OpenMail legal & support
Privacy Policy
How OpenMail collects, uses, stores, protects, retains, and shares personal data when providing the service.
Service provider details
- Service provider / trading name
- OpenMail™ Exchange
- Trading as
- OpenMail
- Business address
- 41 Norman Avenue, London, N22 5ES, United Kingdom
- Contact email
- hello@openmail.email
- Website
- https://openmail.email
- Company number
- Not applicable
- Registered office
- Not applicable - OpenMail™ Exchange is currently listed with the business address above.
- VAT number
- Not applicable
1. Who this policy covers
This policy applies to personal data processed through OpenMail's public website, web application, accounts, mailbox profile settings, IMAP and SMTP features, message viewing and sending, Sent-copy saving, contacts, profile images, appearance preferences, support, security, and related services.
OpenMail™ Exchange generally acts as controller for account, settings, security, support, contact, profile, and service-operation data. Your own use of email content may also give you responsibilities, particularly when using OpenMail for business or organisational purposes.
2. Data we process
Depending on the features you use, we may process identity and contact data, account credentials, mailbox settings and encrypted mailbox secrets, folders, headers, safe previews, message content needed for viewing or sending, recipient data, Sent-copy status, contacts, profile images, preferences, support messages, and complaint records.
Technical data may include IP address, browser and device information, session identifiers, request paths, timestamps, security events, error and performance information, rate-limit events, send timing, APPEND timing, and limited recipient-domain diagnostics.
3. Email content and connected mailboxes
Email may contain sensitive information about you and others. OpenMail processes mailbox data to show folders and messages, render safe previews, block unsafe content, send messages you request, save Sent copies, identify contacts from safe headers, and protect the service.
We do not sell email content or mailbox credentials. We do not use private mailbox content to build advertising profiles. Human review should occur only where reasonably necessary for support, security, abuse investigation, legal compliance, or troubleshooting.
4. How data is collected
Data may come directly from you, from a connected mailbox, from senders and recipients, from email headers, from support communications, and automatically from devices, browsers, sessions, security controls, and operational logs.
We may also receive information from hosting, security, payment, or professional service providers where those services are introduced and the information is needed to operate or protect OpenMail.
5. Why we use personal data
We use data to create and secure accounts, authenticate users, connect mailboxes, test settings, show folders and safe message content, send plain-text email, save Sent copies, enforce recipient restrictions, prevent duplicate sending, manage contacts and avatars, save preferences, provide support, diagnose faults, prevent abuse, keep records, and comply with law.
6. Lawful bases
Our lawful bases may include performance of a contract, legitimate interests in operating and securing OpenMail, compliance with legal obligations, and consent for optional features where required. Legitimate interests include service reliability, fraud and spam prevention, user safety, diagnostics, and legal protection.
Where processing relies on consent, you may withdraw it. Some essential features cannot be provided without the data needed for authentication, mailbox access, sending, sessions, and security.
7. Special-category and other people's data
OpenMail does not request special-category or criminal-offence data during normal registration, but such data may appear in emails, contacts, files, or support messages. Only process that information when you have authority and a lawful basis.
If you use OpenMail for work, clients, family, education, or an organisation, you are responsible for your own duties regarding other people's personal data.
8. Cookies and preferences
OpenMail may use essential cookies, session identifiers, CSRF tokens, local storage, and session storage for login, security, theme, density, font, client dark mode, interface state, and local draft placeholders. See the Cookie Policy for details.
OpenMail uses Bunny Fonts to load selected interface fonts. Your browser may request CSS and font files from the Bunny Fonts CDN, which can involve routine technical request data such as an IP address and browser information. Bunny Fonts is not used by OpenMail to read mailbox content or build advertising profiles. If external font loading fails, the interface falls back to system fonts.
9. Remote content, attachments, and links
Remote images and tracking pixels may disclose IP address, device details, approximate location, and opening time to third parties. OpenMail may block them by default. Attachments and links may contain personal data, malware, or tracking and should be opened only when trusted.
10. Sharing
We may share data where necessary with hosting and infrastructure providers, connected IMAP and SMTP servers, recipients you choose, storage or security providers, support providers, payment providers if introduced, professional advisers, regulators, courts, law enforcement, and parties involved in a lawful business transfer.
Email is distributed across multiple systems. Once sent, it may be processed by mail servers, security gateways, DNS systems, spam filters, recipients, and forwarding services outside OpenMail's control.
11. International transfers
OpenMail is operated from the United Kingdom. Some infrastructure, recipients, mail servers, or providers may process data abroad. Where required, appropriate safeguards may include adequacy regulations, contractual protections, technical safeguards, and transfer-risk assessments.
12. Retention and deletion
Data is retained only as long as reasonably needed for service, security, legal, backup, accounting, dispute, and compliance purposes. Account and preference data is generally kept while an account is active; mailbox profiles until removed; contacts and avatars until deleted or closure; and operational logs for a limited security and diagnostic period.
Sent copies stored in a mailbox are mainly controlled by the mailbox provider. Backup copies may remain until normal overwrite cycles complete. Deleting an OpenMail account does not delete an external mailbox or copies held by recipients.
13. Your rights
Depending on the circumstances, you may have rights to information, access, correction, erasure, restriction, objection, portability, consent withdrawal, and complaint to the Information Commissioner's Office. Rights are not absolute and may be limited by legal exemptions or the rights of others.
To exercise a right, email hello@openmail.email. We may verify your identity and normally aim to respond within one month where UK law requires it.
14. Security and breaches
Measures may include HTTPS, authentication, password hashing, encryption for stored mailbox secrets, CSRF and session controls, rate limiting, duplicate-send protection, safe rendering, remote-content blocking, access restrictions, backups, patching, and limited diagnostic logging.
No system is perfectly secure. Protect your credentials and devices and report suspected compromise promptly. We assess personal-data breaches and notify the ICO or affected people where the law requires.
15. Children, marketing, advertising, and automation
OpenMail is not intended for unsupervised use by children. We do not knowingly target children with advertising. Marketing is sent only where lawful, and opting out of marketing does not stop service, security, or legal messages.
OpenMail does not currently make solely automated decisions with legal or similarly significant effects. Technical automation may enforce security, recipient, rate-limit, duplicate-send, and safe-rendering rules.
16. Changes and contact
We may update this policy as features, providers, laws, or processing change. Material changes may be communicated through the app, website, service messages, or an updated date.
For privacy questions, rights requests, or complaints, contact hello@openmail.email or write to the business address above. You may also complain to the UK Information Commissioner's Office.