Privacy Policy

1.1. Account Information

When you create an account, we collect your name, email address, and password (stored as a cryptographic hash). If you subscribe, we collect billing information through our payment processor (Stripe).

1.2. Email Data

The Service processes and stores emails that you send and receive through your configured domains. This includes email headers, body content, and attachments.

1.3. Domain Configuration Data

We store the domain names you add, DNS configuration records, and domain health check results.

1.4. Usage Data

We collect information about how you use the Service, including login timestamps, feature usage, email volume statistics, and storage consumption.

1.5. Technical Data

We automatically collect IP addresses, browser type and version, operating system, and device information when you access the Service.

We use the data we collect to:

• Provide, operate, and maintain the Service
• Process and deliver emails on your behalf
• Manage your account and subscriptions
• Provide customer support
• Send service-related notifications (e.g., billing, security alerts)
• Monitor and improve the security and performance of the Service
• Detect and prevent spam, abuse, and fraud
• Comply with legal obligations

We do not read, scan, or analyze the content of your emails for advertising purposes. Email content is processed only as necessary to provide the Service (spam filtering, virus scanning, delivery).

Under the GDPR, we process your data based on the following legal bases:

• Contract performance: Processing necessary to provide the Service you have subscribed to.
• Legitimate interests: Processing necessary for security, fraud prevention, and service improvement.
• Legal obligation: Processing required to comply with applicable laws and regulations.
• Consent: Where we rely on your consent (e.g., marketing communications), you may withdraw it at any time.

We share data with third-party service providers only as necessary to operate the Service:

• Stripe: Payment processing. Stripe processes your payment information under their own privacy policy.
• Infrastructure providers: Cloud hosting and server infrastructure for storing and processing email data.
• Cloudflare: DNS, CDN, and security services including bot protection (Turnstile).

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

We retain your data for as long as your account is active and as necessary to provide the Service. Specifically:

• Account data: Retained for the duration of your subscription and for 30 days after account termination to allow data export.
• Email data: Retained for the duration of your subscription. Deleted emails are permanently removed from our servers within 30 days.
• Billing data: Retained for up to 7 years as required by tax and accounting regulations.
• Server logs: Retained for up to 90 days for security and debugging purposes.

Under the GDPR and other applicable data protection laws, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure:Request deletion of your personal data (“right to be forgotten”).
• Right to restriction: Request restriction of processing of your personal data.
• Right to data portability: Request a copy of your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@justemails.app. We will respond within 30 days.

We use only essential cookies that are strictly necessary for the Service to function:

• Session cookies: Used to maintain your authenticated session. These expire when you log out or after the session timeout.
• CSRF tokens: Used to protect against cross-site request forgery attacks.

We do not use tracking cookies, advertising cookies, or analytics cookies that track individual users.

We implement appropriate technical and organizational measures to protect your data, including:

• TLS encryption for all data in transit
• Encryption at rest for stored data
• Regular security audits and penetration testing
• Access controls and principle of least privilege
• Two-factor authentication for user accounts
• Automated threat detection and incident response

Your data may be transferred to and processed in countries other than your own. Where we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

The Service is not intended for children under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service at least 30 days before the changes take effect.

For privacy-related questions or to exercise your data rights, contact us at:

Velocity Digital Labs
Email: privacy@justemails.app
Website: velocitydigitallabs.com

If you are in the EU and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local Data Protection Authority.