One Two Three Send

Privacy and data

← All docs

Newsletter plugin

Facebook posting plugin

General

Privacy & data

One Two Three Send is built around the principle that your subscribers belong to you, not to a third-party CRM. Everything important lives in your own WordPress database.

What the plugin stores locally

  • wp_otts_subscribers — email, optional first name, status, type (free / paid), Stripe customer + subscription IDs (if paid), subscribed and unsubscribed timestamps, a 64-character random token used for one-click unsubscribe and signed download links.
  • wp_otts_sends — one row per send: newsletter ID, recipient count, provider used, status, error log if anything failed.
  • wp_otts_opens (pro plugin) — one row per (newsletter ID, salted email hash) on first open. The hash is HMAC-SHA256 of the email + a site-scoped secret — emails are never stored in this table in plaintext.
  • Custom post type otts_newsletter — your draft / scheduled / sent issues, with subject line and metadata in post meta.
  • Plugin options — settings (encrypted secrets for Claude key, Resend key, Stripe secrets, etc.), site context cache.
  • Lead-magnet files — uploaded PDFs / zips live under wp-content/uploads/otts-lead-magnets/ with random filenames and an .htaccess blocking direct access.

External services the plugin calls

Only when you provide credentials — no service is contacted before you opt in by entering a key.

  • Anthropic Claude API (api.anthropic.com) — for newsletter generation and editor actions. The plugin sends Claude your draft text and your site-context summary. Receives the model's response. Anthropic privacy policy.
  • Resend (api.resend.com) — if Resend is your email provider. The plugin sends each outgoing email through Resend. Resend privacy.
  • SMTP server — if SMTP is your provider, your configured host receives every outgoing email.
  • Stripe (pro plugin only, api.stripe.com) — only if you set up the paywall. Subscriber email + plan info is sent to Stripe at checkout. Stripe privacy.
  • Mailchimp / MailerLite / Brevo / Kit (pro plugin only) — only if you select one as your email provider.

The plugin never contacts onetwothreesend.com or any "phone home" service. It runs entirely on your install.

GDPR / privacy practices

  • One-click unsubscribe on every email, no login required.
  • Subscriber CSV export from One Two Three Send → Subscribers — request-fulfilment ready.
  • Privacy policy text — disclose to subscribers what you store and which external services you use, especially the Claude / email-provider / Stripe ones.
  • Optional consent checkbox on every signup form (One Two Three Send → Signup Forms → GDPR checkbox).

Deletion

One Two Three Send → Settings → Advanced → Delete data on uninstall. Off by default — when you delete the plugin from Plugins → Installed, your subscriber list and newsletters are preserved unless you tick this. With it ticked: the plugin drops its tables, deletes all options, and removes lead-magnet files on uninstall.

Next: Troubleshooting.

Email-provider scope

Whichever email provider you pick in One Two Three Send → Settings → Provider (Mailchimp, MailerLite, Brevo, Kit, Amazon SES, Resend, SMTP) handles newsletter sends only — meaning the rendered broadcasts that go out to your subscriber list. The rest of WordPress’s outbound mail traffic — password-reset emails, comment-moderation notifications, contact-form receipts, plugin admin alerts — continues to go through whatever wp_mail() path your site already uses (typically PHP’s sendmail via your host).

This matters when troubleshooting deliverability. If a subscriber doesn’t receive a welcome email, but they do get newsletter sends fine, the welcome path is the issue — most likely the host’s default mailer being throttled or marked spammy. The fix is to add a dedicated transactional service (we use Postmark) at the host level, separately from the newsletter provider. SES, MailerLite, etc. specifically refuse one-off transactional mail because mixing transactional and bulk on the same reputation harms both.

If you want every outbound email on your WordPress site routed through SES (rather than only the newsletter sends), configure SES at the host level — usually via a “WP Mail SMTP” type plugin or your host’s built-in SES integration — independently of the One Two Three Send provider choice.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by