Privacy/Mail: Difference between revisions
(Created page with "This policy applies to personal identity information when using the Nasqueron mail services. This private policy supplements the general private policy to explain the policies and procedures on the collection, use and disclosure of the information, specific to the mail services. The general private policy applies for any point not described otherwise in this policy. ''Last updated:2024-10-26.'' ==...") |
No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
This policy applies to personal identity information when using the Nasqueron mail services. | This policy applies to personal identity information when using the Nasqueron mail services. | ||
This private policy supplements the [[Privacy/General privacy policy|general private policy]] | This private policy supplements the [[Privacy/General privacy policy|general private policy]] by outlining the specific policies and procedures for the collection, use and disclosure of the information in relation to mail services. | ||
The [[Privacy/General privacy policy|general private policy]] applies for any point not | The [[Privacy/General privacy policy|general private policy]] applies for any point points not otherwise addressed in this document. | ||
''Last updated:2024-10-26.'' | ''Last updated: 2024-10-26.'' | ||
== Mail infrastructure == | == Mail infrastructure == | ||
| Line 17: | Line 17: | ||
* IP addresses used to connect to the service | * IP addresses used to connect to the service | ||
* IP addresses of other mail servers connecting to the service to transfer mails (SMTP to SMTP) | * IP addresses of other mail servers connecting to the service to transfer mails (SMTP to SMTP) | ||
* | * Mail content, including any personally identifiable information it may contain | ||
=== Retention === | === Retention === | ||
'''When we act as a transfert agent.''' When sending an e-mail for another mail server | '''When we act as a transfert agent.''' When sending an e-mail for another mail server (e.g. when you send an e-mail to a @gmail.com address or any domain NOT managed on Nasqueron), the mail content and metadata are stored in our servers only as long as necessary to forward it to the destination SMTP server. The data is deleted once the destination server has acknowledged the e-mail. Some metadata are logged by the mail server software and processed according to the log retention policy. | ||
'''Mail content.''' When | '''Mail content.''' When using a combination of POP and SMTP, mails are kept only as long as necessary for collection and transfer. When using IMAP, the mails are kept on the server until you delete them via an IMAP client, including webmails clients, which typically use IMAP. You have full control over the retention of any received mails. However, keep in mind that the sender and any other recipients also have copies. You do not control sent emails; instead, they are managed first during transfer by the maintainers of the SMTP servers involved in delivery, and then by the email recipients. | ||
'''Logs | '''Logs:''' Mail logs are essential for identifying abuse patterns, monitoring ongoing attacks, and troubleshooting communication issues between servers or clients. We are currently implementing a retention policy and technical mechanisms to enforce it. In the meantime, logs are stored as long as there is a legitimate interest to retain them. | ||
=== Transfer === | === Transfer === | ||
| Line 37: | Line 36: | ||
==== Use of third-party services ==== | ==== Use of third-party services ==== | ||
'''Gravatar.''' When using Snappymail to read email, the Gravatar service is used to fetch avatars matching the e-mail senders. In doing so, a SHA-256 hash of each sender’s email address is transmitted to the Gravatar service. With current cryptographic technology, the e-mail address itself cannot be retrieved from the hash. The Gravatar service is operated by Automattic Inc. | '''Gravatar.''' When using Snappymail to read email, the Gravatar service is used to fetch avatars matching the e-mail senders. In doing so, a SHA-256 hash of each sender’s email address is transmitted to the Gravatar service. With current cryptographic technology, the e-mail address itself cannot be retrieved from the hash. The Gravatar service is operated by Automattic Inc. | ||
[[Category:Privacy policy]] | |||
[[Category:Mail]] | |||
Latest revision as of 19:09, 26 October 2024
This policy applies to personal identity information when using the Nasqueron mail services.
This private policy supplements the general private policy by outlining the specific policies and procedures for the collection, use and disclosure of the information in relation to mail services.
The general private policy applies for any point points not otherwise addressed in this document.
Last updated: 2024-10-26.
Mail infrastructure
When using our mail infrastructure, including our SMTP, IMAP and POP servers, the following privacy policies apply.
Type of data collected
Personally identifiable information may include, but is not limited to:
- Mail infrastructure use - SMTP / IMAP / POP
- IP addresses used to connect to the service
- IP addresses of other mail servers connecting to the service to transfer mails (SMTP to SMTP)
- Mail content, including any personally identifiable information it may contain
Retention
When we act as a transfert agent. When sending an e-mail for another mail server (e.g. when you send an e-mail to a @gmail.com address or any domain NOT managed on Nasqueron), the mail content and metadata are stored in our servers only as long as necessary to forward it to the destination SMTP server. The data is deleted once the destination server has acknowledged the e-mail. Some metadata are logged by the mail server software and processed according to the log retention policy.
Mail content. When using a combination of POP and SMTP, mails are kept only as long as necessary for collection and transfer. When using IMAP, the mails are kept on the server until you delete them via an IMAP client, including webmails clients, which typically use IMAP. You have full control over the retention of any received mails. However, keep in mind that the sender and any other recipients also have copies. You do not control sent emails; instead, they are managed first during transfer by the maintainers of the SMTP servers involved in delivery, and then by the email recipients.
Logs: Mail logs are essential for identifying abuse patterns, monitoring ongoing attacks, and troubleshooting communication issues between servers or clients. We are currently implementing a retention policy and technical mechanisms to enforce it. In the meantime, logs are stored as long as there is a legitimate interest to retain them.
Transfer
The PII is processed only on Nasqueron infrastructure.
Webmail use
Snappymail
Inclusion of sender’s IP address in outgoing e-mails
When using Snappymail to send an email (not to read them), the platform is not anonymous. The system is configured to add an X-Originating-IP header to outgoing messages, which contains the sender's IP address. The HTTP client address, typically the browser's IP address, is used as the source value.
Use of third-party services
Gravatar. When using Snappymail to read email, the Gravatar service is used to fetch avatars matching the e-mail senders. In doing so, a SHA-256 hash of each sender’s email address is transmitted to the Gravatar service. With current cryptographic technology, the e-mail address itself cannot be retrieved from the hash. The Gravatar service is operated by Automattic Inc.
