Privacy Policy
Last updated: March 25, 2026
1. Introduction
PikoMails (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our email hosting services at pikomails.com and related services.
2. Information We Collect
Account Information: When you register, we collect your name, email address, organization name, and country. If you sign up via Google OAuth, we receive your name and email from Google.
Payment Information: We collect phone numbers for mobile money payments (MTN MoMo, Airtel Money). Card payments are processed by third-party providers — we never store card numbers.
Email Content: We store emails on our servers to provide our hosting service. We never read, scan, analyze, or mine your email content for any purpose including advertising.
Usage Data: We collect mailbox count, storage usage, and email volume for billing and service management. We do not track email content or recipients.
3. How We Use Your Information
- To provide and maintain our email hosting service
- To process payments and manage subscriptions
- To send service-related communications (billing, outages, security)
- To provide customer support
- To enforce our Terms of Service
We do NOT use your information to:
- Target advertisements
- Build user profiles for third parties
- Scan or read your email content
- Sell or share data with advertisers
4. Data Security
We implement industry-standard security measures:
- TLS 1.3 encryption for all email connections (IMAP/SMTP)
- SPF, DKIM, and DMARC authentication on all domains
- Encrypted password storage (bcrypt with 12 rounds)
- Spam and virus filtering via Rspamd and ClamAV
- Regular automated backups
- Infrastructure monitoring 24/7
5. Data Sharing
We do not sell, trade, or share your personal data with third parties except:
- Payment processors: Wistfare (for MTN MoMo/Airtel Money) receives your phone number to process payments
- Legal requirements: If required by law, court order, or government request
- Service protection: To prevent fraud, abuse, or security threats
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and email content within 30 days. Billing records may be retained for up to 7 years for legal compliance.
7. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your emails
- Object to data processing
To exercise these rights, contact us at privacy@pikomails.com
8. Cookies & Tracking
We use minimal cookies strictly necessary for the service to function:
- Authentication tokens: Stored in localStorage to keep you logged in. No tracking cookies.
- Theme preference: Stores your light/dark mode choice locally.
- Sidebar state: Remembers if you collapsed the sidebar.
We do NOT use:
- Google Analytics or any third-party analytics
- Advertising cookies or tracking pixels
- Social media tracking scripts
- Fingerprinting or cross-site tracking
9. Legal Basis for Processing
We process your data on the following legal bases:
- Contract performance: Processing your emails, managing your account, and providing the service you signed up for
- Legitimate interest: Service security, fraud prevention, infrastructure monitoring
- Legal obligation: Retaining billing records for tax and regulatory compliance
- Consent: Marketing communications (you can unsubscribe at any time)
10. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data shared |
|---|---|---|
| Wistfare | Payment processing (MoMo/Airtel) | Phone number, amount |
| Google OAuth | Optional sign-in | Name, email (only if you choose Google login) |
| Contabo | Server infrastructure | Encrypted data at rest |
| Cloudflare | DNS management | Domain records |
| Let's Encrypt | SSL certificates | Domain names only |
11. International Data Transfers
Your email data is stored on servers located in Europe (Germany). If you access PikoMails from outside Europe, your data is transferred internationally to provide the service. We ensure appropriate safeguards are in place for all data transfers.
12. Children's Privacy
PikoMails is a business service not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
13. Data Breach Notification
In the event of a data breach that affects your personal data, we will:
- Notify affected users within 72 hours of becoming aware of the breach
- Report to relevant data protection authorities as required by law
- Provide details of what data was affected and steps we are taking
- Offer guidance on steps you can take to protect yourself
14. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes via email or dashboard notification at least 30 days before they take effect. Continued use of PikoMails after changes constitutes acceptance.
15. Contact & Data Protection
For any privacy-related inquiries, data access requests, or complaints:
Privacy Email: privacy@pikomails.com
General Support: hello@pikomails.com
Address: PikoMails, Kigali, Rwanda
We aim to respond to all privacy requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.