Privacy Policy

Effective: March 28, 2026

mailall.us is operated by Hartkraft, Inc. ("we," "us," "our"). We are committed to protecting the privacy of our users.

Information We Collect

We collect the following information when you use mailall.us:

• Email address — provided when you create an account or are added to a group. This is the primary identifier for your account and is required for the service to function.
• Group membership data — which groups you belong to, your role, and delivery status.
• Usage data — message counts, delivery events (bounces, complaints), and timestamps. mailall.us is a pure forwarder and does not retain message content beyond what is described below.
• Payment information — if you subscribe to a paid plan, payment is processed by Stripe. We do not store credit card numbers. We retain your Stripe customer ID and subscription status.
• Technical data — IP addresses (for rate limiting and abuse prevention), request logs, and error diagnostics. These are retained for up to 30 days.

How We Use Your Information

• To operate the email forwarding service (deliver messages to group members).
• To send transactional emails (magic link sign-in, membership confirmations, delivery failure notices).
• To enforce rate limits, prevent abuse, and maintain service integrity.
• To process payments and manage your subscription.

Information Sharing and Disclosure

We do not sell, trade, or share your personal information with third parties. Your data remains confidential except:

• When required by law or legal process.
• To Stripe for payment processing (governed by Stripe's privacy policy).
• To Amazon Web Services for infrastructure (governed by AWS's privacy policy).

Message Content

During normal operation, email messages are received, forwarded to group members in real time, and discarded from memory. No message content is written to persistent storage as part of the delivery process.

Each group has a configurable delivery mode that controls what happens when delivery fails:

• Reliable mode (the default) — if delivery to a member fails, the system retries automatically. In rare cases where all retries are exhausted, the original message may be held in an encrypted retry queue for up to 24 hours before automatic deletion. This maximizes the chance every member receives the message.
• Private mode — each message is delivered once with no retries. Message content never enters any queue or persistent storage under any circumstance. If delivery fails, the message is permanently lost. Only metadata (sender address, subject line, timestamp) is recorded as a failure notice.

In the unlikely event of a complete infrastructure outage where the forwarding service itself is unreachable (for example, a regional cloud provider failure), incoming messages may be held in an encrypted queue by the upstream transport layer for up to 24 hours before automatic deletion. This scenario is distinct from normal delivery failures, which are handled entirely within the application according to your chosen delivery mode. In Private mode, the application never writes message content to any queue or persistent storage; this infrastructure-level retention can only occur when the application is completely unavailable to process the message at all.

We retain only delivery metadata (sender address, subject line, timestamp) for failure reporting, which is automatically deleted after 30 days.

Data Security

We use industry-standard security measures to protect your information, including encryption in transit (TLS), encryption at rest (AES-256), and per-function least-privilege access controls. Administrative access is protected by two-factor authentication.

Data Retention and Deletion

You can delete your account at any time through the application. Account deletion is a soft-delete; your data is permanently removed after 60 days. Group owners can remove members, and members can leave groups at any time.

Your Rights

You have the right to access, correct, or delete your personal information. To exercise these rights, contact us at privacy@mailall.us.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date.

Contact

Questions about this privacy policy should be directed to privacy@mailall.us.