Privacy Policy

Last updated: January 2026

1. Introduction

Welcome to Mailat ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our managed email platform service.

By using Mailat, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our service:

  • Account Information: Email address used for authentication and communication
  • Payment Information: Billing details processed through Gumroad (we do not store payment card details)
  • AWS Credentials: AWS access keys you provide for SES integration (encrypted at rest)
  • Support Communications: Information you provide when contacting support

2.2 Information Automatically Collected

When you access our service, we automatically collect:

  • Usage Data: Server provisioning events, login timestamps, and feature usage
  • Technical Data: IP address, browser type, and device information
  • Server Metrics: Health status, resource utilization, and performance data from your Mailat server

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our email platform service
  • Provision and manage your dedicated email server
  • Process payments and manage subscriptions
  • Send service-related communications (magic links, status updates)
  • Respond to support requests and provide customer service
  • Monitor and improve the security and performance of our service
  • Comply with legal obligations

4. Data Storage and Security

4.1 Where We Store Data

  • Control Plane: Customer accounts and subscription data stored on Cloudflare infrastructure
  • Email Servers: Dedicated Hetzner servers in data centers you select
  • Backups: Server backups stored on Hetzner Object Storage

4.2 Security Measures

We implement appropriate security measures including:

  • AES-256 encryption for sensitive data (AWS credentials)
  • TLS encryption for all data in transit
  • Firewall protection and fail2ban on all servers
  • Regular security updates and patches
  • Audit logging of administrative actions

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Gumroad: For payment processing
  • Hetzner: For server hosting infrastructure
  • Cloudflare: For application hosting and DNS services
  • AWS: Email sending through your own AWS SES credentials

We may also disclose information if required by law or to protect our rights, privacy, safety, or property.

6. Your Email Data

Important: Your email content is stored on your dedicated server and is not accessible to Mailat staff during normal operations. We only access server infrastructure for:

  • Automated system updates
  • Health monitoring and alerts
  • Support requests where server access is explicitly authorized by you

7. Data Retention

  • Active Accounts: Data retained while your subscription is active
  • Cancelled Accounts: Server data deleted 7 days after subscription end
  • Backups: Retained based on your plan (24h to 30 days)
  • Audit Logs: Retained for 1 year for security purposes

8. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Export: Export your email data before cancellation
  • Withdraw Consent: Unsubscribe from marketing communications

9. Cookies and Tracking

We use minimal cookies for:

  • Authentication: Session cookies to keep you logged in
  • Preferences: Remember your dashboard settings

We do not use tracking cookies or third-party analytics that track you across websites.

10. International Data Transfers

Your data may be processed in different jurisdictions depending on server location. We ensure appropriate safeguards are in place for any international transfers.

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Back to Home Terms of Service →