Privacy Policy
Last updated: 19 June 2026
This Privacy Policy explains how EmailBridge collects, uses, shares, and protects your information when you use our Figma plugin and related web services (together, the “Service”). EmailBridge turns your Figma email designs into templates inside your Klaviyo or Omnisend account.
In this policy, “EmailBridge”, “we”, “us” and “our” refer to the operator of EmailBridge, run as a sole proprietorship. This policy is provided as-is; consider having it reviewed by a qualified lawyer for your jurisdiction.
Contents
1. Who we are
EmailBridge is operated as a sole proprietorship by its owner. We are the data controller for the personal data described in this policy, except where we act as a processor on your behalf (for example, when we transmit the email content you choose to build to your connected Klaviyo or Omnisend account).
2. Information we collect
- Account details — your email address, and your name if you provide it, when you create an EmailBridge account or sign in.
- Connection details — the API keys you add for Klaviyo or Omnisend, and the brand/account name those platforms return so we can label your account.
- Design content — the image slices and text of the email you choose to build. This is processed to create your email and uploaded to your connected platform when you run a build.
- Usage and technical data — limited information such as number of builds, plugin version, timestamps, IP address, and basic error logs, used to operate and secure the Service.
- Communications — messages you send us for support.
We do not intentionally collect special-category (sensitive) personal data, and you should not place such data into the Service.
3. Your API keys
Your Klaviyo or Omnisend API key is used only to perform the action you ask for — uploading your slices and building your template inside your own account.
4. How we use information
- To provide the Service — building your Figma design into a Klaviyo or Omnisend template.
- To authenticate you and keep you signed in.
- To operate, maintain, secure, and improve the Service, and to prevent abuse.
- To respond to your support requests.
- To comply with legal obligations.
We do not sell your personal data, and we do not use your email content for advertising or to train models.
5. Legal bases for processing (EEA/UK)
If you are in the European Economic Area or the UK, we rely on the following legal bases: performance of a contract (to provide the Service you request); legitimate interests (to secure and improve the Service, and prevent abuse); consent (where required, e.g. for certain cookies); and legal obligation (to comply with applicable law). You can withdraw consent at any time where processing is based on it.
6. Services we use (subprocessors)
EmailBridge relies on a few trusted providers to run. Your data may be processed by them only as needed to deliver the Service, each under its own privacy terms.
| Provider | Purpose |
|---|---|
| Klaviyo / Omnisend | Your email platforms. We send your slices and template to whichever you connect, using your API key, at your instruction. |
| Cloudflare | Hosting and the secure bridge that processes builds. |
| Supabase | Account authentication and storage. |
| Figma | The plugin runs inside Figma; your design stays in your Figma file until you choose to build. |
Keep this list current as you add or change providers.
7. International data transfers
Our providers may process data in countries outside your own, including the United States. Where personal data is transferred internationally, we rely on appropriate safeguards such as the providers’ Standard Contractual Clauses or equivalent mechanisms.
8. Data retention
We keep account data for as long as your account is active. Build inputs (your image slices) are processed to create your template and are not retained by us beyond what is needed to complete the build and any short-term logging. When you delete your account, we remove your associated personal data within a reasonable period, except where we must retain it to meet legal obligations or resolve disputes.
9. Security
Connections are encrypted in transit (HTTPS). Access to the bridge is token-gated and rate-limited, and the bridge holds no long-lived platform secrets. We restrict access to personal data to those who need it. No method of transmission or storage is perfectly secure, but we take reasonable, industry-standard measures to protect your information, and will notify you and any regulator of a personal-data breach where required by law.
10. Cookies & local storage
We use essential cookies and browser/Figma local storage to keep you signed in and to remember your settings and saved accounts. These are necessary for the Service to function. We do not use third-party advertising cookies, and we do not currently respond to “Do Not Track” signals, as there is no common standard for them.
11. Your rights
Depending on where you live, you may have the right to access, correct, export (portability), delete, or restrict the processing of your personal data, to object to certain processing, and to lodge a complaint with a supervisory authority. California residents have rights under the CCPA/CPRA, including to know, delete, correct, and opt out of “sale”/“sharing” — we do not sell or share personal data as defined by that law.
To exercise any right, email us using the details below; we will respond within the time required by applicable law. We will not discriminate against you for exercising your rights.
12. Children
EmailBridge is a business tool and is not directed to anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time. We will revise the “last updated” date above, and where changes are material we will provide additional notice (for example, by email or in-product) as appropriate. Your continued use of the Service after an update means you accept the revised policy.
14. Contact & governing law
Questions, concerns, or requests about your data? Email us at privacy@emailbridge.email.
This policy and any dispute relating to it are governed by the laws of the United States, without regard to conflict-of-laws rules, and the courts of the United States will have jurisdiction, except where applicable law gives you the right to bring proceedings elsewhere.