Privacy Policy

Last updated: April 9, 2026

What Ping Does

Ping is a Chrome extension that lets you send personalized bulk emails through your own Gmail account. It embeds a 1x1 tracking pixel in outgoing emails to detect when recipients open them, and optionally wraps links to detect clicks.

Gmail API Usage

Ping requests the following Google API scopes:

  • gmail.send: To send emails on your behalf through the Gmail API.
  • gmail.readonly: To check your daily send quota (counting sent emails in the last 24 hours) and to detect replies to your campaigns via thread lookups.
  • userinfo.email: To identify your account and isolate your data from other users.
  • drive.file: To import recipient data from the specific Google Sheets you explicitly select via Google's file picker. Ping never sees other Drive files.

Ping does not use these permissions for any purpose other than what is described above. Ping does not read, scan, index, or store the content of your emails.

How Email Content is Processed

When you send a campaign, Ping constructs the email HTML entirely in your browser and sends it directly to the Gmail API. Your email content never passes through our server. The only server-side components are a tracking pixel URL and optional click redirect URLs embedded in the email HTML. When a recipient opens the email or clicks a tracked link, that request hits our server, which records the event.

Data We Collect

  • Email metadata: Recipient email addresses and subject lines, stored on our server to enable open and click tracking.
  • Open events: When a tracking pixel loads, we record the timestamp, approximate IP-based location, and request headers. This is used solely to determine whether an email was opened.
  • Click events: When a tracked link is clicked, we record the URL, timestamp, and user agent before redirecting to the original destination.
  • Your email address: Used to isolate your tracking data so you only see your own campaigns.
  • Sender IP address: Recorded at send time solely for self-open detection (filtering out opens from your own device).

Data We Do Not Collect

  • We never read, store, or process the body content of your emails.
  • We never access or scan your inbox or any folder other than counting sent messages for quota.
  • We never sell, share, or transfer your data to third parties for advertising, data brokering, or any unrelated purpose.
  • We never use your data to train machine learning models.
  • We never share mobile or phone number information with third parties for marketing or promotional purposes.
  • OAuth tokens (access and refresh tokens) are stored only in your browser's local storage and are never transmitted to or stored on our servers.

Data Storage and Security

  • Client-side: Campaign data, templates, signatures, and OAuth tokens are stored locally in Chrome's extension storage on your device.
  • Server-side: Tracking records (recipient email, subject, open/click events) are stored in an SQLite database on a DigitalOcean server located in Bangalore, India. The server is access-controlled via SSH key authentication.
  • In transit: All data between the extension and our server is transmitted over HTTPS (TLS 1.2+). SSL certificates are issued by Let's Encrypt and auto-renewed.
  • Access control: Each user's data is isolated by their Gmail address. API endpoints require a sender parameter and only return data belonging to that user.
  • Rate limiting: All API endpoints are rate-limited per IP to prevent abuse and denial-of-service attacks.

Data Retention

  • Tracking records on our server are automatically deleted after 30 days.
  • Unconfirmed tracking records (registered but never sent) are deleted after 2 hours.
  • Campaign data in your browser persists until you uninstall the extension or clear Chrome storage.
  • Self-service deletion: Open the Ping extension → Settings → Privacy & Data → Delete my account. Your account is soft-deleted immediately and you can recover within 30 days by signing back in. After 30 days, all personal data is permanently erased.
  • Self-service export: Same Settings page → Export. Downloads a JSON file with everything we hold about you.
  • Payment records: Razorpay event IDs, amounts, and timestamps are retained for 7 years even after account deletion, as required by Indian tax law (Income Tax Act § 44AA). Personal identifiers in those records are anonymized after the 30-day deletion grace period.

Your Rights

Under the Digital Personal Data Protection Act 2023 (India) and applicable international laws including GDPR, you have the right to:

  • Access & portability: Download a complete JSON export of your data from extension Settings → Privacy & Data → Export. No request needed.
  • Erasure: Delete your account self-service from extension Settings → Privacy & Data → Delete. Soft-deleted immediately, hard-deleted after 30 days.
  • Revoke OAuth: Disconnect Ping from your Google account at any time via Google Account permissions.
  • Unsubscribe recipients: Every tracked email includes an unsubscribe link. Unsubscribed recipients are globally suppressed across all your future campaigns.
  • Correction: Email the grievance officer below to request correction of inaccurate personal data.
  • Withdraw consent: Uninstalling the extension or revoking OAuth withdraws your consent for processing.
  • Lodge a complaint: Contact the Data Protection Board of India (DPDP Act) or your local supervisory authority (GDPR) if you believe your rights have been violated.

Grievance Officer (DPDP Act 2023)

In compliance with the Digital Personal Data Protection Act 2023 (India), the following individual is designated as the grievance officer:

  • Name: Sankalp Tripathi
  • Email: contact@getping.dev
  • Response time: Within 30 days of receipt, as required by law.

Free and Paid Plans

Ping offers a free tier and a Pro subscription. The same privacy protections apply regardless of plan. Pro billing is processed through Razorpay, an Indian payment processor. We never see or store your card number, CVV, or UPI credentials - Razorpay handles all of that directly. Our server only receives a Razorpay subscription ID, the email you used for the subscription, and webhook event notifications (charged, cancelled, failed).

See our refund policy and cancellation policy for billing-specific details.

Third-Party Services (Sub-Processors)

We rely on the following sub-processors to operate Ping. Each one only sees data necessary for its function. We do not share your data with any other third parties.

  • Google APIs: Authentication, sending emails on your behalf, reading sent quota, importing Google Sheets. Subject to the Google API Services User Data Policy.
  • Razorpay (India): Payment processing for Pro subscriptions. Sees your card/UPI details directly - we never see them. Receives your Gmail address as the customer identifier.
  • DigitalOcean (Bangalore): Server hosting for the tracking API and database.
  • Vercel: Hosting for the public website at getping.dev.
  • Resend: Sends transactional emails on our behalf (welcome, payment receipts, cancellation confirmations, account deletion confirmations). Receives your Gmail address and the email body.
  • Sentry: Server-side error tracking. Receives anonymized stack traces and request metadata. Email addresses are masked before being sent (e.g. joh***@gmail.com) and authentication tokens are stripped.
  • UptimeRobot: Monitors API health endpoint every 5 minutes. Sees only the response status, no user data.
  • Cloudflare: If enabled in front of getping.dev, terminates TLS and may log basic request metadata (IP, user agent) for DDoS protection.
  • Let's Encrypt: Issues SSL certificates for our domains. No user data exposure.

Compliance

Ping is designed to comply with CAN-SPAM, GDPR, and CCPA requirements. Users are responsible for ensuring their email campaigns comply with applicable anti-spam laws in their jurisdiction. Ping provides unsubscribe functionality, sender identification, and opt-out honoring to support compliance.

Ping's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Children's Privacy

Ping is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated through the extension dashboard and on this page. Continued use after changes constitutes acceptance.

Contact

Privacy questions, data access, or deletion requests: contact@getping.dev

← Home