Maildep Privacy Policy

Maildep Ltd ("Maildep", "we", "us") designs software infrastructure for email automation, payments enablement, and marketplace orchestration. This Privacy Policy explains how we approach personal information within our business operations and how we empower you to retain control over your data.

Maildep operates as an infrastructure provider. We do not monetize, profile, or redirect user data. We deliberately architect the Services so that you can self-host or maintain full control of the environments in which any personal data is processed.

Our commitment to privacy is driven by a small set of non-negotiable principles:

• Data minimisation: we only collect the absolute minimum required to provide account access and support.
• Infrastructure-first design: you decide where the Services run and which datasets are ingested.
• No resale or advertising: we never sell, rent, or share personal data with advertisers or data brokers.
• Transparency and control: you can audit, export, or delete the limited personal data we store at any time.
• Security-by-default: encryption in transit, hardened deployment templates, and operational safeguards protect your environments.

Maildep itself collects very little information, and only for administrative purposes. Depending on how you engage with us, we may process the following limited categories of data:

• Account contact data such as name, business email address, and organisation details when you sign up for an account or request a demo.
• Operational correspondence, including support tickets and integration queries that you voluntarily submit.
• Billing metadata such as invoicing contacts and transaction references when you purchase a paid subscription directly from Maildep.
• Telemetry you explicitly enable for troubleshooting. Telemetry is opt-in, scoped, and can be disabled at any time. We provide documentation for self-hosted deployments that allows you to inspect every field transmitted.

We do not automatically collect or retain end-user content, business messages, email bodies, payment payloads, or marketplace transaction details. Those flows run entirely within the infrastructure you configure, whether self-hosted or on infrastructure you control.

We do not deploy third-party analytics scripts, marketing pixels, or behavioral trackers across our properties. We do not track users across sites or build advertising audiences.

If you process personal data through a solution built on top of the Services (for example, AI-generated email replies or cryptocurrency payment records), you act as the controller of that data. Maildep acts solely as a processor or sub-processor, and only to the extent you direct us to host or process information within managed environments.

For self-hosted or hybrid deployments, you maintain exclusive control over data residency, retention schedules, access privileges, and compliance obligations. Maildep has no visibility into the datasets that reside entirely within your infrastructure.

Where the United Kingdom General Data Protection Regulation (UK GDPR) or similar laws apply, our legal bases for processing the limited personal data described above include:

• Performance of a contract: to provision accounts, respond to requests, and deliver the Services you purchase.
• Legitimate interests: to maintain platform security, prevent abuse, and measure service health, always balanced against your rights and expectations.
• Consent: for optional diagnostics, beta programs, or marketing communications, which you can decline or withdraw at any time.

Maildep does not directly process or store payment card numbers, bank details, or cryptocurrency private keys. If you enable payment-related modules, settlement occurs between you and the partners you configure.

Any references to payment workflows within the Services describe software capabilities only. You remain responsible for implementing compliant financial operations, including customer due diligence, tax reporting, and regulatory licensing.

Our marketing site uses only essential cookies required to deliver the site securely. We do not deploy advertising cookies or cross-site tracking technologies. For authenticated areas, we may use session cookies or secure tokens to maintain your logged-in state; these expire when you sign out or after inactivity.

You can configure your browser to block cookies, but doing so may limit access to authenticated portions of the Services.

We limit sub-processor engagements to providers that support core business functions such as cloud hosting, customer support, or billing. Each provider is bound by contractual obligations to safeguard personal data and to process it only according to our documented instructions.

A current list of sub-processors is available upon request. We will notify you of material changes and allow an opportunity to object where required by applicable law.

We implement technical and organisational measures aligned with industry standards, including encryption in transit, network segmentation, role-based access control, multi-factor authentication for administrative systems, and routine vulnerability assessments.

Because you control the environments where most personal data is stored, you are responsible for configuring your deployments to meet your security, compliance, and resilience requirements. We provide reference architectures, hardening guides, and incident response playbooks to assist you.

Maildep retains the limited account and support data described in Section 3 only for as long as necessary to provide the Services, resolve disputes, or meet legal obligations. When data is no longer needed, we securely delete or anonymise it.

You control retention schedules for any operational data processed within your infrastructure.

Maildep is based in the United Kingdom. When we transfer personal data to service providers located outside the UK or European Economic Area, we rely on lawful transfer mechanisms such as adequacy decisions, Standard Contractual Clauses, or equivalent safeguards.

Self-hosted deployments allow you to maintain all personal data within your chosen jurisdiction.

Subject to applicable law, you may have the right to request access to, correction of, or deletion of the personal data we hold about you; to object to or restrict certain processing; and to receive a copy of your data in a portable format.

You can exercise these rights by contacting [email protected]. We will respond within the timeframes required by law. For data processed entirely within your infrastructure, you remain the primary contact for responding to requests from your end users.

The Services are designed for business and professional users. We do not target or knowingly collect personal data from children under 16. If we become aware that a child has provided us with personal information, we will take steps to delete it.

We may update this Privacy Policy to reflect changes in law, technology, or our services. If we make material changes, we will provide notice through our website or via email. The revised Policy will be effective when posted unless otherwise stated.

Your continued use of the Services after the effective date of any update constitutes acceptance of the revised Policy.

For privacy inquiries, data access requests, or security disclosures, contact Maildep Ltd at [email protected] or [email protected], or write to 45 Mornington Crescent, Manchester, England, M14 6DB.

If you are located in the UK or EU, you also have the right to lodge a complaint with your local data protection authority.