Privacy policy

You have no reasonable expectation of privacy when using this service. By creating an account, sending or receiving mail, using APIs, making payments, or otherwise interacting with this host, you consent to the collection, use, storage, disclosure, and retention practices described here and in the acceptable use policy and risk disclaimer.

The operator may monitor, log, inspect, copy, and analyze traffic and content for any lawful purpose, including security, abuse prevention, billing, operations, and compliance.

Without limiting what follows, the operator may collect and retain:

• Mail content and metadata — full messages, headers, attachments, envelope data, routing stamps (including spam and threat-check results), folder placement, and delivery outcomes.
• Account and authentication data — usernames, mailbox addresses, passwords (stored in hashed form where applicable), recovery contacts, domain registrations, and signup or login events.
• Network and device data — IP addresses, SMTP/IMAP/HTTP client identifiers, TLS fingerprints, user agents, session data, and connection timestamps.
• Payment and wallet data — x402 payment headers, settlement references, wallet addresses, transaction amounts, and related on-chain or facilitator records.
• Operational logs — server logs, abuse databases, quota records, send/recipient indexes, trust indexes, fail2ban events, and diagnostic traces (including data sent to or received from third-party APIs).
• Anything else the operator reasonably deems necessary to run, secure, bill, or defend the service.

The operator may use collected information for any purpose related to the service or the operator's interests, including:

• Delivering, filtering, storing, or blocking mail; enforcing quotas, rate limits, and billing.
• Detecting and responding to spam, abuse, fraud, intrusion, or policy violations.
• Sharing subsets of headers or metadata with third-party services (for example spam-classification or IP-threat APIs, payment facilitators, DNS or certificate providers, and cloud or AI processors).
• Aggregating, analyzing, training models, or improving systems—using data you provide through the service.
• Complying with legal process, cooperating with authorities, and asserting or defending legal claims.

The operator is not obligated to use data only for the purpose for which it was originally collected.

The operator may disclose information—to affiliates, contractors, vendors, law enforcement, regulators, courts, abuse desks, recipients, or any other party—when the operator believes disclosure is appropriate, including without your notice or consent. That includes disclosure to protect the operator, users of other systems, or the public; to enforce policies; or to satisfy legal obligations.

Third parties receiving data have their own practices; the operator is not responsible for how they handle information once disclosed.

The operator may retain information for as long as it chooses, including after account closure or service termination. Backups, logs, and copies may persist indefinitely. The operator has no duty to delete, anonymize, or return your data on request, except where a non-waivable law requires otherwise.

To the maximum extent permitted by law, you waive and agree not to assert rights of access, correction, portability, restriction, objection, or erasure with respect to information held by the operator. The operator does not commit to honoring data-subject requests, opt-out regimes, or "do not track" signals unless mandatory law applies and cannot be waived.

Some jurisdictions grant rights that cannot be waived; in those cases, this section applies only to the extent allowed.

The operator may implement reasonable safeguards but does not guarantee confidentiality, integrity, or availability of your information. You assume all risk of unauthorized access, breach, loss, or misuse. See the risk disclaimer for limitation of liability.

The operator may change this policy at any time. The current text at Privacy policy in the app is authoritative. Continued use after changes constitutes acceptance.

Privacy-related inquiries may be directed to the postmaster address for your domain (typically postmaster@<your-mail-domain>). The operator is not required to respond and may handle inquiries at its sole discretion.