and.email

Privacy Policy

Updated Jul 19, 2023

For humansFor laywers

Hi there!

At and.email, your privacy is at the core of our decision making. Sensitive information may pass through our systems, and we don’t take that lightly.

This page explains how our systems process your data. For more details on personal data usage, refer to our Privacy Policy (for laywers).

What personal data do you collect?

We collect the following personal data in order to operate our product:

  • Email address, for authentication and user identification
  • Senders of emails sent to your aliases, to help you monitor alias usage
  • Subject lines of emails sent to your aliases, to help you monitor alias usage

We do not monitor or store the content (i.e. body) of emails sent to your aliases. We also don't process any sensitive payment or financial data (see below for our third-party partners).

Where does my data go within and.email?

The majority of our application data is stored on an encrypted database at both rest and in-transit within AWS. Only one developer (the founder) has access to this database.

Where does my data go outside of and.email?

We only send data to trusted third-party systems that are subject to strict privacy and security controls. We think it’s important you understand not only what these systems are but also why we send your data to these systems. If you don’t agree with or understand our reasoning, please email us at privacy@james.and.email. If you do not agree with your data going to a specific system, deleting your and.email account will permanently delete all of your data from all our systems.

Amazon Web Services

Location: United States
Purpose: Database hosting services and storage
What: AWS is the provider we use to host our database systems. AWS stores your account data and other app data.
Why: AWS provides us with a reliable, scalable, and secure global computing infrastructure. In addition, AWS data centers have rigorous security, physical, and environmental controls to ensure these risks are mitigated.

Fly.io

Location: United States
Purpose: App server hosting
What: We use Fly.io to host our website and application servers.
Why: Fly.io allows us to run our applications on physical servers close to our users in a cost-effective manner. They maintain rigorous security and process controls, which you can learn more about here.

Lemon Squeezy

Location: United States
Purpose: Payment processing and subscription management
What: Lemon Squeezy handles all of our subscription lifecycle management, which includes credit card payment procesing.
Why: Lemon Squeezy is a fully PCI-DSS compliant payment processor. Using Lemon Squeezy allows us to focus more time building our core product instead of complex financial data management and protection.

Mailgun

Location: United States
Purpose: Email sending and routing
What: Mailgun handles the email forwarding and delivery in our application.
Why: Mailgun is built their services on top of AWS, and benefits from AWS' security controls. In addition, they are SOC I & II, HIPAA, and ISO27001 certified, as well as GDPR compliant.

Plausible.io

Location: EU
Purpose: Web analytics
What: We use Plausible to understand how users are interacting with our website and application (anonymously).
Why: Plausible is a privacy-focused alternative to Google Analytics, and is fully open-source. It does not require the use of cookies because all measurement data is carried out completely anonymously.