Privacy Policy
Last Updated: June 16, 2026
At Wraps, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CLI tool, SDK, and services.
Wraps is a product of FlatironKids LLC, a company registered in the State of Colorado, United States.
1. Information We Collect
1.1 Anonymous Telemetry Data (CLI)
When you use the Wraps CLI, we collect anonymous usage data to improve the product. This telemetry is opt-out and can be disabled at any time.
We DO collect:
- Command names executed (e.g., "init", "deploy", "status")
- Command success/failure status
- Command execution duration
- CLI version number
- Operating system type (macOS, Linux, Windows)
- Node.js version
- Service types used (email, SMS, etc.)
- Configuration preset selections (starter, production, etc.)
- Error codes (not error messages)
- Anonymous UUID (generated locally, not linked to your identity)
We DO NOT collect:
- AWS account IDs or credentials
- IAM role ARNs
- Domain names or email addresses
- IP addresses
- File paths or directory structures
- Email content or templates
- Environment variables
- Error messages (only error codes)
- Command arguments or flag values
- Any personally identifiable information (PII)
1.2 Dashboard & Website Analytics
When you use the Wraps Dashboard or visit our website, we use PostHog to collect analytics data. This helps us understand how our product is used and improve your experience.
We collect:
- Email address (for authentication and user identification)
- Organization name
- AWS account connections (account IDs are hashed)
- Pages visited and navigation patterns
- Feature usage and interactions
- Browser type, version, and screen size
- Referral source (how you found us)
- Country/region (derived from IP, IP is not stored)
Events we track include:
- Sign-in and sign-up events (authentication method used)
- Organization creation and team invitations
- Email template creation and broadcast scheduling
- Subscription upgrades and plan changes
- AWS account connections
- Feature adoption and usage patterns
We do not send the following to our analytics provider:
- Email content or template body text
- Recipient email addresses
- AWS credentials or secret keys
- Session recordings or screen captures
- Keystrokes or form field contents (except authentication)
This list describes our analytics tooling only. Contact and campaign data you create in the dashboard is processed separately to run platform features — see Section 1.4.
1.3 Infrastructure (Your AWS Account)
The sending infrastructure Wraps deploys runs entirely in your AWS account. For this layer, we do not have access to:
- Your AWS credentials (we use short-lived OIDC and IAM roles, never stored keys)
- Emails sent through your SES
- Your full delivery event history, stored in your DynamoDB
Sending and event-history storage happen in your AWS account. If you stop using Wraps, this infrastructure and its data keep running and remain yours.
1.4 Platform Data (Contacts & Campaigns)
To run the Wraps dashboard and platform features (contacts, audiences and segments, templates, broadcasts, and workflows), we store and process the underlying data on our own infrastructure. This is necessary: we cannot build an audience or send a campaign on your behalf without processing your contacts. For this data, Wraps acts as a data processor and you remain the data controller, the same arrangement you have with any email service provider.
This includes:
- Contact records you create or import: email address, phone number, name, and any custom properties you add
- Audience, segment, and topic (subscription) definitions
- Email templates and campaign content (subject and body)
- A send ledger: recipient address, the merge variables used to personalize each message, and delivery and engagement status (sent, delivered, opened, clicked, bounced, complained)
This data is stored in a managed PostgreSQL database (Neon) hosted in the United States. It is scoped to your organization and is never shared with other customers. You can export or delete it at any time (see Section 5). If your use requires a Data Processing Agreement, contact privacy@wraps.dev.
2. How We Use Your Information
2.1 Telemetry Data
We use anonymous telemetry to:
- Understand which commands and features are most used
- Identify and fix bugs and errors
- Improve CLI performance and user experience
- Prioritize feature development
- Monitor service health and reliability
2.2 Account Information
We use account information to:
- Provide and maintain our services
- Authenticate users
- Send important service updates
- Provide customer support
- Process payments (if applicable)
3. How We Share Your Information
3.1 Third-Party Services
We use the following third-party services:
- PostHog (Privacy Policy) - Product analytics across CLI, web dashboard, and marketing website. PostHog is an open-source analytics platform. We use PostHog Cloud hosted in the US. Data collected includes usage patterns, feature interactions, and anonymous telemetry. PostHog processes this data on our behalf and does not use it for their own purposes.
- Vercel (Privacy Policy) - Website and API hosting
- Neon (Privacy Policy) - Managed PostgreSQL hosting (US) for platform data: contacts, audiences, templates, and the send ledger
- AWS (Privacy Policy) - Infrastructure deployment (in your account)
- Stripe (Privacy Policy) - Payment processing
These services have their own privacy policies and we ensure they meet appropriate privacy and security standards.
3.2 We DO NOT:
- Sell your data to third parties
- Share your data for advertising purposes
- Use your data for purposes unrelated to Wraps
4. Data Retention
- Telemetry events: Stored for 90 days, then automatically deleted
- Aggregate statistics: Retained indefinitely (no PII)
- Account data: Retained while your account is active
- Platform data (contacts, campaigns, send ledger): Retained while your account is active; deleted on request or after account closure
- Server logs: Retained for 7 days
5. Your Rights and Choices
5.1 Opt-Out of Telemetry
You can disable telemetry at any time:
# Disable via CLI command
wraps telemetry disable
# Or set environment variable
export WRAPS_TELEMETRY_DISABLED=1
# Or use universal standard
export DO_NOT_TRACK=1Telemetry is also automatically disabled in CI/CD environments. See our telemetry documentation for more details.
5.2 Opt-Out of Web Analytics
For the web dashboard and website, you can opt out of PostHog analytics:
- Browser setting: Enable "Do Not Track" in your browser settings
- Ad blockers: Most ad blockers will block PostHog tracking
- PostHog opt-out: Visit PostHog's privacy page to opt out globally
Note: Opting out of analytics does not affect your ability to use Wraps. Core functionality works without analytics enabled.
5.3 Access Your Data
You have the right to request a copy of your personal data. Contact us at privacy@wraps.dev.
5.4 Delete Your Data
You can request deletion of your data at any time by contacting privacy@wraps.dev. Note that:
- Platform data (contacts, audiences, templates, and the send ledger) is permanently deleted from our systems
- Telemetry data is anonymous and cannot be linked back to you
- Infrastructure in your AWS account is yours and unaffected by account deletion
- We may retain certain data for legal or security purposes
6. Children's Privacy
Wraps is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
7. Security
We implement industry-standard security measures:
- HTTPS encryption: All data transmission is encrypted
- No stored credentials: We never store your AWS credentials
- Anonymization: Telemetry data is anonymous by design
- Access controls: Limited employee access to data
- Regular audits: Security reviews and updates
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
8. International Data Transfers
Your data may be processed in the United States or other countries where our service providers operate.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page
- Updating the "Last Updated" date
- Sending an email notification (if you have an account with us)
Continued use of Wraps after changes constitutes acceptance.
10. Open Source
Wraps is open source software. The telemetry implementation is fully transparent and can be reviewed in our GitHub repository. You can verify:
- What data is collected
- How it's anonymized
- Where it's sent
- How opt-out mechanisms work
11. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us:
- Company: FlatironKids LLC
- Email: privacy@wraps.dev
- GitHub Issues: github.com/wraps-team/wraps/issues
- Website: wraps.dev
This Privacy Policy is part of our commitment to transparency and user privacy. For more information about our telemetry implementation, see our telemetry documentation.

