Privacy Policy

Last updated: February 2026

1. Introduction

MailflowMon ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

2. Data We Collect

We collect the following types of data:

  • Account information: Name, email address, and hashed password when you register.
  • Domain data: Domain names you add for monitoring, along with DNS verification records.
  • Monitoring data: Email delivery test results including round-trip times, delivery status, SPF/DKIM/DMARC authentication results, and email headers.
  • Alert configurations: Email addresses and webhook URLs you configure for alerts.
  • Usage data: Login timestamps, session data, and API usage for security and rate limiting.
3. How We Use Your Data

Your data is used solely for:

  • Providing the email monitoring service (sending test emails, receiving results, generating statistics)
  • Sending you alert notifications when monitoring thresholds are triggered
  • Sending service-related communications (verification emails, password resets, activity reminders, announcements)
  • Maintaining security (rate limiting, session management, preventing abuse)

We do not sell, share, or transfer your personal data to third parties for marketing purposes.

4. Data Retention

We retain data according to the following schedule:

Data TypeRetention Period
Raw test results3 days
Hourly statistics7 days
Daily statistics30 days
Weekly statistics365 days
Alert logs90 days
Account dataUntil account deletion

Expired data is automatically purged by our cleanup processes.

5. Server Location & Security

Our servers are located in Germany and Switzerland, within the European Union and European Economic Area. All data is stored and processed in accordance with EU data protection standards.

We implement the following security measures:

  • Passwords are hashed using bcrypt (never stored in plaintext)
  • CSRF protection on all form submissions
  • Rate limiting on authentication and API endpoints
  • Session tokens with secure, httpOnly cookies
  • All connections encrypted via TLS/SSL
6. GDPR Compliance

As our servers are in Germany/Switzerland, we comply with the General Data Protection Regulation (GDPR). You have the following rights:

  • Right of access: You can view all your data through your account dashboard.
  • Right to rectification: You can update your profile information in the Settings page.
  • Right to erasure: You can request account deletion by contacting us. Inactive accounts are automatically cleaned up after 13 months of inactivity.
  • Right to data portability: Your monitoring data is accessible via our REST API in JSON format.
  • Right to object: You can disable any monitoring or alert at any time.
7. Cookies

We use a single session cookie (mailflowmon_session) for authentication. We do not use tracking cookies, analytics cookies, or any third-party cookies.

8. Third-Party Services

We use Bootstrap (CSS/JS framework) loaded from a CDN for the user interface. No personal data is shared with this CDN. We do not integrate with any analytics, advertising, or social media platforms.

9. Data Deletion

You can delete your account at any time by contacting us. Upon deletion, all your personal data, domains, monitors, and associated test results will be permanently removed.

Accounts inactive for 12 months will be suspended, and deleted 30 days after suspension if no activity is confirmed.

10. Contact

For any privacy-related questions or data requests, please reach out via our contact form.