Privacy/Mail

From Nasqueron Agora
< Privacy
Revision as of 12:06, 26 October 2024 by Dereckson (talk | contribs) (Created page with "This policy applies to personal identity information when using the Nasqueron mail services. This private policy supplements the general private policy to explain the policies and procedures on the collection, use and disclosure of the information, specific to the mail services. The general private policy applies for any point not described otherwise in this policy. ''Last updated:2024-10-26.'' ==...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This policy applies to personal identity information when using the Nasqueron mail services.

This private policy supplements the general private policy to explain the policies and procedures on the collection, use and disclosure of the information, specific to the mail services.

The general private policy applies for any point not described otherwise in this policy.

Last updated:2024-10-26.

Mail infrastructure

When using our mail infrastructure, including our SMTP, IMAP and POP servers, the following privacy policies apply.

Type of data collected

Personally identifiable information may include, but is not limited to:

Mail infrastructure use - SMTP / IMAP / POP
  • IP addresses used to connect to the service
  • IP addresses of other mail servers connecting to the service to transfer mails (SMTP to SMTP)
  • Any contained in the mail c
  • The mail content, including any personally identifiable information it can contain

Retention

When we act as a transfert agent. When sending an e-mail for another mail server, e.g. when you send an e-mail to a @gmail.com address, or any other domain NOT managed on Nasqueron, the mail content and metadata are stored in our server as long as necessary to forward it to the SMTP server, and deleted when that server has acknowledged the mail. Some metadata are logged by the mail server software and are processed according general log retention.

Mail content. When you use a combination of POP and SMTP, the logs are not kept on the server longer than needed for collection and transfer. When you use IMAP, the mails are kept on the server as long as you don't delete them through any IMAP client, including webmails. Webmails normally use IMAP. You're under full control for the retention of any mail you received, but remember the sender has also a copy, and, when a mail is sent to several people, other recipients. You aren't in control of any mail you sent, they're in control, first of the maintainers of the SMTP servers mechanism for exchange and delivery, then of the mail recipients.

Logs. Mail logs are precious to identify pattern of abuses, ongoing attacks, troubleshoot communication issues between servers or clients. We're currently implementing a retention policy and technical mechanism to implement it. Meanwhile, the logs are stored as long there is a legitimate interest to keep the data.

Transfer

The PII is processed only on Nasqueron infrastructure.

Webmail use

Snappymail

Inclusion of sender’s IP address in outgoing e-mails

When using Snappymail to send an email (not to read them), the platform is not anonymous. The system is configured to add an X-Originating-IP header to outgoing messages, which contains the sender's IP address. The HTTP client address, typically the browser's IP address, is used as the source value.

Use of third-party services

Gravatar. When using Snappymail to read email, the Gravatar service is used to fetch avatars matching the e-mail senders. In doing so, a SHA-256 hash of each sender’s email address is transmitted to the Gravatar service. With current cryptographic technology, the e-mail address itself cannot be retrieved from the hash. The Gravatar service is operated by Automattic Inc.

Retrieved from "https://agora.nasqueron.org/index.php?title=Privacy/Mail&oldid=1777"