TrekMail TrekMail

TrekMail — Privacy Policy

Effective Date: January 29, 2026

Last Updated: March 26, 2026

Summary of Our Privacy Practices

This summary provides an overview of how TrekGuider Inc. ("TrekMail," "we," or "us") handles your data when you use the TrekMail.net email hosting platform. For full legal details, please read the complete Privacy Policy below.

  • What We Collect: Account credentials, domain configurations, payment data (via Stripe), technical usage logs, and support tickets.
    • Specific Feature Data: If you use features like "Bring Your Own SMTP" or "Migration," we temporarily store the necessary credentials (SMTP passwords, IMAP source credentials) to perform those tasks.
  • Why We Collect It: To operate the service, route emails, process payments, prevent abuse (spam/fraud), and comply with legal obligations.
  • No Sale of Data: We do not sell your personal data to third parties.
  • Your Rights: You have rights to access, correct, delete, and export your data. You can exercise these rights via the TrekMail dashboard.
  • Security: We use industry-standard encryption and security measures, though no system is impenetrable.

1. Introduction

1.1. Purpose and Identity

This Privacy Policy ("Policy") constitutes a legal agreement between you and TrekGuider Inc., a Delaware corporation ("TrekMail"). This Policy explains how we collect, use, store, and protect personal data when you use our website, application, APIs, dashboards, and related services (collectively, the "Service").

By accessing or using the Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Policy and our Terms of Service.

1.2. HIPAA and Sensitive Data Disclaimer

Unless you have entered into a separate Business Associate Agreement (BAA) with TrekMail: The Service is not intended for the storage or transmission of "Protected Health Information" (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA), or other highly sensitive data subject to strict regulatory compliance (e.g., PCI-DSS card data, GLBA financial data). You acknowledge that TrekMail is not a Business Associate or subcontractor under HIPAA, and you agree not to use the Service to process PHI.

2. Privacy Roles: Controller vs. Processor

Depending on how you use TrekMail, we may process data as either a Controller or a Processor (or similar terms under applicable law).

A. When TrekMail is a Controller

We act as a Controller when we process information for our own business purposes, such as:

  • Creating and administering accounts;
  • Billing and payments;
  • Customer support and communications;
  • Preventing fraud, abuse, and security incidents;
  • Improving and operating the Services;
  • Complying with legal obligations.

B. When TrekMail is a Processor (Customer Content)

When a customer uses TrekMail to send, receive, store, route, migrate, or otherwise process email and related content through the Services, TrekMail typically acts as a Processor (or "Service Provider" under certain U.S. state privacy laws) with respect to that Customer Content, and processes such data only on the customer's documented instructions (as reflected in the customer's configuration, use of the Services, and support requests).

Customer Content may include email message content (including attachments), message headers, addressing and routing information, mailbox data, and related service metadata (e.g., delivery events such as bounces/deferrals and diagnostic logs generated to operate the email service).

Data Processing Addendum (DPA) — Summary of Key Terms

If you are a business customer and TrekMail processes Customer Content on your behalf, the following terms apply where required by applicable law and form part of the agreement between you and TrekMail (the "DPA Terms"):

  1. Subject matter and duration. TrekMail processes Customer Content solely to provide, secure, and maintain the Services for the duration of the customer's subscription and any post-termination period required to complete exports, resolve support issues, comply with legal obligations, or enforce our agreements.
  2. Purpose limitation / instructions. TrekMail will process Customer Content only:
    • to provide the Services as configured by the customer (including routing/forwarding/migration features), and
    • as otherwise documented by the customer through use of the Services and support requests, and
    • as required by applicable law.
  3. Confidentiality. TrekMail restricts access to Customer Content to authorized personnel and contractors who are bound by confidentiality obligations.
  4. Security measures. TrekMail maintains appropriate technical and organizational measures designed to protect Customer Content against unauthorized access, disclosure, alteration, or loss (including access controls and measures intended to protect sensitive configuration data such as SMTP and migration credentials).
  5. Subprocessors. TrekMail may use Subprocessors to help provide the Services (e.g., infrastructure hosting in the EU, monitoring, payments). TrekMail remains responsible for its Subprocessors' performance of their obligations with respect to Customer Content and will impose contractual data protection obligations on Subprocessors consistent with this Policy.
  6. Assistance. Taking into account the nature of the processing and the information available, TrekMail will provide reasonable assistance to the customer for:
    • responding to data subject requests relating to Customer Content (where applicable), and
    • supporting security and privacy obligations (e.g., incident information reasonably needed by the customer), subject to legal and security restrictions.
  7. Incident notification. TrekMail will notify the customer of a confirmed personal data breach affecting Customer Content without undue delay after becoming aware of it, and will share information reasonably necessary to support the customer's compliance obligations, to the extent available.
  8. Return or deletion. Upon termination of the Services, TrekMail will make Customer Content available for export via available tools (where applicable) and, thereafter, will delete or de-identify Customer Content within a reasonable period, except to the extent retention is required by law or necessary for security, dispute resolution, or enforcement.
  9. International transfers. TrekMail hosts email data within the European Union. Where Customer Content or related data is transferred outside the EEA/UK (for example, to payment or analytics subprocessors), TrekMail will use appropriate transfer safeguards recognized under applicable law (such as Standard Contractual Clauses and/or the UK Addendum/UK IDTA, as applicable).

If you require a signed DPA for enterprise procurement, you may request it through a support ticket from within the TrekMail dashboard.

3. Information We Collect

We collect information in three main ways: (1) information you provide, (2) information collected automatically, and (3) information from third parties.

A. Information You Provide

Account and Profile Information:

  • Name or username;
  • Organization/company name;
  • Authentication credentials (passwords, 2FA tokens).

Billing and Transaction Information:

  • Billing address and transaction records;
  • Payment status and invoices/receipts metadata (processed primarily by our payment providers; see Section 6).

Domain and Mailbox Configuration:

  • Domains you add and related DNS verification records;
  • Mailbox names, aliases, routing rules, forwarding configurations, and administrative settings.

Email Verification Data:

If you use the Email Verifier feature, we process:

  • Email addresses you submit for verification (stored temporarily for up to 15 days, then permanently deleted);
  • Verification results including status, trust score, and DNS metadata;
  • Credit balance and transaction records.
  • External Queries: To perform verification, TrekMail may query external data sources on a per-address basis, including DNS resolvers (MX, SPF, DMARC records), domain WHOIS/RDAP registrars (for domain age), DNS-based blocklists (such as Spamhaus and SURBL), Gravatar/Automattic (for web presence scoring), and may initiate SMTP connections to the recipient mail server to confirm mailbox existence. These queries transmit only the email address or domain being verified and are conducted solely to produce a verification result for you.
  • Note: We do not read, store, or process the content of any emails at these addresses. We only verify whether the address exists and can receive email.

Bring Your Own SMTP (BYO SMTP) Configuration:

If you use "Bring Your Own SMTP" or similar features, you may provide:

  • SMTP host, port, encryption mode;
  • SMTP username and password or API key/secret (collectively, "SMTP Credentials").
  • Note: We treat SMTP Credentials as Sensitive Configuration Data and limit access as described in Section 7.

Migration / Import Credentials:

If you use migration features (e.g., IMAP migration), you may provide:

  • Source server settings (host/port/security);
  • Source account credentials (passwords or app passwords) (collectively, "Migration Credentials").
  • Note: We use Migration Credentials solely to perform the requested migration/import.

API Tokens and Configuration:

If you use the TrekMail API or connect AI agents via the MCP server, you may create:

  • Operations token names (tm_live_ prefix), scopes (permissions), domain constraints, and expiration dates;
  • Message token names (tm_msg_ prefix) for programmatic email reading and sending, associated with specific mailboxes;
  • MCP server configuration (connection method, environment settings).
  • Note: Both token types are hashed (SHA-256) at rest. The plaintext token is shown once at creation and cannot be recovered. We store the hash, a visible prefix, and associated metadata (scopes, constraints) to authenticate and authorize API requests.

Email Content Access via API:

If you use message tokens to read or send email via the API or MCP server, TrekMail processes email content (message bodies, headers, attachments) on your behalf in accordance with your instructions. This access is logged in API audit events (see Section 3B below). TrekMail does not use email content accessed via message tokens for any purpose other than fulfilling your API request.

Affiliate Program Data:

If you participate in the TrekMail Affiliate Program, we collect and process:

  • Application information (name, promotional channels, audience description);
  • Tax documentation (such as IRS Forms W-9, W-8BEN, or W-8BEN-E), which is encrypted at rest using AES-256-CBC;
  • Payout details (payment method, recipient information as required by the selected payout rail);
  • Click and conversion tracking data (Affiliate Link clicks, attributed signups, commission events);
  • Activity logs (actions taken within the affiliate dashboard for compliance and fraud prevention purposes).
  • Note: Affiliate attribution is tracked via a cryptographically signed first-party cookie set when a visitor clicks an Affiliate Link. See our Cookie Policy for details.

B. Information Collected Automatically

Device and Usage Information:

  • IP address, device identifiers, browser type, OS;
  • Timestamps, pages viewed, and feature usage;
  • General location derived from IP (e.g., city/country).

Security and Abuse-Prevention Signals:

  • Login activity and authentication events, including IP address, approximate location derived from IP (city, country, region), device type, browser, and operating system;
  • Indicators of suspected fraud, abuse, or policy violations;
  • Rate-limiting events and throttling signals.

API Audit Logs:

When you use the TrekMail API or MCP server, we automatically record:

  • The API action performed (e.g., token created, mailbox deleted, forwarding updated);
  • The API token used (name and prefix only, not the secret);
  • The resource affected (type and identifier);
  • IP address of the request and a unique request ID;
  • Timestamp of the action.
  • Note: API audit logs are visible in your dashboard under AI Agents & API → Audit Log.

Email Delivery and Performance Metadata (Service Telemetry):

To operate and protect email functionality, we may process metadata such as:

  • Message envelope and routing metadata (e.g., sender/recipient domains, Message-IDs);
  • Delivery events (delivered, deferred, bounced, rejected), complaint signals, and diagnostics.

DMARC and TLS-RPT Reports:

To monitor and improve email authentication and transport security for your domains, TrekMail automatically ingests and processes:

  • DMARC aggregate reports sent by external mail servers, which contain IP addresses, authentication results (SPF/DKIM pass/fail), and message disposition data;
  • TLS-RPT (TLS Reporting) data sent by external mail servers, which contains information about TLS negotiation successes and failures for your domains.
  • Note: These reports are generated and sent by third-party mail servers in accordance with publicly published DNS records (DMARC and TLS-RPT policies) configured for your domains. TrekMail processes this data solely to provide deliverability analytics and security monitoring within your dashboard.

Analytics and Conversion Tracking:

To measure the effectiveness of our marketing efforts and improve the Service, we may collect:

  • Google Analytics 4 client identifiers and server-side event data (such as purchase and registration events transmitted via the GA4 Measurement Protocol);
  • Meta (Facebook) Pixel identifiers, including _fbp and _fbc cookie values, and server-side conversion events transmitted via the Meta Conversions API (such as purchase, registration, and checkout events). Advanced matching may include hashed email, first name, last name, and an external identifier.
  • Note: These analytics services are subject to cookie consent where required by applicable law. See our Cookie Policy for details on how to manage your preferences.

C. Information from Third Parties

  • Payment Providers: Confirmation of payment, chargeback notices.
  • Fraud Providers: Signals used to reduce abuse (e.g., IP reputation).
  • Social Login: If you use social login (Google, Facebook, X/Twitter, or Microsoft), we receive your email address (where provided by the provider), display name, and a unique provider identifier. You may link multiple social accounts to a single TrekMail account and manage these connections from your account settings.
  • Marketplace Purchases: If you purchase a TrekMail plan through an authorized third-party marketplace (such as ClickBank or JVZoo), we receive your email address, name, transaction identifier, and purchase details from the marketplace operator in order to provision your account and manage your subscription.

4. How We Use Information & Legal Bases

We use the information described above for the following purposes. If you are located in the EEA or UK, we process data based on the following legal grounds:

  1. Service Provision: To route, store, and deliver emails; manage domains; migrate data; and authenticate users.
    • Legal Basis: Performance of Contract.
  2. Billing: To process subscriptions and handle taxes.
    • Legal Basis: Performance of Contract and Legal Obligation.
  3. Security & Abuse Prevention: To detect, prevent, investigate, and respond to fraud, abuse, spam, malware, phishing, and security incidents. This includes automated decision-making (see Section 9).
    • Legal Basis: Legitimate Interests (protecting our platform and other users).
  4. Improvements: To troubleshoot, debug, and improve performance and reliability.
    • Legal Basis: Legitimate Interests.
  5. Communications: To send transactional messages (service notices, billing notices, security alerts) and respond to support tickets.
    • Legal Basis: Performance of Contract.
  6. Legal Compliance: To comply with applicable laws, lawful requests, and regulatory obligations.
    • Legal Basis: Legal Obligation.

Marketing: We do not use the content of your emails for marketing or advertising purposes. We may use your account contact info to send product updates, which you may opt-out of.

5. How We Share Information

We do not sell your personal data. We disclose personal data only as described below and only to the extent necessary to operate, secure, and provide the Service.

A. Service Providers (Subprocessors)

We engage carefully selected third-party vendors that process personal data on our behalf under written agreements that include confidentiality, security, and data protection obligations (each, a "Service Provider" or "Subprocessor"). Subprocessors may process personal data solely to provide services to TrekMail (and not for their own independent marketing purposes).

Key subprocessors we currently use include:

  • Stripe, Inc. (Payments / Subscription Billing). Used to process card payments, manage subscriptions, and support related fraud prevention and payment operations. Stripe acts as an independent service provider and may process payment-related data according to its own terms and privacy practices.
    Privacy: https://stripe.com/privacy
  • NOWPayments (Crypto Payments, where enabled). Used to facilitate cryptocurrency payments when you choose crypto checkout (typically for yearly plans). NOWPayments processes payment-related data according to its own terms and privacy practices.
    Privacy: https://nowpayments.io/privacy-policy
  • Google LLC (Security, Authentication, and Analytics). We use Google services in connection with account security, site/app functionality, and analytics, such as:
    • Google reCAPTCHA v2/v3 to prevent automated abuse on forms and authentication flows;
    • Google OAuth / "Continue with Google" to enable optional social login;
    • Google Analytics 4 (GA4) to understand how visitors use our website and to improve the Service, including client-side tracking and server-side event transmission via the GA4 Measurement Protocol (e.g., purchase and registration events). GA4 is subject to cookie/consent settings where required by applicable law.
    Google Privacy Policy: https://policies.google.com/privacy
  • Meta Platforms, Inc. (Facebook OAuth). We use Facebook Login / "Continue with Facebook" to enable optional social login. When you authenticate via Facebook, we receive your email address (if you grant permission), display name, and a unique Facebook identifier.
    Privacy: https://www.facebook.com/privacy/policy/
  • X Corp. (X/Twitter OAuth). We use X (formerly Twitter) Login / "Continue with X" to enable optional social login. When you authenticate via X, we may receive your email address (depending on your X privacy settings), display name, and a unique X identifier.
    Privacy: https://x.com/en/privacy
  • Microsoft Corporation (Microsoft/Entra ID OAuth). We use Microsoft Login / "Continue with Microsoft" to enable optional social login via Microsoft Entra ID (formerly Azure Active Directory). When you authenticate via Microsoft, we receive your email address, display name, and a unique Microsoft identifier. Scopes requested include openid, profile, email, and User.Read.
    Privacy: https://privacy.microsoft.com/en-us/privacystatement
  • Meta Platforms, Inc. (Facebook Pixel and Conversions API). In addition to Facebook Login (described above), we use the Meta Pixel (client-side) and Meta Conversions API (server-side) to measure advertising effectiveness and attribute conversions. These technologies may collect or receive: hashed identifiers (email, name), browser and device data, _fbp and _fbc cookie values, and conversion event data (such as registration, trial start, checkout initiation, and purchase events). Meta processes this data as an independent controller in accordance with its own privacy policy. The Meta Pixel and Conversions API are subject to cookie consent where required by applicable law.
    Privacy: https://www.facebook.com/privacy/policy/
  • Cloudflare, Inc. (DNS Management and CDN). Cloudflare is used in two ways: (1) DNS integration — if you use the Cloudflare DNS integration feature, TrekMail communicates with Cloudflare on your behalf to auto-provision DNS records (MX, SPF, DKIM, DMARC, MTA-STS) for your domains, either via the Domain Connect protocol or via Cloudflare's API; (2) Content Delivery Network (CDN) — certain UI assets (for example, the QRious QR-code library used in our two-factor authentication setup) are loaded from Cloudflare's public CDN (cdnjs.cloudflare.com). These CDN requests do not contain any personal data beyond standard browser request metadata (IP address, User-Agent). Cloudflare processes all data in accordance with its own privacy policy.
    Privacy: https://www.cloudflare.com/privacypolicy/
  • jsDelivr (CDN — Performance Assets). Certain UI libraries (for example, Chart.js used in dashboard analytics charts) are loaded from the jsDelivr public CDN (cdn.jsdelivr.net). jsDelivr is a non-tracking, open-source CDN. These requests do not contain any personal data beyond standard browser request metadata (IP address, User-Agent). jsDelivr is operated by Prospect One and processes request logs in accordance with its own privacy policy.
    Privacy: https://www.jsdelivr.com/privacy-policy-jsdelivr-net
  • ClickBank (Keynetics, Inc.) (Marketplace Purchases). If you purchase a TrekMail plan through the ClickBank marketplace, ClickBank processes your payment and transmits purchase details (email, name, transaction ID, product, and payment status) to TrekMail via Instant Notification Service (INS) webhooks and order verification API. ClickBank acts as an independent merchant of record for such transactions.
    Privacy: https://www.clickbank.com/privacy-policy/
  • JVZoo.com, Inc. (Marketplace Purchases). If you purchase a TrekMail plan through the JVZoo marketplace, JVZoo processes your payment and transmits purchase details (email, name, transaction ID, product, and payment status) to TrekMail via Instant Payment Notification (IPN) webhooks. JVZoo acts as an independent payment facilitator for such transactions.
    Privacy: https://www.jvzoo.com/privacy
  • Admitad GmbH (Affiliate Network — Conversion Attribution). We participate in the Admitad affiliate network to track conversions originating from Admitad publisher traffic. When a visitor arrives via an Admitad publisher link, Admitad sets a first-party _admitad_uid cookie (httpOnly, Secure) on our domain. If that visitor subsequently purchases a plan, we transmit a server-side conversion postback to Admitad containing the transaction identifier, commission-relevant order data, and the attribution cookie value — but not your full personal details such as name or email. Admitad processes this data as a performance marketing platform in accordance with its own privacy policy.
    Privacy: https://www.admitad.com/en/privacy-policy/

In addition, we may use infrastructure and hosting providers (for example, hosting, storage, networking, and backups) and monitoring/logging tools to operate and secure the Service. These vendors are authorized to access personal data only as needed to perform services for TrekMail and are contractually restricted from using personal data for other purposes.

No advertising sale/share. We do not sell personal data for money. We do not allow our Service Providers to use personal data for their own independent marketing purposes without your explicit consent.

Updates. We may update this Subprocessors section from time to time as we add, remove, or replace vendors. If changes are material, we may provide additional notice through the Service where appropriate.

B. Payment Providers

Payments are processed by third-party payment providers (e.g., Stripe). We receive limited information such as payment confirmation and transaction metadata.

C. Customer-Directed Disclosures

You may direct us to share information through integrations or by configuring routing to third-party services (e.g., external SMTP providers, forwarding destinations).

D. Legal, Safety, and Enforcement

We may disclose information if we believe it is necessary to:

  • Comply with law, regulation, legal process, or lawful government requests;
  • Protect the rights, property, and safety of TrekMail, our users, and others;
  • Detect, prevent, or address fraud, abuse, and security issues.

E. Business Transfers

If TrekGuider Inc. is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to confidentiality protections.

6. International Data Transfers

TrekMail's email infrastructure is hosted in the European Union (France). Your email data — including mailbox contents, attachments, and mail logs — is stored and processed within the EU.

Some supporting services (such as payment processing via Stripe and certain analytics tools) may process limited data outside the EU, including in the United States. Where such transfers occur, we rely on appropriate safeguards recognized under applicable law.

  • EEA/UK Users: For any data processed outside the EEA/UK, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), and/or specific derogations (such as performance of a contract) to legitimize such transfers.
  • All Users: Hosting email data within the EU means your data benefits from the protections of the EU General Data Protection Regulation (GDPR), regardless of where you are located.

7. Security

We implement administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, and alteration.

Sensitive Configuration Data:

SMTP Credentials and Migration Credentials are treated as "Sensitive Configuration Data." Access to this data is restricted to authorized systems and personnel on a strict need-to-know basis (e.g., specifically for debugging active migration failures).

Vulnerability Disclosure:

For coordinated vulnerability disclosure, please see our Security & Vulnerability Disclosure Policy.

Disclaimer: No security program is perfect, and we cannot guarantee absolute security. You are responsible for securing your login credentials and enabling 2FA.

8. Data Retention

We retain information for as long as reasonably necessary to provide the Services, comply with legal obligations, and prevent abuse.

  • Account/Billing: Retained for the life of the account plus a period for tax/audit compliance (typically 7 years).
  • Migration Credentials: Retained only as long as needed to complete the migration/import and then deleted or minimized.
  • Security and Authentication Logs: Login activity, authentication events, and related security signals are retained for 30–90 days for abuse detection and security monitoring.
  • API Tokens and Audit Logs: Revoked and expired API tokens are retained for reference. API audit events are retained for 90 days and then automatically purged. Idempotency keys are retained for 24 hours.
  • Email Content: Upon account deletion (which is scheduled with a 7-day grace period to allow cancellation), email content is deleted from the mail server. Backup copies may be retained for a limited period for disaster recovery purposes and are subject to the same access controls.
  • Email Verification Data: Email addresses submitted for verification and their results are retained for up to 15 days to allow result retrieval and download, and are then permanently deleted. Verification credit balances and transaction records are retained for the life of the account.
  • Affiliate Program Data: Click tracking data and activity logs are periodically purged in accordance with our internal retention schedules. Commission records and tax documentation are retained for the life of the affiliate relationship plus a period required for tax/audit compliance (typically 7 years). A financial snapshot is captured prior to account deletion to preserve audit integrity.
  • Support Ticket Attachments: Screenshots and images attached to support tickets are automatically deleted 30 days after the ticket is closed.
  • DMARC and TLS-RPT Reports: Aggregate report data is retained and rolled up into daily statistics for deliverability monitoring. Raw reports are processed and may be deleted after aggregation.

9. Automated Decision-Making and Profiling

We use automated systems, including machine learning models and rules-based logic, to help protect the Services and users. These systems may perform the following types of automated processing:

  • Spam and Malware Detection: Inbound and outbound email is scanned by automated classifiers (including Bayesian machine learning) to detect spam, phishing, malware, and other abusive content. Messages exceeding configured thresholds may be automatically rejected, quarantined, or flagged.
  • Abuse and Fraud Prevention: Automated systems monitor for suspicious patterns such as rapid sending, "snowshoe" spamming across domains, and abnormal API usage. These systems may automatically enforce rate limits, pause outbound sending, or restrict account functionality.
  • Email Verification Scoring: The Email Verifier assigns a trust score (0–100) to each submitted email address based on automated analysis of multiple signals (syntax, DNS, SMTP response, blocklist status, and heuristic indicators). This scoring is fully automated and does not involve human review of individual addresses.
  • Account Suspension: Accounts that trigger automated abuse-detection thresholds may be temporarily restricted pending review. Domains and mailboxes belonging to accounts suspended for abuse for more than 7 days may be automatically removed from the mail system.

These measures are designed to support the security and integrity of the platform. No solely automated decision produces legal effects or similarly significant effects on you without the availability of human review. If you believe an automated restriction was applied in error, you may request human review by submitting a support ticket. TrekMail will respond to such requests without undue delay.

10. Your Rights (US States & GDPR)

A. US State Privacy Rights

Subject to applicable law, residents of states with comprehensive privacy legislation — including, without limitation, California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Iowa, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, Tennessee, Indiana, Kentucky, and Rhode Island — may have the right to:

  • Right to Know/Access: Request details on the categories of personal information collected.
  • Right to Delete: Request deletion of personal information.
  • Right to Correct: Correct inaccuracies.
  • Do Not Sell/Share: TrekMail does not "sell" or "share" personal information as defined by the CCPA/CPRA for cross-context behavioral advertising.
  • Non-Discrimination: We will not discriminate against you for exercising these rights.

B. EEA/UK Rights

If you are in the EEA/UK, you may also have the right to:

  • Withdraw Consent: Where processing is based on consent.
  • Object/Restrict: Object to processing based on legitimate interests.
  • Lodge a Complaint: With a supervisory authority (EEA) or the ICO (UK).

How to Exercise Rights:

Submit a request via the TrekMail Support Dashboard ticket system (preferred) or via postal mail. We do not accept privacy requests via phone to protect account security.

11. Dispute Resolution

PLEASE READ THIS CAREFULLY.

Any dispute or claim relating in any way to your use of the Service or this Privacy Policy will be resolved by binding arbitration, rather than in court, as described in our Terms of Service. You waive any right to participate in a class action lawsuit.

12. Children's Privacy

The Services are not directed to children and are not intended for use by individuals under the age of 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website and will be effective as of the "Effective Date" above. If changes are material, we may provide additional notice.

14. Contact Information

We do not maintain a public phone line for legal compliance. All inquiries must be in writing.

Primary Contact Method:

Submit a ticket via the TrekMail Dashboard under "Privacy & Legal."

Mailing Address:

TrekGuider Inc.
Attn: Legal / Privacy Officer
1207 Delaware Ave, #2058
Wilmington, DE 19806
United States

Spam & Abuse Prevention

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We use cookies for essential functionality. No ads, no ad tracking.

or
Continue with Google Continue with Facebook Continue with X Continue with Microsoft
or
Continue with Google Continue with Facebook Continue with X Continue with Microsoft

Reset email sent

If an account exists for this email, we've sent password reset instructions.

By continuing, you agree to TrekMail's Terms and Privacy Policy.