Privacy Policy

Last updated: March 8, 2026

MailZyro is operated by Dotnet SH.P.K. (Rr. Adem Jashari Nr.2, Shtime, Kosovo; registration 811049552). This policy explains what data we collect, what we cannot access, and how we protect your privacy.

1. Our Core Privacy Commitment

MailZyro encrypts all stored email content using OpenPGP. Your private encryption key is generated in your browser and never leaves your device in plaintext. We employ two layers of encryption:

End-to-end encryption (E2EE): Emails between MailZyro users are encrypted in the sender's browser with the recipient's public key. Only the recipient can decrypt them — our servers never see the plaintext.
Zero-access encryption: Emails received from external senders (Gmail, Outlook, etc.) are automatically encrypted with your public key upon arrival. Once encrypted, we cannot read the stored content.

In both cases:

We cannot read the content of your stored emails
We cannot hand over readable email content to anyone — including governments — because we do not possess your private key
Only you (and in E2E mode, your intended recipients) can decrypt your messages

For full technical details, see .How MailZyro Encryption Works.

2. Data We Collect

2.1 Account Data

When you create an account, we store:

Email address (your @mailzyro.com address)
Display name
Identity provider ID (Maluki Auth OIDC subject identifier)
Public encryption key (so others can send you encrypted email)
Encrypted private key (encrypted with your passphrase — we cannot decrypt it)

2.2 Email Metadata

To deliver email, we necessarily process metadata. This includes sender address, recipient address, and timestamps. For emails between MailZyro users, the subject line is encrypted alongside the body. For emails from external senders, the subject is plaintext metadata (a limitation of the SMTP protocol, not of MailZyro).

2.3 Email Content (Encrypted)

Email bodies are stored on our servers in encrypted form (OpenPGP ciphertext). For emails between MailZyro users, encryption happens in your browser before the data reaches our servers. For emails from external senders, our servers encrypt the content with your public key immediately upon receipt — the email body exists briefly in server memory during this encryption step, after which the plaintext is discarded. We store only the ciphertext and do not possess the keys to decrypt it.

2.4 Technical Data

We collect minimal technical data for security and operations:

IP addresses at login (for abuse prevention)
Session identifiers (HTTP-only cookies)
Basic error logs (no email content)

2.5 Payment Data

If you subscribe to a paid plan, payments are processed by our payment provider (Paddle). We do not store credit card numbers. We receive only a subscription identifier, plan type, and billing status.

3. Data We Do NOT Collect

We do not use tracking pixels or third-party analytics
We do not sell, rent, or share your data with advertisers
We do not build advertising profiles
We do not read your email content (we technically cannot)

4. How We Use Your Data

Deliver email — route messages between senders and recipients
Authenticate you — verify your identity via Maluki Auth (OIDC)
Prevent abuse — detect spam, phishing, and unauthorized access
Improve the service — fix bugs, monitor uptime (no email content involved)

5. Data Storage & Location

Your data is stored on servers located in Germany (EU), hosted by Hetzner Online GmbH. All data in transit is encrypted with TLS. Data at rest (email content) is additionally encrypted with OpenPGP as described above.

6. Data Retention

Account data — retained while your account is active. Deleted within 30 days of account deletion.
Email data — retained until you delete it or delete your account.
Server logs — automatically rotated and deleted after 90 days.
IP addresses — retained for up to 90 days for abuse prevention.
Email metadata — timestamps, sender/recipient addresses, sender IP, and message-ID headers are retained for up to 12 months after content deletion or account closure for legal compliance.

7. Encrypted Content

The following email data is end-to-end encrypted and cannot be accessed by MailZyro under any circumstances:

Email body — encrypted with OpenPGP before storage (E2EE) or upon receipt (zero-access)
Email subject — encrypted client-side for E2EE emails between MailZyro users
Attachments — encrypted alongside the email body

Because this content is encrypted with your public key and only decryptable with your private key, we cannot read, scan, analyze, or hand over readable email content to anyone — including law enforcement, courts, or government agencies.

8. Confidential Mode & Content Destruction

When you send an email using Confidential Mode, additional data handling applies:

Content destruction: Encrypted email content (body, subject, attachments) is permanently and irrecoverably deleted from our servers when the destruction policy triggers (time expiration or view limit reached).
Metadata retained: Even after content destruction, we retain metadata (timestamp, sender email, recipient email, sender IP, message-ID) for legal compliance. This metadata does not include the content of the email.
Destruction logs: We record when content was destroyed (timestamp and reason) for audit purposes.

9. Legal Requests & What We Can Provide

Due to our encryption architecture, there are strict technical limits on what data we can provide in response to valid legal requests:

What we can provide (with valid court order):

Email metadata — sender address, recipient address, timestamps, message-ID headers
IP addresses — login IPs within the 90-day retention window
Account data — email address, display name, registration date

What we cannot provide (technical impossibility):

Email content (body, subject, attachments) — encrypted with your key, which we do not possess
Decryption keys — we do not have access to your private key or passphrase
Destroyed confidential email content — permanently deleted from our servers, no copies retained

For a full accounting of requests received and our responses, see our Transparency Report.

10. Search Index

MailZyro provides a local search feature that works as follows:

Client-side indexing: Your search index is built entirely in your browser from your decrypted emails.
Encrypted sync: The search index is encrypted client-side before being synced to our servers for backup. We store only the encrypted blob and cannot read or search its contents.
No server-side search: MailZyro does not perform any server-side search or indexing of your email content. All search queries are processed locally in your browser.

11. Your Rights

You have the right to:

Access your personal data
Export your emails (via IMAP or JMAP)
Delete your account and all associated data
Correct inaccurate personal information
Object to processing of your data

To exercise these rights, contact [email protected]. We will respond within 30 days.

12. Cookies

MailZyro uses only essential cookies:

session_id — HTTP-only session cookie for authentication
theme/language — localStorage preferences (not cookies, not sent to server)

We do not use advertising, tracking, or third-party cookies.

13. Third-Party Services

Service	Purpose	Data shared
Hetzner (Germany)	Server hosting	Encrypted data at rest
Cloudflare	DNS & DDoS protection	IP addresses, request metadata
Maluki Auth	Identity/authentication	Email, display name
Paddle	Payment processing	Billing info (paid plans only)

14. Children

MailZyro is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.

15. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email to registered users. The "last updated" date at the top reflects the most recent revision.

16. Contact

For privacy-related inquiries:
Dotnet SH.P.K.
Rr. Adem Jashari Nr.2, Shtime, Kosovo
[email protected]