Privacy Policy

This Privacy Policy describes how NoServerMail ("we", "us", "our") collects, uses, and protects your personal data when you use our website (noservermail.com) and services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the California Privacy Rights Act (CPRA).

1. Who We Are

NoServerMail Owner, established in the United Kingdom. For any privacy-related questions, you can contact us at privacy@noservermail.com.

2. Who Can Use Our Service

• You must be at least 18 years old to use NoServerMail.
• We do not knowingly collect information from children under 13 years of age.

3. Data We Collect

• Account Data: Email address (for magic link login).
• Usage Data: IP address, device and browser type, referrer, pages visited, timestamps, and approximate location.
• Logs: AWS Lambda and CloudFront logs.
• Support Data: Messages you send to us.
• Email Attachments: Stored in your AWS account via S3.

We do not intentionally collect any special category (sensitive) personal data.

4. How We Collect Data

• Directly from you (forms, login).
• Automatically through cookies and scripts.
• From third-party providers (Stripe for payments, Google Analytics, Hotjar for analytics).

5. Purposes and Legal Bases

• Provide and operate our services (contract).
• Ensure security, prevent fraud, and improve the service (legitimate interests).
• Comply with legal obligations (legal obligation).
• Use analytics with your consent (consent).

6. Cookies and Analytics

We use essential cookies for authentication and security. We also use Google Analytics and Hotjar to help us understand usage and improve our services. These analytics tools may set cookies on your device if you consent via our cookie banner.

7. Email and Communications

We send transactional emails (e.g., magic link login) via AWS SES. We do not currently send marketing emails or newsletters.

8. Payments

Payments are processed through Stripe. We do not store card or billing information; this is handled entirely by Stripe.

9. Authentication and Accounts

We use magic link authentication only. You can request account deletion or data export by emailing privacy@noservermail.com.

10. Infrastructure and Subprocessors

• AWS SES, Lambda, S3, DynamoDB, CloudFront
• Stripe (payments)
• Google Analytics and Hotjar (analytics)

11. Data Retention

We retain personal data indefinitely unless you request deletion. AWS service logs are retained according to AWS defaults.

12. Security

We use encryption at rest and in transit, least privilege access controls, and AWS monitoring/logging. No independent audits or certifications are currently held.

13. International Data Transfers

Your data is hosted in the AWS region you select. For transfers from the EU/UK to non-EEA regions, AWS Standard Contractual Clauses (SCCs) apply.

14. Your Rights

You have the right to access, correct, delete, or export your personal data, and to restrict or object to its processing. California residents have additional rights under CPRA. To exercise your rights, email privacy@noservermail.com.

15. Automated Decision-Making

We do not perform any automated decision-making with legal or significant effects.

16. Do Not Track

We do not currently respond to Do Not Track signals.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email.

For any privacy-related concerns, contact us at privacy@noservermail.com.