Privacy Policy
Last updated: June 12, 2026
Summary
We collect the minimum data needed to run your email. We do not sell your data. We do not show you ads. We do not track you across the web.
What we collect
Account information
Name and email address when you sign up. We use magic links for authentication, so we do not store passwords.
Email data
The emails you send and receive through shipmail, including message content, attachments, headers, and metadata (sender, recipients, timestamps). This is the core of the service. You can enable encryption at rest with your own key, in which case stored email cannot be read by anyone without the corresponding private key, including us.
Domain and mailbox configuration
Domain names, DNS verification status, mailbox addresses, and display names you configure.
Billing
Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status. We do not store credit card numbers or bank details.
Audit and security logs
IP addresses and user agent strings for login sessions. Actions performed in the dashboard and API (who did what, when). These logs exist for security and debugging.
Analytics
We use PostHog for website analytics, product analytics, feature flags, and masked session replay. PostHog events are limited to pageviews, product milestones, internal user and organization IDs, counts, booleans, and plan metadata. Session replay helps us understand usability issues by recording interactions, page structure, clicks, scrolling, and URLs. Public website page text may appear in session replay so we can understand marketing, pricing, blog, and documentation behavior. Login, onboarding, and dashboard interface copy may appear in session replay, but form inputs and sensitive values are masked before PostHog receives the recording. URLs are redacted to remove query strings and sensitive dynamic dashboard path values before capture. We do not send email content, prompts, generated drafts, mailbox addresses, domain names, webhook URLs, API keys, payment card details, support chat content, or secrets to PostHog.
Cookies
We use a session cookie to keep you logged in. PostHog may use first-party browser storage to connect pageviews, sessions, and product events. We do not use advertising cookies or third-party cookies.
How we use your data
- Deliver and store your email.
- Authenticate you and protect your account.
- Process your subscription payments through Stripe.
- Send you transactional emails (magic links, billing alerts, security notices).
- Debug issues and investigate abuse.
We do not use your email content for advertising, profiling, or training machine learning models.
Who has access
Only the shipmail team has access to production systems. We access your data only when necessary to operate the service, debug issues you report, or respond to legal obligations. If you enable encryption at rest, stored email is unreadable without your private key. For full details on how we protect your email, see our security page.
Third-party services
We use a small number of infrastructure providers to run shipmail:
- Stripe for payment processing.
- AWS SES for outbound email relay.
- Neon for database hosting (PostgreSQL).
- Cloudflare for email blob storage (R2, encrypted at rest).
- Vercel for application hosting.
- Hetzner for mail server hosting (Germany).
- PostHog for website analytics, product analytics, feature flags, and masked session replay.
- OpenAI for optional agent draft replies when you enable that feature.
Each provider processes data only as needed to deliver their service. We do not share your data with anyone else.
Data location
Our application, database, and mail server are hosted in Germany. Email blob storage uses Cloudflare R2 with a Western Europe location hint, and outbound email is delivered from EU infrastructure. Email content is encrypted at rest. Payments are processed by Stripe under its own privacy policy.
Data retention
We keep your data for as long as your account is active. When you delete your account, we delete your data within 30 days. Backups may retain data for up to 90 days after deletion. Audit logs are retained with personally identifiable fields removed.
Your rights
You can export your data, correct your information, or delete your account at any time from the dashboard. If you need help exercising any data rights, email us and we will handle it promptly.
Changes to this policy
We may update this policy. Material changes will be communicated by email at least 30 days before they take effect.
Contact
Questions about your privacy? Email us at support [at] shipmail.to.