Legal
Privacy Policy
Your privacy matters to us. Learn how we protect your data.
Last updated:
1. Introduction
MailAfiniti ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our email hosting services ("Services") and website. This policy applies to business customers and their administrators, end users of customer email accounts, and visitors to our website.
2. Information We Collect
Account & Business Information
When you sign up, we collect your business name, contact information, billing address, payment details, domain names, and account administrator details (name, email, phone).
Email & Usage Data
In providing the Services, we process email metadata (sender, recipient, timestamps, subject lines, message size), email content (solely to deliver, filter spam/malware, and provide the Services), mailbox usage and storage data, and login activity and access logs.
Technical Data
We collect IP addresses and device identifiers, browser type and operating system, pages visited on our site and features used, and data from cookies and similar tracking technologies.
Support Data
We collect communications with our support team and diagnostic information you share to resolve issues.
We do not sell your personal information or Customer Data to third parties.
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Services | Contract performance |
| Process payments and manage billing | Contract performance |
| Deliver, filter, and route email | Contract performance |
| Detect and prevent spam, abuse, and security threats | Legitimate interests |
| Send service notifications and updates | Contract performance |
| Provide customer support | Contract performance |
| Improve and develop our Services | Legitimate interests |
| Comply with legal obligations | Legal obligation |
| Send marketing communications | Consent |
4. Email Content & Processing
For email content transmitted through our Services, you (the Customer) are the data controller and we are the data processor acting on your instructions. We access email content only to deliver and route messages, scan for spam, malware, and viruses, provide Services you have requested, and comply with legal requirements.
We do not scan, analyze, or use email content for advertising purposes.
6. GDPR — Rights of EU/UK Data Subjects
If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under GDPR/UK GDPR:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent at any time without affecting prior lawful processing |
To exercise your rights, contact us at [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., ICO in the UK, your national DPA in the EU).
For international data transfers outside the EEA/UK, we use EU Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements (IDTAs), or adequacy decisions where applicable.
7. CCPA — Rights of California Residents
If you are a California resident, under the CCPA (as amended by CPRA), you have the right to know, delete, correct, opt-out, limit use of sensitive personal information, and non-discrimination for exercising your rights.
We do not sell or share personal information as defined under CCPA.
To exercise your rights, contact us at [email protected]. We will respond within 45 days (extendable by an additional 45 days with notice).
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of subscription + 3 years |
| Email content (active) | Duration of subscription |
| Email content (post-termination) | 30 days, then permanently deleted |
| Billing records | 7 years (legal/tax requirement) |
| Access logs | 90 days |
| Support records | 3 years |
10. Security
We implement appropriate technical and organizational measures to protect your data, including:
- •Encryption in transit (TLS 1.2+) and at rest (AES-256)
- •Access controls and multi-factor authentication
- •Regular security assessments and penetration testing
- •Employee security training
- •Incident response procedures
In the event of a data breach affecting your data, we will notify you and relevant authorities as required by applicable law (within 72 hours under GDPR where required).
11. Children's Privacy
The Services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us at [email protected].
12. Changes to This Policy
We will notify you of material changes to this policy by email to the account administrator at least 30 days before changes take effect, and by prominent notice on our website. Continued use of the Services after the effective date constitutes acceptance of the updated policy.
13. Contact
For privacy inquiries or to exercise your data rights, contact our Privacy Team:
- Privacy email: [email protected]
- Support: Visit our Help & Support page
- Related policies: Cookie Policy · Terms of Service · Data Processing Agreement