Skip to main content
Back to news
Legal

Finmail Privacy Policy

Finmail Legal

Finmail Privacy Policy

Finmail Limited processes personal data for enterprise webmail customers, demo visitors, and account holders. This page summarizes key points; the authoritative Privacy Policy is published at /en/legal/privacy.

Highlights

  • Production hosting: Application metadata, compliance audit logs, and outbound queue records are hosted in US datacenter infrastructure (Virginia). Message bodies remain on customer-controlled IMAP infrastructure.
  • Entities: Commercial operations through Finmail Limited (Hong Kong); engineering assets maintained by our Shanghai R&D entity. R&D environments do not store production credentials; production access is least-privilege, MFA-protected, and audited.
  • AI features: When enabled, AI processing is scoped to your account. Private emails and financial documents are not used to train generalized AI models.
  • Vault: Encrypted device sync payloads are stored as ciphertext only; Finmail cannot decrypt Vault blobs without your local master password.
  • No sale of personal data: We do not sell personal data or use it for cross-context behavioral advertising as defined under CPRA.

Your rights

Contact [email protected] for access, correction, or deletion requests, subject to regulatory and Legal Hold obligations.

Full policy

For cookies, subprocessors, international transfers, retention schedules, and jurisdiction-specific rights, read the complete Privacy Policy.