MailZyro
nav.home

Terms of Service

Last updated: March 8, 2026

These Terms of Service ("Terms") govern your use of MailZyro, an encrypted email service operated by Dotnet SH.P.K. (Rr. Adem Jashari Nr.2, Shtime, Kosovo; registration 811049552). By creating an account or using MailZyro, you agree to these Terms.

1. Service Description

MailZyro provides end-to-end encrypted email through @mailzyro.com addresses and custom domain hosting. The service includes:

  • A free @mailzyro.com email address
  • End-to-end encryption using OpenPGP
  • Webmail interface and IMAP/JMAP access
  • Optional custom domain email hosting (paid plans)

2. Account Registration

  • You must be at least 16 years old to create an account.
  • You must provide accurate information during registration.
  • You are responsible for maintaining the security of your account credentials.
  • One person may hold up to 10 mailboxes under a single Maluki identity.
  • Accounts created through automated means (bots) may be suspended without notice.

3. Acceptable Use

Your use of MailZyro is subject to our Acceptable Use Policy. Violations may result in suspension or termination of your account.

4. Encryption & Key Management

  • Your private encryption key is generated in your browser. MailZyro does not have access to your private key and cannot recover it if lost.
  • You are solely responsible for your encryption keys. If you lose access to your private key and passphrase, your encrypted emails cannot be recovered — by you or by us.
  • SSO (Single Sign-On) users have keys derived from their authenticated session. These keys are tied to your Maluki Auth identity.

5. Confidential Mode

MailZyro offers a Confidential Mode that allows senders to set self-destructing policies on emails:

  • Time-based expiration: Confidential emails are permanently destroyed from our servers when the specified expiration time is reached.
  • View-limited emails: Confidential emails with a view limit are permanently destroyed after the recipient has viewed them the specified number of times.
  • Destruction guarantee: Once a confidential email is destroyed, the encrypted content (body, subject, and attachments) is irrecoverably deleted from our servers. This destruction is enforced server-side and cannot be reversed.
  • Viewing protections: While we implement technical measures to limit viewing (such as disabling copy/paste and print in the confidential viewer), these protections are best-effort. A technically sophisticated recipient may be able to capture the decrypted content before destruction. MailZyro does not guarantee that a recipient cannot retain a copy of the message content.

Metadata associated with confidential emails (see Section 7) is retained even after content destruction for legal compliance purposes.

6. External Encrypted Sharing

MailZyro allows you to send encrypted emails to recipients who do not have a MailZyro account via password-based encryption:

  • Encryption method: The email content is encrypted in your browser using a password you choose. The recipient views the message via a secure link and must enter the password to decrypt it.
  • Password sharing: You are solely responsible for communicating the decryption password to the recipient through a separate, secure channel (e.g., in person, phone call, or encrypted messaging app). MailZyro does not transmit or store the password.
  • No recovery: If the password is lost, the encrypted content cannot be recovered — by you, the recipient, or MailZyro.

External encrypted emails are subject to the same destruction policies as Confidential Mode emails (time-based expiration and/or view limits).

7. Data Retention

MailZyro retains certain metadata for legal compliance, service operation, and abuse prevention, even after email content is destroyed or deleted:

  • Retained metadata: Timestamps (sent/received), sender email address, recipient email address, sender IP address, and message-ID headers are retained in compliance with applicable law.
  • Encrypted content: Email bodies, subjects, and attachments are stored in encrypted form and are permanently deleted when you delete them, when your account is deleted, or when a Confidential Mode destruction policy is triggered.
  • Retention period: Metadata is retained for the minimum period required by applicable law (currently up to 12 months after account deletion or content destruction). IP addresses are retained for up to 90 days.

This metadata retention is necessary to comply with lawful data preservation requirements and to assist in abuse investigations. We retain the minimum data required and do not use retained metadata for advertising or profiling.

8. Data Ownership

You own your data. We do not claim ownership of your emails, attachments, or any content you create or store through MailZyro. We store your data solely to provide the service.

9. Free & Paid Plans

  • The free plan includes a @mailzyro.com address with end-to-end encryption. Free accounts may have usage limits (storage, sending rate).
  • Paid plans offer additional features such as custom domains, higher limits, and priority support. Payment terms are governed by your subscription agreement.
  • We reserve the right to modify plan features with 30 days' notice. Existing paid subscribers will retain their current features for the duration of their billing period.

10. Service Availability

We strive for high availability but do not guarantee 100% uptime. The service may be temporarily unavailable for maintenance, updates, or circumstances beyond our control. Current service status is available at /status.

11. Limitation of Liability

To the maximum extent permitted by applicable law:

  • MailZyro is provided "as is" without warranties of any kind, whether express or implied.
  • Dotnet SH.P.K. shall not be liable for any indirect, incidental, special, or consequential damages arising from your use of the service.
  • Our total liability for any claim related to the service shall not exceed the amount you paid us in the 12 months preceding the claim, or €100, whichever is greater.
  • We are not liable for data loss caused by loss of your encryption keys or passphrase.

12. Account Termination

  • By you: You may delete your account at any time through settings. Your data will be permanently deleted within 30 days.
  • By us: We may suspend or terminate accounts that violate these Terms or the Acceptable Use Policy. We will attempt to provide notice before termination except in cases of severe violations (spam, phishing, illegal activity).

13. Modifications to Terms

We may update these Terms from time to time. Material changes will be communicated via email at least 30 days before they take effect. Continued use of the service after changes take effect constitutes acceptance of the new Terms.

14. Governing Law & Disputes

These Terms are governed by the laws of the Republic of Kosovo. Any disputes shall be resolved in the competent courts of Kosovo. Before initiating legal proceedings, we encourage you to contact us at [email protected] to attempt resolution.

15. Contact

Dotnet SH.P.K.
Rr. Adem Jashari Nr.2, Shtime, Kosovo
[email protected]