Your inbox and other personal information are yours even though we help you by storing it and making it accessible through our user-friendly interface. Exactly which part of your data is processed by us and why, depends on how you are using our Website and the StartMail Service.
1. Visiting our Website, until the session ends
When you visit the Website, the following details are automatically processed for the duration of your session:
- Your IP address
→ to allow effective troubleshooting.
- Browser and operating system type and version
→ to display the Website in the right format for your browser and operating system.
- Browser language settings
→ to show you the Website in the right language.
- Country (based on IP-address), date and time
→ to know in which countries and at what moments our marketing efforts appear to be effective.
- Origin of your visit (such as whether you directly typed the Website URL, or accessed the Website through a search engine query or link from another website)
→ to assess the success of our search engine optimization and information outreach efforts.
- Clicked links and visited (parts of) pages on our Website
→ to help us get an idea of which of our pages appear to be effective to inform our visitors. When your session ends all of this information is either deleted or anonymized, with the exception of the IP address, which will be anonymized (using a sha-256 hash with salt) after a maximum of 48 hours, and completely deleted within a maximum of 3 days (33 days for beta accounts).
When your session ends all of this information is either deleted or anonymized, with the exception of the IP address, which will be anonymized (using a sha-256 hash with salt) after a maximum of 48 hours, and completely deleted within a maximum of 3 days (33 days for beta accounts).
We collect the anonymized information above, excluding the SHA-256 hash of your IP address, on an aggregate level, in order to analyse usage trends and for troubleshooting purposes.
2. Signing up for an Account
When signing up for the StartMail Service you are asked to provide:
- A name that you choose (optional and may be an alias or pseudonym, but see also our Terms of Service),
→ to be able to address you when we communicate with you.
- Your desired email address (required),
→ to provide you with your StartMail email address.
- A password (required),
→ to provide authentication for your Account.
- A Recovery Email Address (optional, see also our ToS),
→ to communicate with you in the event that you need to recover access to your StartMail Account should you ever lose your password.
- An invite code (optional, if you have one),
→ to give you the benefit of a promotional offer.
- Your preference as to whether you would like to subscribe to our newsletter(s),
→ to send you our newsletters only if you want to receive them.
3. Paying for a Personal Account
For the Personal StartMail Service, we offer various payment methods.
A specialized payment provider (Ogone) processes payment and registers card numbers and secure codes. They have strict security standards, as laid down in the Payment Card Industry Security Standards (PCI DSS), with which they are fully compliant. They store any account payment details under a unique number, but cannot connect the payment data to the account email address. The StartMail system also works with this unique number and has no direct access to Ogone’s system – effectively separating the two systems. StartMail also offers anonymous payment methods for additional privacy.
4. Using the StartMail Service
- All of your email messages are stored in a secure User Vault on our servers. All information in the vault is encrypted (see StartMail Gives You Ironclad Data Protection on how we use encryption to protect your data)
- Everything you can see through the regular user interface (your inbox and folders, including spam folder) is stored, and is stored safely in the User Vault.
- Additionally, the following is also stored in the User Vault:
- personalized spam preferences of the User as part of the self-learning process of the spam filter
- a search index, which allows an efficient email search functionality
For several functions in the StartMail Service, such as logging in or account recovery, a SHA-256 hash of your IP-address is stored for several minutes for the purpose of preventing brute force attacks.
When you use the StartMail Service to send an email, your IP address is not included in the header of the email. Instead our IP address is shown.
5. Communicating with Us
Under certain circumstances you may provide information about yourself to us, for example, by sending feedback or asking a question. If this information can be linked, without disproportionate effort, to your real identity, we will treat it as personal information.
We strive to ensure that any of your personal information we obtain through your communication with us, is used solely to address the reason you contacted us. We will make every reasonable effort to delete any personal data that is no longer needed from our systems. Our support system is physically completely separated from the StartMail system.
Deleted is Deleted
When you delete an email, it is immediately deleted from our production servers, unlike what happens with many other webmail providers. Only on the off-site backups (which are fully encrypted, of course) a copy will remain for the maximum retention period of three days.
Your Account will be stored for as long as our Agreement remains in force. When an Agreement is fully terminated, all data contained in the Account, including all emails, will be deleted permanently.
Viewing and Amending your Personal Data