Privacy Policy
Last updated: January 1, 2025
1. Introduction
SecuriMail ("we," "our," or "us") operates the securimail.io website and services. This Privacy Policy explains how we collect, use, and protect your information.
Our Core Principle
We cannot read your emails. Our zero-knowledge architecture ensures your privacy is mathematically guaranteed. Your email content is encrypted so that even we cannot access it.
2. Data We Collect
Account Information
- Email address (for account creation and authentication)
- Payment information (processed securely by Stripe—we never see your full card number)
- Account preferences and settings
Usage Data
- Mask creation and usage statistics (number of masks, forwarded emails)
- Feature usage patterns (which features you use)
- Device and browser information for security purposes
Email Content (Zero-Knowledge)
- Email content is encrypted in transit and at rest
- We cannot decrypt or read your email content
- AI features use metadata only by default (sender, subject line)
- Content analysis is opt-in and processed with privacy-preserving techniques
3. How We Use Your Data
- Service Provision: To operate and maintain your SecuriMail account
- Communication: To send important service updates and security alerts
- Improvement: To understand how our service is used and improve it
- Legal Compliance: To comply with applicable laws and regulations
We do not sell your personal data. We do not use your data for advertising. We do not share your data with third parties except as necessary to provide our service.
4. Data Storage & Retention
Storage Locations
Your data is stored on secure servers. We use industry-standard encryption for all data at rest and in transit.
Retention Periods
- Account data: Retained until you delete your account
- Email data: Configurable retention period (default varies by plan)
- Logs: Retained for up to 90 days for security and debugging
Deletion
When you delete your account, all associated data is permanently removed within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.
5. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Correct inaccurate personal data
- Deletion: Delete your personal data ("right to be forgotten")
- Portability: Export your data in a portable format
- Objection: Object to certain types of processing
To exercise these rights, visit your account settings or contact us at privacy@securimail.io.
7. Third-Party Services
We use the following third-party services:
- Stripe: Payment processing (PCI-DSS compliant)
- Infrastructure providers: Cloud hosting and CDN services
All third-party services are bound by data processing agreements and are required to handle your data in accordance with this policy.
8. Security Measures
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Zero-knowledge: Email content encrypted with keys we don't have
- Access controls: Strict internal access policies
- Monitoring: 24/7 security monitoring and intrusion detection
- Audits: Regular security audits and penetration testing
For more details, visit our Security page.
9. Children's Privacy
SecuriMail is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
10. Policy Changes
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use of SecuriMail after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
- Email: privacy@securimail.io
- For GDPR-related requests: dpo@securimail.io
Questions About Our Privacy Practices?
We're committed to transparency. Contact our privacy team if you have any questions.
Contact Privacy Team