Privacy Policy
This policy explains how mtumail ("we/us") processes personal data to operate a secure email service.
Data We Process
- Account data: name, email, and identifiers from our authentication provider (Clerk).
- Service data: mailboxes, messages, metadata (timestamps, sender/recipient, delivery status).
- Operational data: audit logs, security events, and configuration.
Purpose & Lawful Basis
We process data to provide the email service, prevent abuse, troubleshoot, comply with law, and improve reliability. For EEA/UK users, our legal bases are contract, legitimate interests, and compliance with legal obligations.
Access & Content Review
We do not read your mail content except where we have a reasonable and documented cause to do so, for example:
- Responding to incident reports or abuse (spam, malware, fraud, policy violation).
- Restoring service, debugging delivery issues, or investigating security alerts.
- When legally required (e.g., valid court order, lawful request).
Any such access is minimal, logged, and restricted to authorized personnel.
Revocation & Service Management
We may revoke or reclaim mailbox names and suspend accounts at any time to preserve service integrity, comply with law, or mitigate abuse. We will notify you when reasonable.
Security
- TLS in transit; secrets hashed or encrypted at rest.
- Least‑privilege access; production access logged and reviewed.
- Authentication via Clerk with modern session protections.
Third‑Party Processors
- Clerk (authentication and user management).
- Mailcheap or equivalent SMTP provider (mail delivery).
- Infrastructure providers (compute, storage, networking).
Your Rights
Subject to local laws (e.g., GDPR/CCPA), you may request access, correction, deletion, or portability of your data. Contact [email protected].
Retention
Messages persist until you delete them. Logs and metrics are rotated on a schedule. Backups follow limited retention for disaster recovery.
Contact
Questions or requests: [email protected].