packetmail
Legal · version 2026-04-12

Privacy Policy

Last updated April 12, 2026 · Questions? legal@packetmail.app

This Privacy Policy explains how Packetmail ("we," "us," or "our") collects, uses, and protects personal information in connection with Packetmail (the "Service"). We follow the principles of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) regardless of where you are located.

1. Information we collect

Account data

When you create an account we collect your name, email address, organization name, and a hashed password. If you upgrade to a paid plan, our payment processor (Stripe) collects billing details on our behalf — we never see your full card number.

Customer Data

To send email on your behalf, the Service processes the recipient addresses, message content, and delivery events you submit ("Customer Data"). We act as a data processor for this content.

Operational logs

We log API requests, IP addresses, user-agent strings, and SMTP transcripts for security, abuse prevention, and debugging. These logs are retained for 30 days unless required for an active investigation.

2. How we use your information

  • To provide, secure, and improve the Service.
  • To enforce our Terms of Service and prevent abuse.
  • To send essential service emails (verification, billing, security, deliverability alerts).
  • To meet legal and regulatory obligations.

We do not sell personal data, share it with advertising networks, or use Customer Data to train machine-learning models.

We rely on the following legal bases under Article 6 GDPR: contract performance (to deliver the Service you signed up for), legitimate interest (security, fraud prevention, product improvement), legal obligation (tax, accounting, abuse complaints), and consent (where you explicitly opt in).

4. Data retention

We retain account data for as long as your account is active and for a reasonable period after closure for legal and tax purposes. Customer Data is retained according to your plan's retention settings; you can request earlier deletion at any time. Operational logs roll off automatically after 30 days.

5. Your rights

Subject to applicable law, you have the right to access, correct, export, restrict, or delete the personal data we hold about you. You can exercise most of these rights from Settings → Data & Privacy, or by emailing privacy@packetmail.app. We will respond within 30 days.

6. International transfers

Your data is stored on infrastructure located in the United States and, for some customers, the European Union. Where personal data is transferred outside its country of origin, we rely on Standard Contractual Clauses approved by the European Commission.

7. Sub-processors

We use a small set of vetted sub-processors to provide the Service:

  • Stripe — payment processing
  • DigitalOcean — hosting and storage
  • Cloudflare — DNS, TLS termination, CDN
  • Sentry — error tracking (PII scrubbed)

A current list with countries and roles is available on request.

8. Security

We encrypt data in transit (TLS 1.2+) and at rest (AES-256). API tokens and SMTP credentials are hashed before storage. Access to production systems is restricted to a small number of operators and audit-logged.

9. Changes to this Policy

We may update this Policy as the Service evolves. Material changes will be announced by email and we will request fresh consent where required.

10. Contact

For privacy questions, contact our Data Protection Officer at privacy@packetmail.app.