.
We do not sell personal data, and we do not use your subscribers’ data for our own purposes.
Sub-processors
We share data with vendors strictly to provide the Service:
| Provider | Purpose |
|---|---|
| Amazon Web Services (SES) | Email delivery |
| Resend | Email delivery |
| Stripe | Payments (we do not store card numbers) |
| Render | Application hosting & managed Postgres |
| Sentry | Error monitoring (when enabled) |
Retention
Account and subscriber data are retained while your account is active. On account deletion
(DELETE /v1/account) we delete your feeds, subscribers, broadcasts, and credit
history; backups and legally-required records may persist for a limited period.
Security
API keys are stored only as hashes. Data is encrypted in transit, and at rest by our hosting and sub-processors. Sending domains require DNS-based verification before use.
Your rights
Depending on your location (e.g., GDPR/UK GDPR, CCPA/CPRA), you may have rights to access, correct, delete, or port your personal data, and to object to certain processing. Account holders can exercise these via the API or by contacting us. Subscriber requests should be directed to the customer who collected the data (the controller); we will assist that customer as their processor.
Data processing
For subscriber data, our customers are the controllers and Helton Labs is the processor. We process such data only on documented instructions, assist with security and data-subject requests, and use the sub-processors listed above. A Data Processing Addendum is available on request at will@heltonlabs.com.
Cookies
The marketing site and dashboard do not use advertising cookies. The dashboard stores your API key and preferences in your browser’s local storage to keep you signed in; it is never sent to us except as a bearer token to authenticate API requests.
Changes
We may update this policy; material changes will be posted here with a new date.
Contact
Privacy questions: will@heltonlabs.com.
Helton Labs LLC.