One Two Three Send

Privacy and data

Docs

Privacy & data

One Two Three Send is built around the principle that your subscribers belong to you, not to a third-party CRM. Everything important lives in your own WordPress database.

What the plugin stores locally

  • wp_otts_subscribers — email, optional first name, status, type (free / paid), Stripe customer + subscription IDs (if paid), subscribed and unsubscribed timestamps, a 64-character random token used for one-click unsubscribe and signed download links.
  • wp_otts_sends — one row per send: newsletter ID, recipient count, provider used, status, error log if anything failed.
  • wp_otts_opens (pro plugin) — one row per (newsletter ID, salted email hash) on first open. The hash is HMAC-SHA256 of the email + a site-scoped secret — emails are never stored in this table in plaintext.
  • Custom post type otts_newsletter — your draft / scheduled / sent issues, with subject line and metadata in post meta.
  • Plugin options — settings (encrypted secrets for Claude key, Resend key, Stripe secrets, etc.), site context cache.
  • Lead-magnet files — uploaded PDFs / zips live under wp-content/uploads/otts-lead-magnets/ with random filenames and an .htaccess blocking direct access.

External services the plugin calls

Only when you provide credentials — no service is contacted before you opt in by entering a key.

  • Anthropic Claude API (api.anthropic.com) — for newsletter generation and editor actions. The plugin sends Claude your draft text and your site-context summary. Receives the model's response. Anthropic privacy policy.
  • Resend (api.resend.com) — if Resend is your email provider. The plugin sends each outgoing email through Resend. Resend privacy.
  • SMTP server — if SMTP is your provider, your configured host receives every outgoing email.
  • Stripe (pro plugin only, api.stripe.com) — only if you set up the paywall. Subscriber email + plan info is sent to Stripe at checkout. Stripe privacy.
  • Mailchimp / MailerLite / Brevo / Kit (pro plugin only) — only if you select one as your email provider.

The plugin never contacts onetwothreesend.com or any "phone home" service. It runs entirely on your install.

GDPR / privacy practices

  • One-click unsubscribe on every email, no login required.
  • Subscriber CSV export from Newsletter → Subscribers — request-fulfilment ready.
  • Privacy policy text — disclose to subscribers what you store and which external services you use, especially the Claude / email-provider / Stripe ones.
  • Optional consent checkbox on every signup form (Newsletter → Signup Forms → GDPR checkbox).

Deletion

Newsletter → Settings → Advanced → Delete data on uninstall. Off by default — when you delete the plugin from Plugins → Installed, your subscriber list and newsletters are preserved unless you tick this. With it ticked: the plugin drops its tables, deletes all options, and removes lead-magnet files on uninstall.

Next: Troubleshooting.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by