Privacy Policy

HavitoMail (“we”, “us”, “our”) operates the business email platform at havitomail.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2.1 Information You Provide Directly

• Account registration: Name, email address, password (hashed), and role
• Domain configuration: Domain names, DNS settings, mailbox usernames
• Payment information: Processed by our payment provider; we store only transaction IDs and plan details — never raw card numbers
• Support communications: Messages you send to our support team

2.2 Information Collected Automatically

• Log data: IP addresses, browser type, pages visited, timestamps, and HTTP request data
• Session data: Authentication tokens stored as secure HTTP-only cookies
• Email metadata: Sender, recipient, subject, and timestamp of emails processed through our server (not email body content for analytics)

2.3 Information from Third Parties

• DNS lookup results from public resolvers (8.8.8.8, 1.1.1.1) to verify your domain configuration
• IP reputation data to protect our mail server infrastructure

We use the information we collect to:

• Provide, operate, and maintain the Service
• Create and manage your account and mailboxes
• Process payments and manage subscriptions
• Send transactional emails (account confirmation, password reset, invoice)
• Respond to your support requests and inquiries
• Monitor and improve the security and performance of our infrastructure
• Comply with legal obligations and enforce our Terms of Service
• Detect and prevent fraud, spam, and abuse

We do not use your email content for advertising, profiling, or any purpose other than delivering the email service you requested.

Your data is stored on servers in India. We implement industry-standard security measures including:

• TLS/SSL encryption for all connections (SMTP, IMAP, HTTPS)
• Hashed passwords using bcrypt (never stored in plaintext)
• Secure HTTP-only session cookies
• Regular security updates to all server components
• DKIM signing, SPF, and DMARC enforcement for email authentication
• Firewall and DDoS protection on our infrastructure

While we take all reasonable precautions, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

We retain your data as follows:

• Account data: Retained while your account is active. Deleted within 30 days of account closure upon request
• Email data: Emails stored in your mailbox until you delete them or close your account
• Log data: Server logs retained for up to 90 days for security and debugging purposes
• Payment records: Retained for 7 years as required by Indian accounting regulations

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service providers: Payment processors, email infrastructure providers who process data on our behalf under strict confidentiality agreements
• Legal requirements: If required by law, court order, or government authority
• Protection of rights: To enforce our Terms of Service, protect our rights, or prevent fraud and abuse
• Business transfers: In the event of a merger, acquisition, or sale of all or part of our assets, with notice to affected users

We use the following cookies:

• Session cookies: Strictly necessary for authentication — expire when you close the browser or log out
• Preference cookies: Store your UI theme and settings — can be cleared anytime

We do not use advertising cookies, Google Analytics, Facebook Pixel, or any third-party tracking scripts on the mail platform. The landing page may use basic analytics.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your data in certain circumstances

To exercise these rights, email us at privacy@havitomail.com. We will respond within 30 days.

HavitoMail is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us personal information, please contact us immediately.

Our Service may contain links to third-party websites (e.g., Google Search Console, domain registrars). We are not responsible for the privacy practices of these sites and encourage you to review their privacy policies.

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a prominent notice on the Service at least 7 days before the changes take effect. Your continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related questions, data requests, or concerns: