Privacy Policy

1. Who we are

The Service is operated by the organization that provides this EmailServer deployment to you (referred to as “we,” “us,” or “our”). For privacy requests specific to your account, use the contact or support channel your provider has given you (for example, the email or portal associated with your subscription).

2. Information we collect

Depending on how you use the Service, we may process the following categories of information:

• Account and authentication data. Identifiers used to sign in to administrative or webmail interfaces (such as username, email address, and security credentials in hashed form), session tokens, and account preferences.
• Domain and mailbox administration data. Domain names you add, DNS verification tokens, business or organizational labels you provide, mailbox identifiers (addresses and local parts), display names, and optional profile fields you choose to supply (for example, contact details used for account recovery or display).
• Email messages and related content. Messages you send, receive, or store using the Service, including headers, body text, attachments, and delivery status where applicable. This is inherent to providing email hosting.
• Technical and security metadata. Connection details, timestamps, IP addresses, message queue or delivery logs, anti-abuse signals, and similar data needed to operate, secure, and troubleshoot the mail infrastructure.
• Usage of our websites and portals. Standard web server logs, cookies or similar technologies required for authentication and session management, and aggregated analytics where enabled by your deployment.

3. How we use your information

We use the information above to:

• Provide, maintain, and improve email hosting, routing, storage, and administration features;
• Authenticate users, enforce access controls, and protect accounts from unauthorized use;
• Detect, prevent, and respond to abuse, spam, malware, fraud, and technical incidents;
• Meet legal, regulatory, and contractual obligations (including lawful requests from competent authorities where applicable);
• Communicate about the Service, security notices, and material changes to our terms or policies.

Where required by law, we rely on appropriate legal bases such as performance of a contract, legitimate interests (for example, securing the platform), or consent, depending on the processing activity and jurisdiction.

4. Storage, retention, and deletion

We retain data only as long as needed for the purposes above, unless a longer period is required by law or dispute resolution. Email content and mailbox data are typically retained until you delete it, your administrator removes the mailbox or domain, or your agreement ends, subject to backup and operational retention windows configured for the deployment. Administrative and security logs may be kept for a limited period consistent with industry practice and legal requirements.

5. Security

We implement technical and organizational measures appropriate to the nature of email hosting, including access controls, encryption in transit where supported by the protocols in use, and protections against common network and application threats. No method of transmission or storage is completely secure; we encourage strong passwords, multi-factor authentication where available, and prompt reporting of suspected compromise.

6. Sharing and subprocessors

We do not sell your personal information. We may share data with subprocessors that assist in operating the Service (for example, infrastructure, DNS, or security vendors) under contractual obligations consistent with this policy. We may also disclose information if required by law, to protect rights and safety, or in connection with a merger or asset transfer subject to appropriate safeguards.

7. International transfers

Your data may be processed in countries where we or our subprocessors operate. Where personal data is transferred across borders, we use mechanisms recognized under applicable law (such as standard contractual clauses or adequacy decisions) where required.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing of your personal data, to object to processing based on legitimate interests, to data portability where technically feasible, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact your service provider using the support channel they supply.

9. Administrators and end users

Where organizations use the Service for their domains and mailboxes, the organization’s administrators may control accounts, routing, and retention. End users should direct privacy questions to their organization when the organization is the data controller for workplace or tenant email.

10. Children

The Service is not directed at children. We do not knowingly collect personal information from children below the age at which parental consent is required in your jurisdiction. If you believe we have collected such information, contact us so we can delete it.

11. Cookies and similar technologies

Our web interfaces may use cookies or local storage that are strictly necessary for sign-in, security, and preferences. Additional cookies, if any, depend on how this deployment is configured; your provider can supply a separate cookie notice where required.

12. Changes to this policy

We may update this policy from time to time. We will post the revised version on this page and adjust the “Last updated” date. Material changes may be communicated through the Service or by other appropriate means.