Tavomail Open Webmail

Privacy Policy

Last updated: 13 July 2026

Tavomail ("we", "us") provides custom-domain email hosting at tavomail.com and mail.tavomail.com, including webmail and mobile applications (together, the "Service"). This policy explains what we collect, why, and the choices you have. The short version: your mail is yours. We don't sell data, we don't show ads, and we don't profile you.

1. Information we process

  • Account information. Your name, email address, domain name, and authentication data (password hashes, two-factor secrets, app passwords). Passwords are stored only as secure hashes.
  • Email content. Messages, attachments, folders, and contacts you store with the Service. We process this content solely to provide the Service (delivery, storage, search, spam and virus filtering) — never for advertising or profiling.
  • Technical logs. Standard server logs (IP address, timestamps, protocol events) kept for security, abuse prevention, and troubleshooting, and rotated on a short schedule.
  • Push notification tokens. If you enable notifications in our apps, we store a device token so our server can tell your device that new mail arrived. Notification delivery uses Apple Push Notification service and Firebase Cloud Messaging as transport.

2. What we do not do

  • We do not sell or rent your data to anyone.
  • We do not scan your mail for advertising or build marketing profiles.
  • We do not place third-party trackers on this website or in our apps.

3. Where your data lives

The Service runs on dedicated servers located in the European Union (Germany). Mail is encrypted in transit (TLS) and stored on encrypted infrastructure with encrypted off-site backups. Backups exist to protect you against data loss and are retained on a rolling schedule.

4. Third parties we rely on

  • Infrastructure providers that host our servers in the EU.
  • Outbound mail relays used to maximise deliverability of the mail you send.
  • Apple / Google push services to deliver new-mail notifications to your device. Notification payloads are limited to sender and subject.

Each provider processes only what is necessary to perform its function.

5. Retention and deletion

Your mail stays until you delete it or close your account. When an account is deleted, its data is removed from active systems promptly and ages out of backups on the backup rotation schedule. You can export your mail at any time using standard protocols (IMAP) or by asking us.

6. Security

We use TLS for all connections, support two-factor authentication and app passwords, run inbound virus scanning, sign our DNS with DNSSEC, and keep systems patched and firewalled. No system is perfectly secure, but security is a first-class design goal of the Service — not an afterthought.

7. Legal requests

We disclose data only when legally compelled by a valid order applicable to us, and we limit any disclosure to what is specifically required.

8. Your rights

You may access, correct, export, or delete your personal data. Contact us and we'll help — usually the same day.

9. Changes

If we change this policy, we'll update the date above and, for material changes, notify you by email.

10. Contact

Questions or requests: hello@tavomail.com

© 2026 Tavomail
Home Privacy Terms