Privacy Policy

At MUDDY.IO, we take data privacy seriously. This Privacy Policy explains who we are, how we collect, share and use Personal Information, and how you can exercise your privacy rights.

1. About Us

This MUDDY.IO Terms & Conditions is entered into between Muddy Limited (“MUDDY.IO”) located at Unit 732, 7/F, Building 19W No. 19 Science Park West Avenue Hong Kong Science Park, Pak Shek Kok, N.T. and the entity designated on the MUDDY.IO Quote (“Client”) and governs Client’s subscription to the software and professional services described herein (“the Services”).

2. Key Terms

These following terms have the meanings:

“Contact” is a person a Client is contact through the Services. In other words, a Contact is anyone on a Client’s Distribution List or about whom a Client has given us information.

“Distribution List” is a list of Contacts a Client may upload or manage on our platform and all associated related to those Contacts (for example, email addresses).

“Client” means any person or entity that is registered with us to use the Services.

“Personal Information” means any information that identifies or can be used to identify a Member, a Contact, or a Visitor, directly or indirectly.

3. Privacy for Clients

This section applies to the Personal information we collect and process from a Client or potential Client through the provision of the Services.

A. Information We Collect

The Personal Information that we may collect broadly falls into the following categories:

(i) Information you provide to us: In the course of engaging with our Services, you may provide Personal Information about you and your Contacts. Personal Information is often, but not exclusively, provided to us when you sign up for and use the Services, consult with our customer service team, send us an email, integrate the Services with another website or service, or communicate with us in any other way.

(ii) Information we collect automatically: When you use the Services, we may automatically collect certain information about your device and usage of the Services. We use webhooks and other tracking technologies to collect some of this information.

This information may include:

  • Device information: We collect information about the applications you use to access the Services, such as your IP address and other information about your system and connection.

  • Log data: Our web servers keep log files that record data each time a device accesses those servers and those log files contain data about the nature of each access, including originating IP addresses.

  • Product usage data: We collect usage data about you whenever you interact with our Services, which may include the dates and time you access the Services and your browsing activities (such as what portions of the Services are used).We also collect information regarding the performance of the Services, including metrics related to the deliverability of messages and other communications you send through the Services. This information allows us to improve the content and operation of the Services, and facilitate research and analysis of the Services.

(iii) Information we collect from other sources: From time to time, we may obtain information about you or your Contacts from third-party sources, such as social media platforms. We take steps to ensure that such third parties are legally or contractually permitted to disclose such information to us.

  • Examples of the information we receive from other sources include demographic information (such as age and gender), device information (such as IP addresses), location (such as city and state), and online behavioral data (such as information about use of social media websites, page view information and search results and links). We use this information, alone or in combination with other information (including Personal Information) we collect, to enhance our ability to provide relevant marketing and content to you and to develop and provide you with more relevant products, features, and services.

4. Use of Personal Information

  • To bill and collect money owed to us by you. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and those third parties collect billing information to process your orders and credit card payments.

  • To send you system alert messages. For example, we may inform you about temporary or permanent changes to our Services, such as planned outages, or send you account, security or compliance notifications, such as new features, version updates, releases, abuse warnings, and changes to this privacy policy.

  • To communicate with you about your account and provide customer support. For example, if you use our mobile apps, we may ask you if you want to receive push notifications about activity in your account. If you have opted in to these push notifications and no longer want to receive them, you may turn them off through your operating system.

  • To enforce compliance with our Terms of Use and applicable law, and to protect the rights and safety of our Members and third parties, as well as our own. This may include developing tools and algorithms that help us prevent violations.

  • To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.

5. Distribution Lists

A Distribution List can be created in a number of ways, including by importing Contacts, such as through a CSV or directly from your email client. Your Distribution Lists are stored on a secure MUDDY.IO server. We do not, under any circumstances, sell your Distribution Lists. If someone on your Distribution List complains or contacts us, we might then contact that person. You may export (download) your Distribution Lists from MUDDY.IO at any time.

If we detect abusive or illegal behavior related to your Distribution List, we may share your Distribution List or portions of it with affected ISPs or anti-spam organizations to the extent permitted or required by applicable law.

If a Contact chooses to use the Forward to a Friend (FTF) link in an email campaign a Member sends, it will allow the Contact to share the Member’s email content with individuals not on the Member’s Distribution List. When a Contact forwards an email to a friend, we do not store the Contact’s email address or their friend’s email address, and no one is added to any Distribution List as a result of the FTF link. The Member who created the email campaign only sees an aggregate number of times their email campaign was forwarded by a Contact and does not have access to the email addresses used to share or receive that forwarded content.

6. Other Data Protection Rights

You and your Contacts may have the following data protection rights:

  • To access, correct, update or request deletion of Personal Information. MUDDY.IO takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. You may contact us directly by emailing at

  • Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If you receive these requests from Contacts, you can segment your lists within the MUDDY.IO platform to ensure that you only market to Contacts who have not opted out of receiving such marketing.

7. Our Security

As a company that takes data security and privacy very seriously, we recognize that MUDDY.IO’s information security practices are important to you.

  • Protection from Data Loss, Corruption: All databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user account from each other.

  • Application Level Security: MUDDY.IO’s account passwords are hashed. All login pages pass data via TLS. We perform regular external security penetration tests throughout the year. The tests involves in-depth testing for vulnerabilities inside the application.

  • MUDDY.IO’s credit card processing vendor are SOC II Compliant. Our vendor is certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP),MasterCard® Site Data Protection Program (SDP), and Discovery Information Security and Compliance (DISC). We also perform annual SOC II audits.

8. International Transfers

(i) We operate in Hong Kong

Our offices is located in Hong Kong but our servers are stored with AWS in Singapore and in the United States.

9. Questions & Concerns

If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please contact us via