Privacy Policy - My Trade Email

1. Introduction

My Trade Email ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email hosting services.

We are registered in the United Kingdom and comply with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Account Information

• Name and contact details (email address, phone number)
• Business name and domain preferences
• Billing information (processed securely by our payment provider)
• Account credentials (passwords are encrypted and never stored in plain text)

Service Data

• Email metadata (sender, recipient, timestamps) for service delivery
• Domain configuration and DNS records
• Support ticket history and communications

Technical Data

• IP addresses and device information for security purposes
• Browser type and operating system
• Usage patterns to improve our services

Mobile App Data

When you use our mobile app, we additionally collect:

• Device identifier (device_install_id) — a persistent identifier used to bind your session to your device for security. It is not shared with third parties and is deleted when you delete your account.
• Push notification tokens (APNs for iOS, FCM for Android) — used solely to deliver notifications you have opted in to. Tokens are not used for advertising or tracking.
• Device metadata (platform, OS version, device model, app version) — used for compatibility, debugging, and service improvements.
• Notification delivery data (delivery status, error codes, timestamps) — used to ensure reliable notification delivery and diagnose failures.
• Action request logs (action type, status, timestamps) — used to process and audit actions you initiate from the app.
• Session data (hashed session tokens, IP address, user agent) — used for authentication, security auditing, and fraud prevention.

3. How We Use Your Information

We use your information to:

• Provide and maintain our email hosting services
• Process payments and manage your subscription
• Send service-related communications and updates
• Respond to support requests and inquiries
• Improve and optimise our services
• Comply with legal obligations
• Protect against fraud and abuse

For mobile app users, we additionally use your information to:

• Deliver push notifications about your email accounts, domains, and orders
• Verify your device identity for secure session management
• Diagnose delivery failures and improve notification reliability

4. Data Storage and Security

Your data is stored securely in UK-based data centres. We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Automated backups and disaster recovery procedures

5. Data Sharing

We do not sell your personal information. We may share data with:

• Payment processors (Stripe) for transaction processing
• Domain registrars for domain registration services
• Infrastructure providers for service delivery
• Analytics and advertising providers (including Umami, Google Ads, and Meta) for campaign attribution and conversion measurement
• Legal authorities when required by law

6. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Data portability
• Withdraw consent at any time

To exercise these rights, contact us at privacy@mytrademail.co.uk.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account closure, we retain certain data for legal and business purposes (typically 7 years for financial records). Email content is deleted within 30 days of account termination.

Mobile App Data Retention

• Device records — sessions are revoked when you sign out. Device records are permanently deleted when you delete your account.
• Push notification tokens — expired or invalid tokens are purged periodically.
• Notification delivery logs — typically retained for up to 90 days, then deleted or aggregated for service monitoring.
• Action request logs — typically retained for up to 180 days, then permanently deleted.
• Security audit logs — retained for up to 2 years for fraud prevention and regulatory compliance.

8. Cookies

We use cookies and similar technologies for:

• Essential cookies for authentication, security, and account sessions
• Analytics measurement (including Umami) to understand site usage and improve the product experience
• Advertising attribution and conversion tracking (including Google Ads and Meta Pixel)

These technologies may collect technical data such as IP address, device/browser information, page views, and conversion events. You can manage cookie preferences in your browser settings and ad controls; disabling some cookies may reduce site functionality.

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or through our service. Continued use after changes constitutes acceptance of the updated policy.