AltMail.se
Docs
Account
Home

Privacy Policy

Last updated: 2025-05-07


AltMail.se operates a privacy-conscious email service for personal use. As an account holder, you are not required to disclose your identity other than keeping a working payment method (credit card, etc) on file at Stripe, our partner in providing payment services. Any personally identifiable information (PII) or financial data (e.g., credit card information) you disclose to Stripe stays at Stripe; we only process notifications from Stripe updating us on the payment status of your subscription. For more information, please refer to Stripe's own Privacy Policy.

Principally, AltMail.se only collects and stores data that is technically necessary for us to provide our services. We do not collect any personal information at sign-up, nor do we require you to submit such information to us later. Information tied to your account is retained only until you explicitly delete it, or your account gets closed. We do not give out any account-specific information to third parties (except when legally obliged to do so by competent authorities). We do not have any commercial interest in tracking or profiling our users, and we do not implement any such data collection.

When accessing our web-based account portal, we use session cookies that are technically necessary for providing the service. There are no non-essential cookies (for tracking, analytics, or any other purposes). Some of the cookies we do store might be persistent to allow you stay logged in for certain periods of time. You are welcome to delete our session cookies at any point in time, after which you will be required to login the next time you need to access any of these services.

Our account portal employs minimal in-browser JavaScript. This JavaScript is 100% developed by us and does not include any third party code. Its main purpose is to pre-validate form fields before submission. It also directs your browser to load Stripe's checkout when signing up. Stripe's own JavaScript gets loaded (from Stripe's own servers into your browser) when you enter Checkout. This part is completely outside our control. We do not have any access to what happens between your browser and Stripe's infrastructure; we do not see any of your payment details.

None of our web sites and services (public or private) perform any automated cross-origin requests to third parties.

We collect industry-standard access logs on our HTTP, IMAP and SMTP endpoints. We log the subset of what is applicable for any given protocol out of: timestamp, client IP and user agent, the request (or resource being accessed), number of bytes served, and the result code. We also collect similarly scoped application-level event logs for select backend services. All of these logs are rotated daily and are kept for a maximum of ten (10) days. The logs are machine-read and processed to facilitate monitoring of our systems to provide insight into request rates, errors, resource usage, abuse detection, etc.

We extract certain data points from our access logs and application logs, compute statistical aggregates on top of them, and store the resulting data beyond the end of the retention period of the original data. All of this statistically derived data is completely anonymous (does not include client IP, user agent, or account address) and aggregated, and is used to drive operational excellence. It is never shared with a third party.

In-flight email (being received into, or sent from your account) is machine-read and processed by industry-standard spam and virus scanner programs to ensure orderly and safe operation of our infrastructure and to protect all our users. This process also includes outbound rate-limiting.

We do not retain copies of outbound emails, other than as a consequence of your mail client saving a copy of sent email into a certain folder (usually named "Sent"). This is within your control and is entirely optional.

At any point in time, data we store on your behalf is constituted by the emails kept in your account, plus offline backups thereof that are kept for a maximum of ten (10) days. The entirety of this data is strongly encrypted at rest at all times, and transmitted over encrypted channels. The only exception where your email is transmitted unencrypted between our server and the outside world is when you send email to, or receive email from a counterparty whose mail server does not offer TLS-encrypted mail transport. (This is getting increasingly rare; all major mail providers support TLS.) We never allow unencrypted connections between our servers and your (mail and web) clients, or use such connections within our internal infrastructure.

Please keep in mind that we are technically able to access the email stored in your account in human-readable form. Naturally (as well as a matter of policy), we do NOT do this unless we are forced to investigate (suspected or reported) abuse or are legally compelled to aid an external (criminal) investigation. We strive to notify you whenever such a "data incident" happens, but we may be legally prevented from doing so.

If you are paranoid, you are advised to periodically download all email from your account, archive it locally (on machines that you control), and delete it from our server. Such a so-called offline email setup is facilitated by purpose-built IMAP sync clients (e.g., offlineimap, mbsync). Most general-purpose mail clients (e.g., Thunderbird) also support a "do not leave email on the server" mode of operation. If you are truly paranoid, you are advised to avoid email altogether in favour of a different communications medium with built-in end-to-end encryption guarantees.

Apart from your emails themselves, we store and process a few database records (individual pieces of data) to manage your account. These are: 1) your primary account email that serves as your user name when logging in to our account portal, and when authenticating against our IMAP and SMTP services; 2) your recovery email address (optional but highly recommended); 3) any further email aliases you use (also optional). All of this data is necessary for providing our services to you.

We only ever store your account password in hashed form, and therefore we are never able to recover your password. If you lose your password and do not have a verified recovery email where we can send a password reset email, we are not able to help you, and you will lose access to your account.

If you delete an email in your account, the corresponding data will be promptly deleted from our mail servers. Depending on the age of the deleted email, our backups might continue to hold the email subject to their retention period, which is ten (10) days at most.

If you choose to delete your account, this action will promptly delete all related data (your emails and database records related to your account). Backups will continue to hold your data subject to their retention period, which is ten (10) days at most.

If you have any feedback or questions related to this Privacy Policy, you can email us at contact-at-altmail-dot-se.

All content under this domain is Copyright © AltMail.se, All rights reserved.
Home | Docs | ToS | Privacy | Contact | FAQ
ax429541@altmail.se | cm198576@altmail.se | go234982@altmail.se | kp692345@altmail.se | ps729348@altmail.se | ug834723@altmail.se | joey1989@altmail.se | papa77.x@altmail.se | dudez666@altmail.se | warez576@altmail.se | 13371337@altmail.se | k4st3r99@altmail.se