Data Retention Policy

1. Data Retention Statement

As a company, we are fully aware of the importance of protecting our users personal data and we endeavour to always minimize and protect any personal data that we hold. We never share personal data with other companies for any purpose other than to provide the service itself.

For the data that we do hold we have strict policies on how that data is stored and how long we will retain it for, this page documents our general data retention policies.

2. Summary

Data DescriptionRetention PeriodRequest DeletionRequest Access
Customer Account DataLife of account + 4 MonthsYesYes
Financial Data6 Years & 1 MonthNoYes
Customer Communication3 Years & 1 MonthYesYes
Network Connections (logs)6 Years & 1 MonthNoNo
Message Submission (logs)6 Years & 1 MonthNoNo
Message Delivery (logs)6 Years & 1 MonthNoYes
Message Submission (database)Last 5000 MessagesYesYes
Message Delivery (database)Last 5000 MessagesYesYes

3. Customer Account Data

Data Elements

For each customer account we collect and store the following static elements of data:

  • Account Username (Required - Permanent)
  • Password, Control Panel (Required - Permanent)
  • Password, SMTP (Required - Permanent)
  • Default Billing, First Name
  • Default Billing, Last Name
  • Default Billing, Company Name
  • Default Billing, Company VAT No.
  • Default Billing, Postal Address
  • Default Billing, Postcode
  • Default Billing, Country
  • Admin Email Address
  • Complaints Email Address
  • Authorized From Addresses (and related configuration)

We also store the following non-specific data per account:

  • Automated Complaints
  • Manual Complaints
  • Troubleshooting and diagnostic data
  • Account Configuration

Retention Period

Some of this data is fundamental to your account (marked as 'required') on our systems so they cannot be deleted, any other elements of data can be deleted as part of a data deletion request but you may be required to re-populate them if you wish to continue using the account because they are an instrinc requirement of using the service and / or its features.

We will retain this data indefinitely whilst you maintain an active subscription, if you don't ask us to delete this data as part of a deletion request, we will delete it a maximum of 4 months after the expiry date of your account upon cancellation.

4. Financial Data

Data Elements

For each financial transaction on each account, we collect and store the following elements of data:

  • Transaction Date / Time
  • Transaction ID
  • Transaction Amount
  • Transaction Description
  • Transaction Currency
  • Payer Name
  • Payer Company Name
  • Payer Company VAT No.
  • Payer Postal Address
  • Payer Email Address
  • Payer Country of Residence

Retention Period

As a UK registered company, we are required by law under the Companies Act 2006 to maintain records of all financial transactions.

For this reason we retain this data under all circumstances for a period of 6 years after which it will automatically be deleted, it will not be deleted as part of a data deletion request.

5. Customer Communication

Data Elements

For each communication that we have with our customers via direct email or the control panel an email message will be generated, we collect and store the following elements of data:

  • Date / Time
  • Source IP address
  • From address
  • Recipient address
  • Message Headers
  • Message Body (user submitted data)

Retention Period

We will retain these messages for up to a maximum of 3 years and 1 months. They can be deleted as part of a data deletion request.

Each email message will also generate a system log entry containing points 1, 2, 3 and 4. We will retain this data in fully encrypted, offline archive files for a maximum of 6 years and 1 month.

6. Network Connection (with successful authentication challenge)

Data Elements

When an account user connects and sucessfully authenticates with our network we collection the following data elements:

  • SMTP Username
  • Date / Time
  • Source IP address
  • Summary of event

Retention Period

In order to respond to any contractual legal claims we will retain this data in fully encrypted, offline archive files for a maximum of 6 years and 1 month.

7. SMTP Message Submission

Data Elements

When an account user submits a messages to our network we collect the following elements of data:

  • Message UUID
  • Message ID
  • Date / Time
  • Source IP address
  • Relay Address (duplication)
  • From addresses
  • Recipient addresses
  • Message Header, Subject
  • Message Headers (deleted after delivery)
  • Message Body (deleted after delivery)

Retention Period

Message headers and message body are deleted once a message has been delivered or failed / notified, the message subject line is retained along with the other data elements listed above.

The data is stored in two locations with different data retention periods:

System Databases
  • The records are retained for the last 5000 messages sent on a rolling basis.
  • If you cancel your account we will delete these records a maximum of 4 months later, they can be deleted as part of a data deletion request.
System Logs
  • In order to respond to any contractual legal claims we will retain this data fully encrypted, in offline archive files for a maximum of 6 years and 1 month.
  • These records will not be processed and cannot be deleted as part of a data deletion request.

8. SMTP Message Delivery

Data Elements

When we deliver a messages submitted to our network by an account user we collect the following elements of data in our system databases:

  • Linked Account Username
  • Message UUID
  • Message ID
  • Date / Time
  • Delivery IP address
  • Relay Address (duplication)
  • From addresses
  • Recipient addresses
  • Message Header, Subject
  • Message Headers (deleted after delivery)
  • Message Body (deleted after delivery)
  • Delivery Response

Retention Period

Message headers and message body are deleted once a message has been delivered or failed / notified, the message subject line is retained along with the other data elements listed above.

The data is stored in two locations with different data retention periods:

System Databases
  • The records are retained for the last 5000 messages sent on a rolling basis.
  • If you cancel your account we will delete these records a maximum of 4 months later, they can be deleted as part of a data deletion request.
System Logs
  • In order to respond to any contractual legal claims we will retain this data fully encrypted, in offline archive files for a maximum of 6 years and 1 month.
  • These records will not be processed and cannot be deleted as part of a data deletion request.

9. Micellaneous Data

  • Non delivery reports
  • Quarantined email

10. Disclaimer

We have endeavoured to include in this policy a description of each and every element of data that we store. However, for technical reasons they are subject to variation, but the data retention policies per category will still apply to any data elements not documented in this policy.

11. Changes to this policy

11.1. This policy is effective as of ​the 25th of May 2018 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

11.2. The Vendor reserves the right to update or change the policy at any time and the Visitor should check this policy periodically. The continued use of the Website and / or Service after the Vendor posts any modifications to the policy on this page will constitute the Visitors acknowledgment of the modifications and consent to abide and be bound by the modified policy.

11.3. If the Vendor make any material changes to the policy, the Vendor will notify by placing a prominent notice in the Control Panel.

12. Current Version

The version reference for this data retention policy is:

DRP-1.0.1