TheOGMarket ("we", "our", or "us") operates an email deliverability intelligence platform at
theogmarket.com. This policy explains what data we collect, how we use it, and your rights.
1. Information We Collect
For Senders (registered users):
- Email address and password (hashed) used to create your account
- Verified sender addresses you add to your account
- Test results — placement data (inbox / promotions / spam) for emails you send through the platform
- Basic usage logs (timestamps, IP address at login, browser type)
For Panelists (invite-only contributors):
- Gmail account email address
- OAuth access and refresh tokens — used solely to read email placement labels on your behalf. We never read email content, only the folder/label a message was placed in.
- Health and activity logs tied to your connected account
Automatically collected:
- Server logs including IP addresses and request timestamps, retained for up to 30 days
- Session cookies necessary for authentication
2. How We Use Your Information
- To provide and operate the deliverability testing service
- To check email placement across our panel of Gmail accounts (read-only, label data only)
- To send transactional emails (account verification, invite links, test result notifications)
- To detect and prevent abuse
- To improve the accuracy and reliability of our panel
We do not sell your data to third parties. We do not read, store, or analyse the content of emails that pass through the panel — only metadata (sender domain, label placement).
3. Panelist Data & Gmail Access
Panelists connect their Gmail accounts via Google OAuth 2.0. This grants us the following permissions:
- gmail.readonly — to check which label/folder a test message was placed in
- gmail.modify — to perform engagement actions (mark as read, move to inbox) on test messages only
We access only messages that match our internal test identifiers. We never access your personal emails, contacts, or any other account data. OAuth credentials are stored encrypted using AES-256 envelope encryption.
Panelists may revoke access at any time via Google Account Permissions. Revoking access will deactivate your panel account.
4. Data Retention
- Sender accounts: data retained while your account is active, deleted within 30 days of account closure on request
- Panelist OAuth tokens: retained while your panel account is active; deleted immediately on deactivation or revocation
- Test results: retained indefinitely in aggregate form; individual test data retained for 12 months
- Server logs: retained for 30 days
5. Third-Party Services
- Google OAuth — for Gmail account connection (panelists only)
- Mailjet — for transactional email delivery
We do not use advertising networks, analytics trackers, or social media pixels.
6. Security
All credentials are encrypted at rest using envelope encryption (AES-256). All traffic is served over HTTPS. Access to production systems is restricted to authorised personnel only.
7. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us via the contact form. We will respond within 30 days.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to registered users. The "last updated" date at the top of this page reflects the most recent revision.
9. Contact
For privacy-related questions or data requests, use our contact form and select "Privacy / Data Request" as the subject.