TL;DR: We don't sell your data. We don't mine your emails. We don't track you. We encrypt everything. We're based in Switzerland where privacy laws actually mean something.
What we collect
- Account information: Email address, name, payment info. Basic shit we need to create your account and bill you.
- Email content: Obviously, we store the emails you send and receive. That's the whole point of an email service.
- Usage data: Login times, IP addresses, device info. Just enough to keep your account secure and detect potential breaches.
What we don't collect
- We don't analyze your email content for advertising profiles
- We don't track what links you click in emails
- We don't build behavioral profiles of you
- We don't install tracking cookies to follow you around the web
- We don't create "shadow profiles" of your contacts
How we protect your data
All your data is encrypted at rest and in transit. Even we can't read your emails because they're protected by end-to-end encryption. Your password is hashed and salted using modern cryptographic standards.
We use the following encryption methods:
- TLS 1.3 for all connections
- AES-256 for data at rest
- PGP for end-to-end encrypted emails
- Zero-knowledge encryption for your most sensitive data
Where your data is stored
All of our servers are physically located in Switzerland. Swiss privacy laws provide some of the strongest protections in the world.
We will fight any request for your data, and Swiss law requires us to notify you of government requests unless specifically prohibited by a court order.
When we share your data
Basically never, with these exceptions:
- When you send an email: Obviously, when you email someone, they get your email.
- Payment processing: We use a third-party payment processor. We don't store your full credit card details.
- Legal requirements: If we're legally compelled by a valid Swiss court order, we may have to share data.
Your rights
You have the right to:
- Access: Download all your data anytime
- Correct: Update your information
- Delete: Delete your account and all associated data
- Object: Object to any processing of your data
- Data portability: Export your data in standard formats
To exercise these rights, email privacy@nextmail.app or use the privacy controls in your account settings.
Data retention
We keep your data as long as you have an account with us. When you delete your account, we delete all your data within 30 days. Backups are purged within 90 days.
Cookies & tracking
Our site uses exactly one cookie: a session cookie to keep you logged in. That's it. No tracking pixels, no analytics scripts, no social media buttons, no bullshit.
// Our entire cookie policy:
cookie('session', 'your-encrypted-session-id', { secure: true, httpOnly: true, sameSite: 'strict' });
Changes to this policy
If we change this policy, we'll email you directly and give you at least 30 days' notice. We won't suddenly change the rules on you like some other services.
Questions?
Email us at privacy@nextmail.app. A real human will respond.