Memphis Network ("Company", "we", "us") operates the Mailflow platform ("Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service. We are committed to protecting your privacy in compliance with applicable data protection laws, including the Brazilian General Data Protection Law (LGPD - Lei 13.709/2018) and the European General Data Protection Regulation (GDPR).
2. Information We Collect
2.1 Account Information
Name and username
Email address
Password (stored as a salted cryptographic hash; we never store plaintext passwords)
Organization/company name
2.2 Email Data
Sender and recipient email addresses
Email subject lines
Delivery status and timestamps
Bounce and complaint notifications
SMTP transaction metadata (Message-ID, headers)
Email message body content is processed transiently for delivery and is not permanently stored on our systems.
2.3 Technical Data
IP addresses
Browser type and version (User-Agent)
Session data and login timestamps
API access logs
3. How We Use Your Information
Service delivery: To process and deliver your transactional emails, provide analytics, and display delivery status.
Account management: To authenticate your identity, manage your account, and communicate about the Service.
Security: To detect, prevent, and respond to fraud, abuse, and security incidents. Session logs (login events, IP addresses) are kept for security auditing purposes.
Improvement: To analyze usage patterns and improve the Service's reliability and performance.
Legal compliance: To comply with legal obligations and respond to lawful requests from authorities.
4. Legal Basis for Processing
Contract performance: Processing necessary to provide the Service you requested.
Legitimate interest: Security monitoring, fraud prevention, and service improvement.
Legal obligation: Compliance with applicable laws and regulations.
Consent: Where required by law, we will obtain your explicit consent before processing.
5. Data Sharing
We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:
Infrastructure providers: Hosting and infrastructure services necessary to operate the platform.
Legal requirements: When required by law, court order, or governmental request.
Business transfers: In the event of a merger, acquisition, or sale of assets, with prior notice.
6. Data Security
We implement industry-standard security measures to protect your information, including:
Encryption in transit (TLS/SSL) for all connections
Mandatory TLS for SMTP communications
Cryptographic password hashing (scrypt)
Session-based authentication with automatic expiration
Access logging and monitoring
Regular security reviews
While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
7. Data Retention
Account data: Retained while your account is active and for a reasonable period after deletion for legal and audit purposes.
Email metadata: Retained for up to 90 days for analytics and troubleshooting.
Session logs: Retained for up to 12 months for security auditing.
Email content: Not permanently stored; purged after delivery processing.
8. Your Rights
Under applicable data protection laws (including LGPD and GDPR), you have the right to:
Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to legal retention requirements.
Portability: Request your data in a structured, machine-readable format.
Restriction: Request restriction of processing in certain circumstances.
Objection: Object to processing based on legitimate interest.
Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at the address below. We will respond within 15 business days.
9. Cookies and Session Data
Mailflow uses essential cookies strictly necessary for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The session cookie is HTTP-only and expires after 8 hours of inactivity.
10. International Data Transfers
Our servers are located in Brazil. If you access the Service from outside Brazil, your data will be transferred to and processed in Brazil. We ensure that appropriate safeguards are in place for any international data transfers in compliance with applicable laws.
11. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact & Data Protection Officer
For any questions, concerns, or requests related to this Privacy Policy or your personal data, contact us: