Legal
Finmail Privacy Policy
Finmail Legal
Finmail Limited processes personal data for enterprise webmail customers, demo visitors, and account holders. This page summarizes key points; the authoritative Privacy Policy is published at /en/legal/privacy.
Highlights
- Production hosting: Application metadata, compliance audit logs, and outbound queue records are hosted in US datacenter infrastructure (Virginia). Message bodies remain on customer-controlled IMAP infrastructure.
- Entities: Commercial operations through Finmail Limited (Hong Kong); engineering assets maintained by our Shanghai R&D entity. R&D environments do not store production credentials; production access is least-privilege, MFA-protected, and audited.
- AI features: When enabled, AI processing is scoped to your account. Private emails and financial documents are not used to train generalized AI models.
- Vault: Encrypted device sync payloads are stored as ciphertext only; Finmail cannot decrypt Vault blobs without your local master password.
- No sale of personal data: We do not sell personal data or use it for cross-context behavioral advertising as defined under CPRA.
Your rights
Contact [email protected] for access, correction, or deletion requests, subject to regulatory and Legal Hold obligations.
Full policy
For cookies, subprocessors, international transfers, retention schedules, and jurisdiction-specific rights, read the complete Privacy Policy.
