Delivering Privacy is the core value of our business, so we take the privacy and security of your data extremely seriously. In addition to our policy of not releasing any personal information to third-parties – except where authorised by you, such as for processing credit card transactions – we take significant further measures to protect the privacy and security of your data. Our technical designs, use of advanced encryption for data transmission and storage, use of specialised security technologies and strategies, and legal and business structure are all architected to greatly enhance the privacy and protection of your data and to safeguard against any attempts to compromise it.

If you have any questions about our Privacy Policy, use of personal data or compliance, please contact us at privacy@mailtight.com.

Our Privacy Policy explains:

Although we have tried to keep our Privacy Policy as clear and simple as possible, we sometimes use technical terms, such as browser, cookie, firewall, internet domain, IP address, TLS/SSL and URL. If you wish to understand more about these terms than we explain in our Privacy Policy, we recommend you read about them from additional sources or seek advice from your technical adviser. Freely accessible internet sites such as Wikipedia are a good source of regularly updated detailed explanations on these terms.

What Information We Collect – And What We Don’t

We only collect information that we need to operate our services or to provide you with better services. Where possible, we try to avoid collecting personally-identifiable information and – when we do – we do not retain it for longer than is necessary for us to provide our services and operate our business. If you have an account with us and close it, we delete your personal data within a short period of time (details in the section below on our data retention and deletion policies).

The information that we collect depends on the service that you are using. If you only visit our website and do not register as an account user or ask us to contact you with more information, we do not keep any personally-identifiable information. We do keep general statistical information that helps us manage and improve our services, such as browser preferences that tell us which languages, device types and screen sizes we need to support.

All connections to MailTight.com are encrypted using a high level of security, so your personal information is protected during transmission. You should ensure your computer or internet device is kept up-to-date with software updates and anti-virus software to provide a greater level of protection.

When visiting mailtight.com:

We do not record any personally-identifiable information or use cookies for any visits to our website that are for information purposes only. If you ask our site to remember your language preference or some other persistent setting that assists you with future visits to our site, we may use cookies.

When registering for a MailTight account:

If you register for a MailTight account, we need to collect some personal information, such as your choice of email address and password and the name you choose to call yourself. You are free to use any name you want, so long as it does not contravene any laws. We do not require you to use your real name. If you wish to receive improved support or make use of certain additional MailTight features, you may choose to provide us with further personal information, such as your mobile telephone number. You are under no obligation to do so.

During the account registration process, we use temporary cookies to allow us to manage the registration session and to allow you to move backwards and forwards through the registration screens before you finally confirm your account set-up. A cookie is a small file that your web browser places on your computer. You can disable the use of cookies in your browser settings, though you will not then be able to register for a MailTight account.

When paying for a MailTight account directly on mailtight.com:

If you pay for a MailTight account directly, we need to collect and store payment information, such as credit card details. Due to regulations imposed on us (and all other merchants) by our banks, payment processing partners and local laws in the countries in which we operate, we must retain certain payment information, such as customer name, address, date of transaction, service purchased and amount, for time periods that may continue after you close your account. This is for purposes including audit, responding to credit card-holder challenges and fraud-prevention. We conform to – and in many areas exceed – the Payment Card Industry (PCI) Data Security Standards (DSS) for secure storage of this information.

When paying for a MailTight account via a reseller:

We do not collect or store any personal payment information. Depending on how you pay your reseller, the reseller may collect and store some personal information. Please check with your reseller.

Using the MailTight secure global email network:

When you use the MailTight network, your email messages and file attachments pass through our secure servers and are stored encrypted on our servers for as long as you choose. Your emails may contain all kinds of personal and private information. Our servers run automated processes to check for viruses and “spam” email but otherwise we do not use any tools that examine the content of your email.

Why We Collect It

We collect and store information for a number of reasons, which are:

To operate our services, such as the MailTight secure email network – from basic stuff like which language you prefer to use, to more complex things like how to provide more secure access to our network.

To provide you with better services, such as being able to respond to technical support requests or to make improvements to our software.

How we collect Information

We collection information in the following ways:

When you use our services or view online content provided by MailTight, we may automatically collect and store certain information in encrypted server logs. This may include:

your browser type, version, operating system, system activity, language settings, screen and window size, date and time of connection, referral URL and other information that helps us know how to display our web pages and data correctly;

the Internet Protocol (IP) address from which the connection to our server originated, to allow us to better serve visitors from different locations and to identify problems with certain connections;

details of how you used our service, such as which pages you visited;

telephony log information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS information and type of call;

device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). If you open an account, we may associate your device identifiers (such as MAC address or phone number) with your account;

information you give us. For example, if you sign up to use the MailTight network, we’ll ask for some personal information, like the name you want to call yourself, your selected email address, optionally a telephone number and credit card information for payment.

We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Cookies and anonymous identifiers

We use various technologies to collect and store information when you visit our web site or use the MailTight services, and these may include sending one or more cookies or anonymous identifiers to your device. We also use cookies and anonymous identifiers when you interact with services we offer to our partners, such as services that may appear on other sites.

How we use Collected Information

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect MailTight and our users. We also use this information to offer you services and content that is specific to you. MailTight is registered in and operates in multiple jurisdictions that allow us to provide a high level of legal privacy protection for private data, including against policies and regulations in other jurisdictions that have less respect for privacy. We comply with all local laws and regulations in each of the jurisdictions and countries in which our operating companies are registered and operate. Countries do not respect privacy equally; some have regulations that enforce tight protection of private data in the commercial sector but enforce invasive governmental access to private data, so we choose locations for different aspects of our operations carefully to safeguard your privacy.

Except as described in this section, we will not reveal or release any private data to any third-party without a valid and binding legal order from the appropriate lawful authority in the applicable jurisdiction for the relevant operating entity and provided the data is legally and technically available to the requested legal entity. To protect your privacy, we will not comply with any requests from any foreign lawyers, investigators, security officials, courts or government agencies where we do not have a legal obligation to assist.

When you use our services to share data with third-parties, such as when sending an email, we will deliver it according to your addressing instructions. Once your email reaches a third-party, such as a non-MailTight mail server or another user’s email box, we no longer have control over that email or its content or attachments. However, if the intended recipient is a user on the MailTight network, we will deliver the email securely to that user’s mailbox.

When you contact MailTight, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

We use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our services. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

MailTight processes information on our servers in multiple countries around the world. We will store your information according to your selection decision at registration and any subsequent decisions that you take.

We may process your information on a server located outside the country where you live.

Transparency and choice

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can: Review and control certain types of information tied to your MailTight account by using the MailTight Dashboard, accessible after you log in to your account from the MailTight home page. Take information out of many of our services.

You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that some of our services may not function properly if your cookies are disabled.

How we protect collected information

All private data stored on our servers – such as email messages, files, subscription information and payment data – is encrypted using advanced and proven encryption technologies. All our servers used for operating purposes are installed in secure data centres with comprehensive physical access controls, monitoring and intrusion alerts.

By default, all connections to MailTight are authenticated and encrypted using advanced encryption technologies, such as 4096 bit RSA public key cryptography and secure block or stream ciphers with large key sizes.

Our servers are protected behind firewalls, which are designed and configured to filter out illegitimate attempts to connect to our servers. Our systems are also monitored to prevent unauthorised access and to detect attempted intrusions.

If you try to connect to the MailTight website with an insecure (unencrypted) connection, the server will force the browser to switch to a secure connection, even if it is just to read the home page. Only in the event that your browser does not support a secure connection – usually meaning it is an outdated version – may the MailTight web server use an unencrypted connection to allow your browser to display a message warning you to upgrade to a more secure version to be able to access any of the information or features of MailTight.

For connections between web browsers and email software and devices and our servers, the standard technology we use is Transport Layer Security (TLS) / Secure Socket Layer (SSL). There are several versions of these standards and numerous ways of configuring them, which offer significantly different levels of protection – from virtually no protection against interception to levels that are widely considered secure for many years into the foreseeable future. MailTight uses the highest levels of SSL/TLS security and methods of configuration to ensure enhanced privacy and security.

We choose the jurisdictions where our business operates carefully to minimise the risk of regulatory compliance causing unintended exposure of any data to third-parties.

When you send an email as a subscriber to the MailTight network, we hide your originating device’s IP address as sender. This IP address is often sensitive information, since it may disclose your geographical location, Internet Service Provider (ISP) and – using further information obtained from the ISP – your specific location. This information has been abused by private parties and government agencies in some countries.

Information you share

With some of our services, such as email, you may share information with others. Remember that when you send information to others or share information publicly, it may be indexable by search engines.

We work hard to protect MailTight and our users from unauthorised access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.

We restrict access to personal information to MailTight employees, contractors and agents who need to know that information and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Our data retention and deletion policies

All retained data is stored securely on encrypted storage. Account Registration Data is retained only for the life of a MailTight account. The life of a MailTight account is from initial registration until it is terminated by a user, administrator, authorised reseller or MailTight. Upon termination, all personally identifiable account registration data is permanently deleted.

Payment data that is no longer required, including credit card numbers, expiry dates and cardholder names, is deleted on termination of an account. Historical payment data may be retained for as long as required by the applicable accounting regulations, policies and bank or financial services agreements.

Emails are retained until they are deleted by the user or until the account is terminated. Depending on the user's account settings, back-ups of deleted emails may be retained for up to 30 days after they are deleted or the account terminated.

Email log data is retained for 30 days. Sanitised log data, which does not include any personally identifiable information or personal data, may be retained.

Connection log data, including IP address data, is retained for 30 days. Sanitised log data, which does not include any personally identifiable information or personal data, may be retained.

All data that is collected in relation to attempted fraudulent or unauthorised use of the services or attempted penetration or evasion of security measures may be retained indefinitely. This information may be shared with appropriate authorities or other third-parties, provided it does not infringe the terms of this Privacy Policy for any legitimate users.

For the purposes of managing and improving our services, infrastructure and capacity planning, and for other business purposes, we may retain non-personally-identifiable data for as long as it is has a legitimate business use. This includes statistical data, such as number of messages processed in a time period, volumes of data, numbers of accounts, originating ISPs and countries, devices and software configurations used to access the services,

How to access and update any information that we keep about you

Whenever you use our services, we aim to allow you to decide what personal information we keep and provide you with the means to update it easily or delete it. If you are a registered user of our services, you can log in to your account and update or delete most of your personal information via our website. If you have made payment for services to us directly (as opposed to a reseller handling your payment), there may be some personal information that we describe in this Privacy Policy that we need to keep "as is", such as historical payment records. If you believe any of this information is incorrect, you can contact us and we will make all reasonable efforts to correct it.

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete all relevant data on our active servers and backup systems. It may depend on your account settings and our data retention and deletion policies detailed above.

Information we share

We do not share any personal information with companies, organisations or individuals outside of MailTight unless one of the following circumstances apply: We will share personal information with companies, organisations or individuals outside of MailTight when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

If your MailTight is managed for you by a reseller then your domain administrator and resellers who provide user support to your organization will have access to your MailTight account information (including your email and other data). Your reseller may be able to:

view statistics regarding your account, like statistics regarding applications you install.

change your account password.

suspend or terminate your account access.

access or retain information stored as part of your account.

receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.

restrict your ability to delete or edit information or privacy settings.

Please refer to your reseller's privacy policy for more information.

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

We will share personal information with companies, organizations or individuals outside of MailTight if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

meet any applicable law, regulation, legal process or enforceable governmental request.

enforce applicable Terms of Service, including investigation of potential violations.

detect, prevent, or otherwise address fraud, security or technical issues.

protect against harm to the rights, property or safety of MailTight, our users or the public as required or permitted by law.

We may share aggregated, non-personally identifiable information publicly and with our partners - like publishers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

If MailTight is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before any personal information is transferred or becomes subject to a different privacy policy.

How we ensure we comply with this Privacy Policy and other regulations and standards

We review our compliance with our Privacy Policy on a regular basis and have internal policies and processes in place to protect the security and privacy of all applicable data, whether personal or business. We place much tighter controls on privacy and security of data than laws, regulations and standards require. However, as part of our compliance procedures we also ensure that we adhere to all privacy and data protection regulations in each of the jurisdictions where we operate. To accept payment by credit cards/debit cards, we also comply with the latest Payment Card Industry (PCI) Data Security Standard (DSS). Independent tests are carried out periodically by an Approved Scanning Vendor (ASV) to validate that our servers meet or exceed the industry and payment processor requirements.

We choose the jurisdictions where our business operates carefully to minimise the risk of regulatory compliance causing unintended exposure of any data to third-parties. If we receive any formal written notification in relation to our Privacy Policy or regulatory or legal compliance, we will contact the person who made the notification to follow up. We will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any issues regarding personal data that we cannot resolve with the parties involved directly.

Changes to our Privacy Policy

We may need to change our Privacy Policy from time to time, to reflect changes in laws, regulations or our business. We will not change your rights under this Privacy Policy in any way that is detrimental to your privacy without your consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We also keep older versions of our Privacy Policy in an archive and will make them available upon request.

Language

We may make this Privacy Policy available in different language versions. In case of any discrepancy between English and other language versions, the English language version shall apply and prevail.

Application

Our Privacy Policy applies to all of the services offered by NetTight Ltd under the MailTight brand and its affiliates, including services offered on other sites, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy. Our Privacy Policy does not apply to services offered by other companies or individuals, including other sites linked from our services.

The MailTight Team