Privacy/Mail
This policy applies to personal identity information when using the Nasqueron mail services.
This private policy supplements the general private policy to explain the policies and procedures on the collection, use and disclosure of the information, specific to the mail services.
The general private policy applies for any point not described otherwise in this policy.
Last updated:2024-10-26.
Mail infrastructure
When using our mail infrastructure, including our SMTP, IMAP and POP servers, the following privacy policies apply.
Type of data collected
Personally identifiable information may include, but is not limited to:
- Mail infrastructure use - SMTP / IMAP / POP
- IP addresses used to connect to the service
- IP addresses of other mail servers connecting to the service to transfer mails (SMTP to SMTP)
- The mail content, including any personally identifiable information it can contain
Retention
When we act as a transfert agent. When sending an e-mail for another mail server, e.g. when you send an e-mail to a @gmail.com address, or any other domain NOT managed on Nasqueron, the mail content and metadata are stored in our server as long as necessary to forward it to the SMTP server, and deleted when that server has acknowledged the mail. Some metadata are logged by the mail server software and are processed according general log retention.
Mail content. When you use a combination of POP and SMTP, the logs are not kept on the server longer than needed for collection and transfer. When you use IMAP, the mails are kept on the server as long as you don't delete them through any IMAP client, including webmails. Webmails normally use IMAP. You're under full control for the retention of any mail you received, but remember the sender has also a copy, and, when a mail is sent to several people, other recipients. You aren't in control of any mail you sent, they're in control, first of the maintainers of the SMTP servers mechanism for exchange and delivery, then of the mail recipients.
Logs. Mail logs are precious to identify pattern of abuses, ongoing attacks, troubleshoot communication issues between servers or clients. We're currently implementing a retention policy and technical mechanism to implement it. Meanwhile, the logs are stored as long there is a legitimate interest to keep the data.
Transfer
The PII is processed only on Nasqueron infrastructure.
Webmail use
Snappymail
Inclusion of sender’s IP address in outgoing e-mails
When using Snappymail to send an email (not to read them), the platform is not anonymous. The system is configured to add an X-Originating-IP
header to outgoing messages, which contains the sender's IP address. The HTTP client address, typically the browser's IP address, is used as the source value.
Use of third-party services
Gravatar. When using Snappymail to read email, the Gravatar service is used to fetch avatars matching the e-mail senders. In doing so, a SHA-256 hash of each sender’s email address is transmitted to the Gravatar service. With current cryptographic technology, the e-mail address itself cannot be retrieved from the hash. The Gravatar service is operated by Automattic Inc.