Skip to main content
MailVeil

Privacy Policy

MailVeil — Email Alias Service

Last updated: 21 February 2026

1. Introduction

MailVeil ("we", "our", "the Service") is operated by RICHARD FLINT LTD. This Privacy Policy explains how we collect, use, and protect your information.

2. Information We Collect

2.1 Authentication Data

  • **Nostr Public Key (npub):** Used to identify your account
  • We do not have access to your private key

    • 2.2 Alias Data

  • Alias addresses you create
  • Destination email addresses for forwarding
  • Labels/notes you add to aliases (optional)
  • Alias creation and modification timestamps

    • 2.3 Email Metadata

  • **Debug Mode:** We log email metadata (sender, subject, timestamp) for troubleshooting
  • **Zero-Knowledge Mode:** When enabled, we do not log email content or metadata beyond what's necessary for immediate forwarding

    • 2.4 Payment Information

  • Bitcoin Lightning payment records
  • Transaction timestamps and amounts
  • We do not collect or store traditional payment card information

    • 2.5 Geographic Data (GeoIP)

    We collect GeoIP data at the point of sale for tax compliance purposes.

    This includes:

  • IP address at time of purchase
  • Derived geographic location (country level)
  • Timestamp of collection

    • Legal Basis: This collection is necessary for compliance with UK tax obligations regarding the place of supply for digital services. Under GDPR Article 6(1)(c), this constitutes processing necessary for compliance with a legal obligation.

    We use this data to:

  • Determine applicable tax treatment
  • Maintain records required by HMRC
  • Enforce geographic restrictions on the Service

    • This data is retained for the period required by UK tax law (typically 6 years).

    3. How We Use Your Information

    We use collected information to:

  • Provide and maintain the Service
  • Process payments and subscriptions
  • Forward emails to your destination addresses
  • Communicate service updates
  • Comply with legal obligations
  • Prevent fraud and abuse

    • 4. Data Retention

  • **Account data:** Retained while your account is active, deleted upon request
  • **Email logs (Debug Mode):** Retained for 30 days
  • **Zero-Knowledge Mode:** No email logs retained
  • **GeoIP/Tax records:** Retained for 6 years per UK law
  • **Payment records:** Retained for 6 years per UK law

    • 5. Data Sharing

    We do not sell your personal data. We may share data with:

  • **Service providers:** Infrastructure (AWS) necessary to operate the Service
  • **Legal authorities:** When required by law

    • 6. Your Rights

    You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (subject to legal retention requirements)
  • Object to processing
  • Lodge a complaint with the Information Commissioner's Office (ICO)

    • 7. Data Security

    We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS)
  • Encryption at rest
  • Access controls
  • Regular security reviews

    • 8. International Transfers

    Your data may be processed in the United Kingdom and other countries where our service providers operate. We ensure appropriate safeguards are in place.

    9. Children's Privacy

    The Service is not intended for users under 18. We do not knowingly collect data from children.

    10. Changes to This Policy

    We may update this Privacy Policy periodically. We will notify you of significant changes via the Service.

    11. Contact

    For privacy inquiries or to exercise your rights, send a Nostr DM to:

    npub1malvel85rjzsucfzczwlh98j7wtyg9jfpj90acmlvzdyfca2rv0qjfu0e4

    Data Controller:

    RICHARD FLINT LTD

    United Kingdom

    This policy complies with UK GDPR and the Data Protection Act 2018.