OpenMail legal & support
Cookie Policy
How OpenMail uses essential cookies, local storage, session storage, security tokens, and preference storage.
Service provider details
- Service provider / trading name
- OpenMail™ Exchange
- Trading as
- OpenMail
- Business address
- 41 Norman Avenue, London, N22 5ES, United Kingdom
- Contact email
- hello@openmail.email
- Website
- https://openmail.email
- Company number
- Not applicable
- Registered office
- Not applicable - OpenMail™ Exchange is currently listed with the business address above.
- VAT number
- Not applicable
1. What this policy covers
This policy covers cookies, local storage, session storage, security tokens, preference storage, browser cache, and similar technologies used by OpenMail websites and applications.
2. Essential cookies
Strictly necessary cookies may keep you logged in, maintain a secure session, protect forms, prevent cross-site request forgery, support authenticated pages, validate actions, and protect against misuse. Core account features may not work without them.
3. Sessions and CSRF protection
A session cookie may identify your authenticated session until logout or expiry. CSRF tokens protect actions such as login, logout, settings changes, profile updates, contact changes, and controlled sending from forged requests.
4. Preference storage
OpenMail may remember theme, dark or light mode, density, font, layout, sidebar state, and other interface choices in your account, cookies, local storage, or session storage. Clearing site data may reset these choices.
5. Draft and interface state
Browser storage or memory may support compose state, local draft notices, contact picker state, selected folders or messages, panel expansion, and notifications. Unless clearly stated otherwise, browser draft state is not a mailbox-server draft and may be lost.
6. Security and duplicate-action controls
Short-lived tokens, session state, and server-side records may support rate limits, duplicate-send protection, validation, authentication, and abuse prevention. These controls protect users, recipients, and mail systems.
7. Current expected storage
| Type | Purpose | Typical duration |
|---|---|---|
| Session cookie | Authentication and secure app session | Session or configured lifetime |
| CSRF token | Protect forms and requests | Session or configured lifetime |
| Theme preference | Remember light, dark, or system display | Until changed or cleared |
| Density preference | Remember comfortable or compact layout | Until changed or cleared |
| Font preference | Remember the selected safe font stack | Until changed or cleared |
| Draft/UI state | Support local interface behaviour | Session, local, or until cleared |
| Duplicate-action token | Prevent repeated sends or unsafe actions | Short-lived |
8. Analytics and advertising
OpenMail does not currently need third-party analytics or advertising cookies to provide the core service. Static placeholder adverts should not use ad networks, tracking pixels, remote scripts, or third-party cookies.
If non-essential analytics, advertising, personalisation, or third-party cookies are introduced, this policy and the Privacy Policy will be updated and consent controls will be provided where required.
9. Consent
Strictly necessary cookies may be used without consent when required to provide the service you requested. Non-essential cookies require a lawful basis and, where applicable, clear consent that is specific, informed, freely given, and easy to withdraw.
10. Browser controls
Most browsers let you view, delete, or block cookies; block third-party cookies; clear local and session storage; control tracking protection; and use private browsing. Blocking all cookies may prevent login, secure forms, preference saving, and controlled app actions from working.
11. Cache and public legal pages
Browsers may cache CSS, JavaScript, icons, logos, profile images, and interface fonts for performance. OpenMail loads selected web fonts from the Bunny Fonts CDN, so your browser may request and cache font CSS and font files from that provider.
Bunny Fonts is used for interface display, not to read mailbox content or create advertising profiles. If the font CDN is unavailable or blocked, OpenMail falls back to system fonts. Public legal pages use minimal storage and do not require advertising or analytics cookies unless those features are introduced later.
12. Changes and contact
Exact cookie names and durations may vary with application configuration and future updates. Questions or requests can be sent to hello@openmail.email.