Privacy Policy

1. Overview

MailSentry ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. This policy applies to all users of our website and API.

2. Information We Collect

3. Cookies

We use the following types of cookies:

• Essential cookies: Required for authentication and session management (Supabase auth tokens)
• Preference cookies: Store your cookie consent choice and UI preferences

We do not use advertising or tracking cookies. You can manage cookie preferences through the cookie consent banner on first visit.

4. Third-Party Services

We use the following third-party services to operate MailSentry:

• Supabase: Authentication, database, and user management. Data is stored in Supabase's secure cloud infrastructure.
• Vercel: Hosting and serverless functions. Requests are processed through Vercel's edge network.
• Lemon Squeezy: Payment processing for paid subscriptions. We do not store credit card details — all payment information is handled by Lemon Squeezy.

5. Data Security

We take security seriously. All API traffic is encrypted via HTTPS/TLS. API keys are hashed using SHA-256 before storage — we never store plaintext API keys. Passwords are hashed by Supabase using bcrypt. We implement row-level security in our database to ensure users can only access their own data.

6. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

• Right to access: Request a copy of the data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your account and associated data
• Right to data portability: Request your data in a machine-readable format
• Right to object: Object to processing of your data for specific purposes

To exercise any of these rights, contact us at support@mailsentry.dev. We will respond within 30 days.

7. Data Retention

Account data is retained for as long as your account is active. Usage analytics data is retained for 12 months. Upon account deletion, all associated data (API keys, usage logs, account information) is permanently deleted within 30 days.

8. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. The notification will include the nature of the breach, the data affected, and the steps we are taking to mitigate the impact. We will also notify the relevant supervisory authority where required by law.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. Our hosting provider Vercel processes requests through its global edge network. Our database provider Supabase stores data in the US. Our payment processor Lemon Squeezy is US-based. Where data is transferred outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure your data remains protected in accordance with GDPR requirements.

10. Children's Privacy

MailSentry is not directed to children under 16. We do not knowingly collect information from children. If you believe we have collected data from a child, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests, contact us at support@mailsentry.dev.