Privacy Policy

Last updated: April 3, 2026

1. Who we are

Mailticket ("we", "us", "our") operates the mailticket.io website and the app.mailticket.io application. This privacy policy explains how we collect, use, and protect your personal data.

Contact: hello@mailticket.io

2. Data we collect

Account data: email address, name (if provided), authentication credentials.

Email data: when you forward emails to Mailticket, we receive and store the email content, headers, attachments, sender and recipient addresses. This is the core function of the service.

Usage data: ticket counts, inbox counts, and billing status.

Technical data: IP addresses, browser type, and access logs for security and debugging purposes. We do not use tracking cookies or third-party analytics.

3. How we use your data

  • To provide the ticketing service (receiving, storing, and sending emails)
  • To authenticate your account
  • To enforce plan limits
  • To process payments via our billing provider
  • To communicate service updates or security notices
  • To protect against abuse and fraud

4. Legal basis (GDPR)

We process data based on:

  • Contract performance: to provide the service you signed up for
  • Legitimate interest: security, fraud prevention, service improvement
  • Legal obligation: where required by law

5. Data storage and location

All data is stored in the European Union (Frankfurt, Germany). Our database, authentication, and file storage are hosted on EU servers. We do not transfer personal data outside the EU.

6. Third-party services

We use the following sub-processors:

  • Supabase (EU) — database, authentication, file storage
  • Resend (EU) — email sending and receiving
  • Render (EU) — application hosting
  • Polar.sh — payment processing
  • Cloudflare — bot protection (Turnstile)

7. Data retention

We retain your data for as long as your account is active. When you delete your account, we delete all associated data (inboxes, tickets, messages, attachments) within 30 days. Billing records may be retained longer as required by law.

8. Your rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data (portability)
  • Object to processing
  • Lodge a complaint with a supervisory authority

To exercise these rights, email hello@mailticket.io.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies. Theme preference is stored in your browser's local storage.

10. Security

We use encryption in transit (TLS), encrypted storage, and access controls to protect your data. Authentication tokens are stored in httpOnly cookies and are not accessible to client-side scripts.

11. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via email or an in-app notice. The "last updated" date at the top reflects the most recent revision.