1. Overview
Mailtron ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Mailtron email platform and related services (collectively, the "Service").
Mailtron is designed with a zero-knowledge architecture. This means we structurally cannot access the content of your encrypted emails, even if compelled to do so. Your privacy is not just a policy -- it is enforced by our technical architecture.
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- Email address (your Mailtron address and recovery address)
- Display name (optional)
- Password (stored as a cryptographic hash; we never store plaintext passwords)
- Payment information (processed by Stripe; we do not store credit card numbers)
2.2 Email Content
Your email messages, attachments, contacts, and calendar data are end-to-end encrypted. We store only encrypted ciphertext on our servers. We do not have the ability to decrypt or read this content.
2.3 Metadata
We process limited metadata necessary for email delivery:
- Sender and recipient email addresses (required for SMTP delivery)
- Timestamps (required for message ordering)
- Message size (required for storage quotas)
- IP addresses (temporarily, for abuse prevention; stripped from outgoing headers)
2.4 Usage Data
We collect anonymized, aggregate usage statistics to improve the Service:
- Feature usage frequency (e.g., how often search is used, but not search content)
- Performance metrics (load times, error rates)
- Device type and browser version (for compatibility)
3. How We Use Your Data
We use your data exclusively to:
- Provide and maintain the Service (email delivery, storage, search)
- Process payments and manage subscriptions
- Provide customer support
- Detect and prevent abuse, spam, and security threats
- Improve the Service through anonymized analytics
- Comply with legal obligations
We do not use your data for advertising. We do not sell your data. We do not mine your email content for any purpose.
4. Encryption & Zero-Knowledge Architecture
Mailtron uses end-to-end encryption (OpenPGP with optional post-quantum ML-KEM hybrid) for all Mailtron-to-Mailtron communication. Your encryption keys are generated on your device and never transmitted to our servers.
- At rest: All stored data is encrypted with AES-256-GCM
- In transit: All connections use TLS 1.3
- E2E: Message content is encrypted before leaving your device
- Key management: Client-side only; we cannot recover your keys
For more details, visit our Security page.
5. Data Sharing
We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:
- Service providers: Payment processing (Stripe), infrastructure (AWS). These providers are contractually bound to protect your data.
- Legal compliance: If required by law, we will comply with valid legal process. However, due to our zero-knowledge architecture, we can only provide encrypted data and metadata -- not email content.
- Business transfers: In the event of a merger or acquisition, your data will remain subject to this Privacy Policy.
6. Data Retention
We retain your data only as long as your account is active or as needed to provide the Service. When you delete your account:
- Your encrypted email data is permanently deleted within 30 days
- Backups containing your data are purged within 90 days
- Account metadata is retained for up to 12 months for abuse prevention
- Payment records are retained as required by financial regulations
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data
- Portability: Export your data in standard formats (MBOX, VCF, ICS)
- Restriction: Limit how we process your data
- Objection: Object to certain types of processing
To exercise any of these rights, contact us at privacy@trymailtron.com.
8. Cookies & Tracking
We use minimal, essential cookies:
- Session cookies: Required for authentication (expires when you close your browser)
- Preference cookies: Remember your settings (theme, language)
We do not use third-party tracking cookies, advertising cookies, or analytics trackers that profile your behavior. We do not use Google Analytics, Facebook Pixel, or similar services.
9. Children's Privacy
Mailtron is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@trymailtron.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or a prominent notice on our website at least 30 days before the changes take effect.
If you have questions about this Privacy Policy or our privacy practices, please contact us:
- Email: privacy@trymailtron.com
- Security issues: security@trymailtron.com