Privacy Policy

This policy explains what data MailDog ("we", "us") collects when you use maildog.io and our email hosting services, how we use it, and the choices you have. The short version: we collect what is needed to run an email service, we do not sell your data, and your mail belongs to you.

• Account data — name, email address, password (stored hashed), and login codes.
• Email content — the messages, attachments and folders stored in mailboxes you host with us. This is the core of the Service and is stored until you delete it or close your account.
• Billing data — your plan and subscription status. Card details are collected and processed by our payment provider Paddle, not by us; we never see your full card number.
• Technical data — IP addresses, browser/user-agent, mail server logs (sender, recipient, timestamps, delivery status) and similar records needed to operate, secure and debug the Service.
• Support data — messages you send us through the contact form or support tickets.

• to provide, maintain and improve the Service;
• to process payments and manage subscriptions (via Paddle);
• to prevent abuse, spam and unauthorised access;
• to send service emails — login codes, billing and plan notifications, and replies to your support requests;
• to comply with legal obligations.

We do not sell or rent personal data, we do not use the content of your mail for advertising, and we do not read your mail except when you ask for support on a specific message, for automated abuse/spam protection, or where the law requires it.

We share data only with:

• Paddle.com Market Ltd — our merchant of record, for checkout, billing, taxes and receipts (see Paddle's privacy policy);
• infrastructure providers that host our servers, bound by confidentiality obligations;
• authorities, where we are legally required to do so.

Note that email is inherently a federated system: messages you send leave our servers and are delivered to the recipient's provider.

We use only essential cookies: session cookies to keep you signed in and security cookies (e.g. CSRF protection). We do not use advertising or cross-site tracking cookies.

Mailbox content is kept until you delete it or close your account. Server and delivery logs are kept for a limited period for security and troubleshooting, then deleted or anonymised. Billing records are kept as long as required by tax and accounting law. When you delete your account, your mailboxes and personal data are removed within 30 days, except where retention is legally required.

We protect data with TLS encryption in transit, hashed passwords, access controls, and isolation between customer mailboxes. No system is perfectly secure — if we become aware of a breach affecting your data we will notify you without undue delay.

Depending on your location (e.g. under GDPR), you may have the right to access, correct, export, restrict or delete your personal data, and to object to certain processing. You can exercise most of these directly in the app (your mail and account settings), or by contacting us. You may also lodge a complaint with your local data protection authority.

We may update this policy from time to time. For material changes we will notify you by email or in the app before they take effect.

Privacy questions or requests? Reach us through our contact page.