TrekMail logo TrekMail

Privacy Policy

Last updated: November 22, 2025

Summary of Our Privacy Practices

This summary highlights how we handle your data when you use the TrekMail.net email hosting platform ("TrekMail" or the "Service"). For full details, please read the complete Privacy Policy below.

  • What We Collect. We collect information you provide when you create and manage your account and domains (for example, name, account credentials, domain configuration, payment information), technical and usage data (such as IP address, logs, cookies), support and ticket data, and, in certain cases, email content and metadata necessary to provide secure email hosting and delivery.
  • Why We Collect It. We use your data to operate and secure the TrekMail platform, host and route your email, manage your domains and mailboxes, process your subscriptions via Stripe, detect abuse (spam, fraud, attacks), provide support through the built-in ticketing system, and comply with legal obligations.
  • Who We Share It With. We share data with carefully selected service providers who help us run TrekMail, such as payment processors (Stripe), hosting and infrastructure providers, logging and monitoring providers, analytics services, and security vendors. We do not sell your personal data.
  • Your Rights. Depending on where you live, you may have rights to access, correct, delete, restrict, or export your personal data, and to object to certain processing activities. You can exercise your rights by submitting a ticket through your TrekMail dashboard.
  • Cookies. We use cookies and similar technologies on the TrekMail marketing site and, to a limited extent, within the app for security, session management, analytics, and product improvement. Details are provided in our Cookie Policy.
  • Security. We apply industry-standard technical and organizational measures, including encryption, access controls, logging, and periodic security reviews, to protect your information.

By using TrekMail, you acknowledge that you have read and understood this Privacy Policy.

1. Introduction

1.1. Purpose of This Privacy Policy

This Privacy Policy ("Policy") explains how TrekGuider Inc. ("TrekMail," "we," "our," or "us") collects, uses, stores, discloses, and protects personal data when you use the TrekMail.net website, the TrekMail application, and related services (collectively, the "Service").

We are committed to safeguarding your privacy in accordance with applicable data protection laws, including, where applicable, the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other relevant privacy regulations.

1.2. Scope and Applicability

This Policy applies to:

  • Visitors to the TrekMail marketing website (for example, trekmail.net and related subdomains);
  • Registered users of the TrekMail application (including free and paid plan users);
  • Administrative contacts for customer accounts;
  • Individuals who interact with TrekMail via forms, authentication flows (including social login), and the in-app ticketing system.

This Policy does not govern how our customers (for example, companies or individuals who use TrekMail to host email for their own domains) choose to handle personal data in their own capacity as controllers. Where you are an end recipient or sender of email to or from a TrekMail-hosted domain, TrekMail generally processes your data as a processor on behalf of our customer. In such cases, you should consult the privacy notices of the relevant domain owner or organization (our customer) for more information about their practices.

This Policy forms part of, and is incorporated into, our Terms of Service and is complemented by our Cookie Policy and any applicable Data Processing Agreement.

1.3. Roles: Controller and Processor

  • Controller. For personal data related to your TrekMail account, billing and subscription management, security logs, and our own website analytics and communications, TrekMail acts as a data controller.
  • Processor. For personal data contained in email messages, headers, attachments, and related metadata processed in the course of providing email hosting services for our customers’ domains, TrekMail typically acts as a data processor, processing such data solely on documented instructions from the relevant customer (the domain owner), except where we are required to process it independently by law (for example, for security, anti-abuse, or legal compliance purposes).

2. Types of Data We Collect

2.1. Account and Contact Information

When you create or manage a TrekMail account, we may collect:

  • Name and contact details (for example, name, display name, locale, time zone);
  • Login credentials (for example, email address or username and password);
  • Account profile details (for example, avatar, organization name, role);
  • Security settings (for example, 2FA status, TOTP secret, recovery options).

2.2. Domain and Configuration Data

When you connect and manage domains in TrekMail, we process information such as:

  • Domain names and related DNS records (for example, MX, SPF, DKIM, DMARC, TXT);
  • Domain verification status and DNS check results;
  • Mailbox configuration and routing preferences;
  • Aliases, forwarding rules, and filtering settings (where supported).

This information is necessary to route and deliver email correctly and to maintain the health and security of your domain configuration.

2.3. Mailbox and Email Data

In order to provide email hosting, we process:

  • Mailbox metadata: mailbox identifiers, associated domain, status (active/suspended), quotas, usage statistics;
  • Email metadata: sender and recipient addresses, message IDs, timestamps, routing information, and similar transport-level data;
  • Email content: subject lines, body content, and attachments, to the extent they pass through or are stored on the underlying mail infrastructure integrated with TrekMail (for example, your configured mail server stack or an integrated provider);
  • Indexes and flags: read/unread status, folder organization, labels, flags, and other features necessary for webmail and IMAP/POP compatibility.

We do not use email content for advertising or generic behavioral profiling. Processing of email content is strictly limited to:

  • Delivering, storing, syncing, and retrieving messages at your request (or your users’ request);
  • Supporting webmail features (search, indexing, foldering, message flags);
  • Spam and abuse detection, malware and phishing protection, and security monitoring;
  • Troubleshooting and support, when access is strictly necessary and appropriately logged.

2.4. Billing and Subscription Data

For paid plans, we collect and process:

  • Plan and subscription details (plan type, limits, renewal dates, status);
  • Limited billing and transaction data (amount, currency, timestamps, last four digits of card, card type, billing country), as provided via our payment processor Stripe;
  • Tax-related data and invoices where applicable.

Full payment card details are processed and stored by Stripe or other PCI-compliant processors, not by TrekMail.

2.5. Technical and Usage Data

When you visit the TrekMail site or use the application, we may automatically collect:

  • IP address, approximate location derived from IP (city/region level);
  • Device information (browser type and version, operating system, device identifiers);
  • Log data such as HTTP requests, authentication logs, webmail access logs, IMAP/SMTP connection logs, and admin panel access logs;
  • Session identifiers and security tokens;
  • Error logs and diagnostic data related to app performance.

This data is used for operational purposes, debugging, performance monitoring, and security (including detecting abuse and unauthorized access).

2.6. Support and Communication Data

When you use the built-in ticketing system or otherwise communicate with us through the Service, we process:

  • Ticket content and correspondence, including messages you submit and our replies;
  • Attachments you choose to upload (for example, screenshots, configuration files, log samples);
  • Internal notes and status indicators associated with your tickets;
  • Notification preferences related to support communications.

We do not provide a public support email address. All electronic communication with TrekMail support and legal/information rights requests is handled through the in-app ticketing system in your account.

2.7. Social Login Data (Google OAuth)

If you choose to sign up or log in using Google OAuth or similar social login providers, we may receive:

  • Your name;
  • Primary email address;
  • Profile picture (where available);
  • Other limited profile information as permitted by your settings with that provider.

This information is used solely to create and manage your TrekMail account and streamline authentication. Any additional processing by the social login provider is governed by their own privacy policy.

2.8. Cookies and Similar Technologies

We use cookies and similar technologies on our marketing site and within the application to:

  • Maintain sessions and security (for example, CSRF protection, authentication cookies);
  • Remember preferences (for example, theme, language, UI settings);
  • Perform analytics and product improvement;
  • Protect forms and flows (for example, Google reCAPTCHA v2 and v3).

For more details, including categories of cookies and how to manage your preferences, please refer to our Cookie Policy.

3. Purposes and Legal Bases for Processing

We process personal data for the purposes described below and under the legal bases permitted by applicable law.

3.1. Service Provision and Account Management

We process your data to:

  • Register and authenticate users;
  • Provide access to the TrekMail dashboard and webmail;
  • Configure and manage domains, mailboxes, and routing;
  • Deliver, store, and sync email;
  • Offer migration tooling and utilities;
  • Maintain your account settings and preferences.

Legal bases:

  • Performance of a contract (GDPR Art. 6(1)(b));
  • Legitimate interests in providing and improving the Service (GDPR Art. 6(1)(f)).

3.2. Security, Abuse Prevention, and Service Integrity

We process personal data, including logs and certain email metadata, to:

  • Secure the platform, protect against unauthorized access and attacks;
  • Detect and mitigate spam, phishing, malware, and abuse;
  • Enforce rate limits, anti-abuse measures, and fair use limits;
  • Monitor performance and reliability of the underlying infrastructure;
  • Support administrator functionalities such as secure, logged impersonation of accounts for troubleshooting (where enabled), strictly limited to support and security purposes.

Legal bases:

  • Legitimate interests in ensuring the security and proper functioning of the Service;
  • Compliance with legal obligations related to security and incident response.

3.3. Billing, Payments, and Account Lifecycle

We process billing and subscription data to:

  • Manage plan subscriptions and usage limits;
  • Process payments and refunds via Stripe;
  • Issue invoices, receipts, and tax documentation where applicable;
  • Handle payment-related disputes and chargebacks.

Legal bases:

  • Performance of a contract;
  • Compliance with legal obligations (for example, tax and accounting);
  • Legitimate interests in efficient financial administration.

3.4. Support and Communications

We use your data to:

  • Respond to support tickets and technical inquiries;
  • Provide service-related notifications (for example, security alerts, domain verification issues, quota warnings, plan changes, scheduled maintenance);
  • Communicate changes to our terms and policies.

Legal bases:

  • Performance of a contract;
  • Legitimate interests in maintaining customer relationships and ensuring proper operation of the Service;
  • Compliance with legal obligations where notices are required.

3.5. Product Analytics and Improvement

We may use aggregated or pseudonymized data to:

  • Analyze how the Service is used;
  • Diagnose performance issues;
  • Inform product roadmap and feature implementation;
  • Run A/B tests to improve UX.

Where analytics involve cookies and similar technologies, we rely on:

  • Consent where required by applicable law (for example, for non-essential cookies);
  • Legitimate interests for strictly necessary analytics and service-level metrics.

3.6. Marketing

TrekMail is primarily an infrastructure-level and B2B/B2D-oriented service. We may use your contact information to:

  • Send you service-related updates, release notes, and security communications;
  • Provide carefully targeted product announcements, offers, or newsletters, where permitted.

You can opt out of non-essential marketing communications at any time via your account settings or by following the instructions in the relevant communication. Service-critical emails (for example, security alerts or legal notices) are not considered marketing and cannot generally be opted out of.

Legal bases:

  • Consent (for marketing communications where required by law);
  • Legitimate interests in promoting and developing our services (subject to your right to object).

3.7. Legal Compliance and Protection

We may process your personal data to:

  • Comply with legal and regulatory obligations (for example, tax, accounting, sanctions, export control, fraud prevention);
  • Cooperate with lawful requests from competent authorities, where required;
  • Enforce our Terms of Service, prevent abusive or illegal behavior, and protect the rights, property, and safety of TrekMail, our customers, and third parties.

Legal bases:

  • Compliance with a legal obligation;
  • Legitimate interests in protecting our operations and users.

4. Data Sharing and Third-Party Services

4.1. Service Providers (Processors)

We engage carefully selected third parties as service providers, who process data on our behalf under written contracts that include data protection obligations. These may include:

  • Hosting and Infrastructure Providers: Cloud hosting, database hosting, storage, networking, and content delivery services that host the TrekMail platform and its data.
  • Payment Processors (for example, Stripe): For secure processing of payments, subscription management, and related fraud prevention measures.
  • Email and Notification Providers: For sending system notifications (for example, password reset emails, security alerts) where such messages are not delivered via your own domain.
  • Analytics and Monitoring Providers: For collecting aggregated analytics, application performance metrics, and logs to improve reliability and user experience.
  • Security, Logging, and Anti-Abuse Tools: For protecting the platform, detecting suspicious activity, and mitigating threats.
  • Customer Support and Ticketing Tools (if any third-party components are integrated): For managing and tracking support requests. Where support is entirely native to TrekMail, data remains under our direct control in our own infrastructure.

Where we use services such as Google reCAPTCHA, Google OAuth, or similar tools, these providers may collect certain information directly in accordance with their own privacy policies.

We do not sell personal data and do not allow third-party service providers to use your personal data for their own independent marketing purposes without your explicit consent.

4.2. Legal Disclosures

We may disclose personal data if we reasonably believe such disclosure is:

  • Required by applicable law, regulation, or legal process;
  • Necessary to respond to lawful requests from public authorities;
  • Necessary to protect the rights, property, or safety of TrekMail, our customers, or others;
  • Necessary to detect, prevent, or otherwise address fraud, security, or technical issues.

4.3. Business Transfers

If TrekMail or TrekGuider Inc. is involved in a merger, acquisition, asset sale, reorganization, or similar transaction, your personal data may be transferred as part of that transaction. In such cases, we will take reasonable steps to ensure the confidentiality of your personal data and will notify you, where required by law, before your personal data is transferred and becomes subject to a different privacy policy.

5. Cookies, Analytics, and Tracking

We use cookies and similar technologies for:

  • Strictly Necessary Purposes: Authentication, session management, security, and essential functionality.
  • Preferences and Features: Remembering theme, language, layout, and other user preferences.
  • Analytics: Understanding how visitors use our site and app, so we can improve the Service.
  • Protection: Google reCAPTCHA v2 and v3 on forms to mitigate spam and automated abuse.

Where required by law, we will request your consent before placing non-essential cookies on your device. You can manage your cookie settings via your browser and through any cookie preferences interface we provide.

For further information, please refer to our Cookie Policy.

6. Data Security and Retention

6.1. Security Measures

We implement technical and organizational measures appropriate to the risk, including:

  • Encryption in transit (TLS/SSL) and, where applicable, encryption at rest;
  • Segregation of environments (production vs. development/test);
  • Role-based access control, least-privilege principles, and multi-factor authentication for administrative access;
  • Logging and monitoring of access to sensitive systems and data;
  • Regular updates and patching of infrastructure and dependencies;
  • Periodic security reviews, internal audits, and, where appropriate, external assessments.

No system can be guaranteed to be 100% secure. However, we take reasonable steps to reduce the likelihood and impact of security incidents and maintain incident response procedures.

You are responsible for:

  • Maintaining the confidentiality of your credentials;
  • Choosing strong, unique passwords;
  • Enabling two-factor authentication (2FA) where available;
  • Promptly notifying us via a support ticket if you suspect unauthorized access.

6.2. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law. The exact retention period may vary depending on the category of data and the context of processing. Indicative examples include:

  • Account and Profile Data: Retained for the duration of your account and for a reasonable period after closure (for example, up to 7 years) to comply with legal obligations, maintain records, and handle potential disputes.
  • Billing and Transaction Data: Retained for at least 7 years, or longer if required by applicable tax and accounting laws.
  • Technical Logs and Security Data: Retained for periods appropriate to security, troubleshooting, and compliance needs, typically ranging from several weeks to several years, depending on the type of log and applicable legal obligations.
  • Support Tickets and Communications: Retained for a period necessary for quality assurance, training, and dispute resolution (for example, up to 2–3 years), unless a longer period is required by law or reasonably justified.
  • Email Content and Metadata: Typically retained for as long as your account and mailboxes remain active and you choose to store such messages, subject to plan limits and your own retention practices. Backup and archival copies may persist for limited periods after deletion, in accordance with our backup and disaster recovery policies.

We may anonymize or aggregate data so it is no longer reasonably capable of identifying you, in which case we may retain such information for longer for statistical, analytical, or product-development purposes.

7. Your Data Protection Rights

Depending on your location and applicable law, you may have some or all of the rights described below in respect of your personal data.

7.1. Right of Access

You may have the right to obtain confirmation as to whether we process personal data concerning you and, if so, to request access to that personal data, including certain information about the processing (for example, purposes, categories, recipients, retention periods).

7.2. Right to Rectification

You may have the right to request correction of inaccurate personal data and to have incomplete data completed. Many profile-level corrections can be made directly via your TrekMail account settings.

7.3. Right to Erasure (Right to Be Forgotten)

You may have the right to request the deletion of your personal data, subject to certain legal limitations, for example where:

  • The data is no longer necessary for the purposes for which it was collected;
  • You withdraw consent (where processing is based on consent);
  • You successfully object to processing;
  • The data has been unlawfully processed; or
  • Erasure is required by law.

We may retain certain data where we have an overriding legal obligation or legitimate interest to do so (for example, transactional and accounting records).

7.4. Right to Restrict Processing

In certain circumstances, you may have the right to request that we restrict the processing of your personal data, for example while we verify its accuracy or consider an objection.

7.5. Right to Data Portability

Where technically feasible, and where the processing is based on consent or contract and carried out by automated means, you may have the right to receive personal data concerning you in a structured, commonly used, machine-readable format, and to transmit that data to another controller.

7.6. Right to Object

You may have the right to object to processing based on our legitimate interests, including profiling, and to object at any time to the processing of your personal data for direct marketing purposes.

7.7. Right to Withdraw Consent

Where we rely on your consent (for example, for certain marketing communications or non-essential cookies), you may withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

7.8. Additional Rights for California Residents

If you are a resident of California, you may, subject to applicable limitations, have additional rights under the CCPA/CPRA, including:

  • The right to know the categories and specific pieces of personal information we have collected about you;
  • The right to request deletion of your personal information;
  • The right to correct inaccurate personal information;
  • The right to opt out of the "sale" or "sharing" of your personal information (as those terms are defined in the CCPA/CPRA);
  • The right to be free from discriminatory treatment for exercising your rights.

TrekMail does not sell your personal information and does not share your personal information for cross-context behavioral advertising in the sense of the CCPA/CPRA.

7.9. Exercising Your Rights

To exercise any of your data protection rights in relation to TrekMail, please submit a request through the in-app ticketing system:

  • Log in to your TrekMail account (or create a free account);
  • Open the dashboard and navigate to the support or ticket section;
  • Create a new ticket and select the category "Privacy & Legal" (or a materially equivalent designation if the interface uses different wording);
  • Clearly describe the nature of your request and the rights you wish to exercise.

We may need to verify your identity and ownership of the account before processing your request. Where we act as a processor on behalf of a customer, we may refer your request to the relevant customer or require that you contact them directly.

We will respond within the timeframes required by applicable law.

7.10. Complaints to Supervisory Authorities

You also have the right to lodge a complaint with a competent data protection authority if you believe that your rights have been violated or that your personal data is not being handled in accordance with applicable law. We encourage you to first contact us via the ticketing system so we can attempt to resolve your concerns.

8. Children’s Privacy

The TrekMail Service is intended for use by adults and is not directed to children under the age of 16 (or other age as defined by local law). We do not knowingly collect personal data from children through the Service. If we become aware that we have inadvertently collected personal data from a child in violation of applicable law, we will take reasonable steps to delete such data.

9. International Data Transfers

TrekMail is operated by TrekGuider Inc. in the United States. We and our service providers may process your personal data in countries other than the country in which you are located, including the United States and other jurisdictions that may not provide the same level of data protection as your home country.

Where required by law, we implement appropriate safeguards for such transfers, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or other standard forms of data export agreements;
  • Other appropriate safeguards or derogations permitted by applicable law.

You may request additional information about such safeguards by submitting a ticket under the "Privacy & Legal" category in your TrekMail dashboard.

10. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

  • Effective Date of Changes: The "Last updated" date at the top of this Policy indicates when it was last revised. Any changes will become effective when we post the revised Policy on the TrekMail website, unless a later effective date is expressly stated.
  • Notification of Material Changes: Where changes are material and, in our reasonable view, significantly affect your rights or obligations, we will endeavor to provide additional notice by appropriate means, such as a prominent notice in the application, a dashboard message, or other in-service communication.

We encourage you to review this Policy periodically to stay informed about how we process your personal data.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data protection practices, you can contact us using the following official channels:

  • In-App Ticketing System (Primary Contact Method): Log in to your TrekMail account (or create a free account), navigate to the support/ticket section in your dashboard, and open a ticket under the "Privacy & Legal" (or equivalent) category. All electronic privacy and legal inquiries must be submitted via this channel.
  • Postal Address:
    TrekGuider Inc.
    1207 Delaware Ave #2058
    Wilmington, DE 19806
    United States

We will endeavor to respond to your request within the timeframes required by applicable law and, in general, within 30 business days where feasible.

By using TrekMail.net or creating a TrekMail account, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

We use cookies to ensure functionality. No tracking pixels or third-party ads.