ComplexMail

Privacy Policy

Last updated: February 13, 2026

Introduction

ComplexMail ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email service.

Information we collect

Account information

  • Email address (@complexmail.com)
  • Password (hashed, never stored in plain text)
  • Encryption password choice and encrypted value (if custom)

Technical information

  • Session tokens (stored securely in httpOnly cookies)
  • IP address (for security and rate limiting)
  • Browser type and version (for compatibility)

Email content

Email messages are stored on our mail server infrastructure (Mailcow). We do not access or read your email content except as necessary to provide the service (e.g., spam filtering, delivery).

How we use your information

  • To provide and maintain our email service
  • To authenticate your account and manage sessions
  • To process email delivery and storage
  • To protect against fraud, abuse, and security threats
  • To comply with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Cookies and tracking

We use cookies only for essential functionality (session management). We do not use tracking cookies, analytics, or advertising cookies without your explicit consent. For more details, see our Cookie Policy.

Data security

We implement appropriate technical and organizational measures to protect your personal information:

  • Passwords are hashed using bcrypt
  • Session tokens are stored in httpOnly, secure, sameSite=strict cookies
  • Encryption passwords are encrypted at rest using AES-256-GCM
  • Database connections use SSL/TLS
  • Regular security audits and updates

Your rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access - Request a copy of your personal data
  • Rectification - Request correction of inaccurate data
  • Erasure - Request deletion of your account and data
  • Restriction - Request limitation of processing
  • Portability - Request your data in a portable format
  • Objection - Object to processing of your data

To exercise these rights, please contact us through your account settings or by email.

Data retention

We retain your account information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or security purposes.

Third-party services

ComplexMail uses Mailcow for email infrastructure. Mailcow processes email data on our behalf under our instructions. We do not share your data with other third parties except as required by law.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page.

Contact us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us through your account settings.