Privacy Policy

Last updated: January 17, 2026

1. Introduction

SecuriMail ("we," "our," or "us") operates the securimail.io website and services. This Privacy Policy explains how we collect, use, and protect your information.

Our Core Principle

Your privacy is our priority. SecuriMail uses a privacy-first architecture where email content is processed in-memory and never stored in plaintext. While we must temporarily access email content to provide security scanning and spam filtering, this processing is ephemeral. Content is forwarded to your inbox and immediately discarded. We do not retain, log, or analyze email bodies beyond the processing window.

2. Data We Collect

Account Information

  • Email address (for account creation and authentication)
  • Payment information (processed securely by Stripe—we never see your full card number)
  • Account preferences and settings

Usage Data

  • Mask creation and usage statistics (number of masks, forwarded emails)
  • Feature usage patterns (which features you use)
  • Device and browser information for security purposes

Email Processing (Privacy-First Architecture)

  • Email content is processed in-memory only for security scanning, spam filtering, and tracker removal
  • After processing, email content is immediately forwarded to your personal inbox and discarded from our systems
  • We do not store email body content on our servers
  • AI-powered filtering uses headers only by default (sender, subject, content-type)
  • Full content analysis is opt-in and processed ephemerally. Content is never persisted
  • If email archiving is enabled, content is encrypted with AES-256-GCM using per-user keys before storage
  • For outbound replies sent through your masks, email content is encrypted (AES-256-GCM) and temporarily queued until delivery, then automatically deleted within 7 days

3. How We Use Your Data

  • Service Provision: To operate and maintain your SecuriMail account
  • Communication: To send important service updates and security alerts
  • Improvement: To understand how our service is used and improve it
  • Legal Compliance: To comply with applicable laws and regulations

We do not sell your personal data. We do not use your data for advertising. We do not share your data with third parties except as necessary to provide our service.

4. Data Storage & Retention

Storage Locations

Your data is stored on secure servers. We use industry-standard encryption for all data at rest and in transit.

Retention Periods

  • Account data: Retained until you delete your account
  • Email content: Not stored (ephemeral processing only)
  • Archived emails: Encrypted and retained per your configured retention period
  • Outbound queue: Encrypted, deleted within 7 days of delivery
  • Logs: Retained for up to 90 days for security and debugging (no email content)

Deletion

When you delete your account, all associated data is permanently removed within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.

5. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Correct inaccurate personal data
  • Deletion: Delete your personal data ("right to be forgotten")
  • Portability: Export your data in a portable format
  • Objection: Object to certain types of processing

To exercise these rights, visit your account settings or contact us at privacy@securimail.io.

6. Cookies & Tracking

Essential Cookies

We use essential cookies to maintain your session and remember your preferences. These are necessary for the service to function.

Service Monitoring

We use Grafana Faro for error tracking and performance monitoring to maintain service reliability. This collects:

  • Application errors and crash reports
  • Page load performance metrics
  • Navigation patterns (pages visited, not content viewed)

This monitoring does not collect email content, personal messages, or identifying information beyond what's needed for debugging. No data is shared with advertisers or third parties.

No Advertising Cookies

We do not use advertising cookies or tracking pixels. We do not participate in ad networks or retargeting programs.

7. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (PCI-DSS compliant)
  • Grafana Cloud: Application monitoring and error tracking
  • Cloudflare: Infrastructure, CDN, and Workers AI (for opt-in content filtering)

All third-party services are bound by data processing agreements and are required to handle your data in accordance with this policy.

8. Security Measures

Encryption

  • TLS 1.3 for all data in transit (enforced by Cloudflare)
  • AES-256-GCM encryption for any stored email content (when archiving is enabled)
  • RSA-OAEP encryption for queued emails awaiting delivery
  • Per-user encryption keys derived using HKDF

Additional Security Measures

  • Access controls: Strict internal access policies
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Audits: Regular security audits and penetration testing

For more details, visit our Security page.

9. Children's Privacy

SecuriMail is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use of SecuriMail after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Questions About Our Privacy Practices?

We're committed to transparency. Contact our privacy team if you have any questions.

Contact Privacy Team