EarthMails
LEGAL

Privacy Policy

We believe privacy is a right, not a feature. This policy explains exactly how we handle your data — clearly and without legalese.

Last updated:

TL;DR — The short version

  • • We only collect data that is necessary to run the service.
  • • We never sell your data to third parties.
  • • We do not read the body of your emails.
  • • You can request deletion of your data at any time.
  • • We are GDPR and CCPA compliant.

Information We Collect

Account & Identity Information

When you sign up for EarthMails, we collect information such as your name, business email address, company name, billing address, and payment details. This data is necessary to create and manage your account and process transactions.

Usage Data

We automatically collect certain technical information when you use our service, including IP addresses, browser type, operating system, pages visited, features used, and timestamps. This data helps us improve performance, detect abuse, and understand how our platform is used.

Email Metadata

To provide deliverability and security features, we process email metadata such as sender/recipient addresses, subject lines, timestamps, message IDs, and SMTP headers. We do not read, store, or scan the body content of your emails.

Communications

If you contact us for support or submit a form on our website, we retain the content of those communications to assist you and improve our service.

How We Use Your Information

Service Delivery

We use your data to provision mailboxes, configure DNS records (SPF, DKIM, DMARC), process payments, authenticate users, and provide the core features of the EarthMails platform.

Security & Fraud Prevention

We analyze usage patterns and metadata to detect abuse, prevent unauthorized access, enforce rate limits, and maintain the integrity of our infrastructure for all customers.

Product Improvement

Aggregated, anonymized usage statistics help us prioritize features, fix bugs, and improve the reliability and performance of our service.

Communications

We may send you transactional emails (invoices, password resets, security alerts) and, where you have opted in, product updates and newsletters. You can unsubscribe from marketing emails at any time.

Legal Compliance

We may process your data to comply with applicable laws and regulations, respond to lawful requests from public authorities, and enforce our Terms of Service.

Data Sharing & Third Parties

We Do Not Sell Your Data

EarthMails does not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

Sub-processors

We work with a limited set of trusted sub-processors to operate our platform — including cloud infrastructure providers, payment processors (Stripe), and transactional email providers. Each sub-processor is bound by data processing agreements and required to implement appropriate security measures.

Legal Disclosures

We may disclose your information if required by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

Data Security

Encryption

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Email data in transit between mail servers uses opportunistic TLS.

Access Controls

Access to customer data is strictly limited to EarthMails personnel who need it to operate and support the service. All access is logged, reviewed regularly, and protected by multi-factor authentication.

Infrastructure

Our infrastructure is hosted in SOC 2 Type II certified data centers with physical security controls, redundant power, and network monitoring. We perform regular vulnerability assessments and penetration tests.

Incident Response

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law within 72 hours of becoming aware of the incident.

Your Rights

Access & Portability

You have the right to request a copy of the personal data we hold about you and to receive it in a structured, machine-readable format.

Correction

You may update or correct inaccurate personal information at any time through your account settings or by contacting us.

Erasure

You may request deletion of your personal data. We will comply within 30 days, except where we are required to retain data by law or for legitimate business purposes such as fraud prevention.

Objection & Restriction

Where processing is based on legitimate interests, you may object to or request restriction of that processing. We will consider your request and respond within 30 days.

Withdrawing Consent

Where we rely on your consent to process data (e.g. marketing emails), you may withdraw that consent at any time without affecting the lawfulness of prior processing.

GDPR & CCPA

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR). California residents have rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact us at info@earthmails.com.

Cookies & Tracking

Essential Cookies

We use essential cookies to keep you logged in, remember your preferences, and maintain session security. These cannot be disabled as they are necessary for the platform to function.

Analytics Cookies

With your consent, we use analytics cookies to understand how visitors interact with our website. This data is aggregated and anonymized. You can opt out at any time through our cookie preferences.

No Advertising Cookies

We do not use advertising or cross-site tracking cookies. We do not share your browsing behaviour with advertisers.

Data Retention

Active Accounts

We retain your personal data for as long as your account is active or as needed to provide our services.

Account Closure

When you close your account, we delete or anonymize your personal data within 90 days, except where retention is required by law (e.g. for tax and accounting records, typically 7 years).

Backup Retention

Encrypted backups may retain data for up to 30 days after deletion from primary systems before being purged from backup storage.

Contact & Updates

Data Controller

EarthMails is the data controller responsible for your personal information. If you have questions, concerns, or wishes to exercise your rights, you can reach our privacy team at info@earthmails.com.

Policy Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the platform at least 30 days before the change takes effect. Continued use of the service after that date constitutes acceptance of the updated policy.

Questions about this policy?

Our privacy team is happy to help.

Contact Privacy Team

© 2026 EarthMails. All rights reserved. Back to home