Privacy Policy

Last updated: March 2, 2026

1. Introduction

Fifth Floor Marketing ("we," "us," or "our") operates ESP Controller (espcontroller.io), an email marketing platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

2. Information We Collect

Account Information

When you create an account, we collect:

Name and email address
Login credentials (passwords are hashed and never stored in plain text)
Two-factor authentication settings

Subscriber Data

When you use our platform to manage email campaigns, you may upload or collect:

Email addresses of your subscribers
Subscriber names and custom fields
List membership and subscription preferences

Campaign and Analytics Data

Email open and click tracking data
Bounce and complaint records
Campaign performance metrics
Revenue and monetization data from integrated services

Technical Data

IP addresses (used for security and access control)
Browser type and version
Pages visited and actions taken within the platform

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the ESP Controller platform
Send email campaigns on your behalf via integrated email services (AWS SES, KumoMTA)
Track email delivery, opens, clicks, bounces, and complaints
Generate analytics and performance reports
Manage subscriber lists and segmentation
Enforce security measures including IP allowlisting and two-factor authentication
Communicate with you about your account and our services

4. Third-Party Services

We integrate with the following third-party services:

Amazon Web Services (SES) — Email delivery
Google APIs — Google AdSense (revenue reporting), Google Analytics, Gmail (account notifications)
Google Sheets — Newsletter content management
Anthropic (Claude AI) — Subject line generation for newsletters

Each of these services has its own privacy policy governing their use of data. We only share the minimum data necessary to provide the requested functionality.

5. Cookies and Tracking

Our platform uses session cookies to maintain your authenticated state. We do not use third-party advertising cookies on the ESP Controller platform itself.

Emails sent through our platform may contain tracking pixels to measure open rates and click-through rates. Recipients can disable image loading in their email client to prevent open tracking.

6. Data Retention

Account data is retained for as long as your account is active
Campaign analytics are retained for the lifetime of the campaign
Subscriber data is retained until you delete it or close your account
Server logs are retained for up to 90 days

7. Data Security

We implement industry-standard security measures to protect your data, including:

AES-256-GCM encryption for stored credentials and API tokens
HTTPS encryption for all data in transit
IP allowlisting to restrict platform access
Mandatory two-factor authentication for all accounts
CSRF protection on all state-changing operations

8. Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data (subject to legal obligations)
Export your data in a portable format
Withdraw consent for optional data processing

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: