In the following policy, Silverfox Email refers to the service offered by Silverfox Email (the “Company” or “We”) through the silverfox.email website (the “Service”). This Privacy Policy explains (i) what information we collect through your access and use of our Service (ii) the use we make of such information; and (iii) the security level we provide for protecting such information.
By visiting silverfox.email and using the Services provided here, you consent to the terms outlined in this privacy policy.
Legal Framework
The Company is domiciled in the State of Maryland, United States of America. Data storage infrastructure is located within both the United States and the Netherlands.
Under U.S. law, the technical means for lawful interceptions of customer communications is governed by the Communications Assistance for Law Enforcement Act (CALEA). In CALEA, the obligation to provide the technical means for lawful interception is imposed only on Internet access providers and telecommunications carriers and/or manufacturers, so the Company, as an Internet application provider, is not subject to this obligation and cannot be compelled to build in the technical means to intercept customer communications.
Data related to the opening of an account
There is no single principal data protection legislation at the U.S. Federal level as of 2018. The Company will attempt to comply with its own internally developed “common sense” guidelines, but will keep abreast of any changes which we fill may impact customers and provide notifications when deemed appropriate. Any emails provided to Silverfox Email through either our waiting list, optional email verification, or optional notification/recovery email setting in your account, are considered personal data by the Company.
Such data will only be used to contact you with important notifications about Silverfox Email, to send you information related to security, to send you an invitation link to create your Silverfox Email account, to verify your Silverfox Email account, or to send you password recovery links if you enable the option. We may also inform you about new Silverfox Email products in which you might have an interest. You are free, at any given time, to opt-out of those features through the account settings panel.
In order to maintain the integrity of the service, Silverfox Email must take measures to avoid creation of accounts by spammers. This is because if spammers use Silverfox Email to send messages, Silverfox Email’s IP addresses can become blocked by major mail providers such as Gmail, Yahoo, Outlook, etc.
In order to prevent the creation of accounts by spam bots or human spammers, Silverfox Email uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and to determine if you are a spammer.
Data Collection
Our company’s overriding policy is to collect as little user information as possible to ensure a private user experience when using the Service. We also have no technical means to access your encrypted message contents.
Service’s user data collection is limited to the following:
Visiting our website: We employ a local installation of Jetpack analytics for WordPress, an open source analytics tool. Analytics are anonymized whenever possible and stored locally (and not on the cloud).
Account creation: We require you provide your first and last names in order to create an account. You may provide an external email address for notification or password recovery purposes, but this request is optional. Should you choose to provide it, we do associate another email address with your account (for password recovery, or notifications).
Account activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times. We do NOT have access to encrypted message content but unencrypted messages sent from external providers to Silverfox Email are scanned for Spam and Viruses for the protection of our users. We also have access to the following records of account activity: number of messages sent, amount of storage space used, total number of messages, last login time.
Communicating with Silverfox Email: Your communications with the Company, such as support requests, bug reports, or feature requests may be saved by our staff.
IP Logging: By default, Silverfox Email does not keep permanent IP logs. IP logs are sometimes kept to combat abuse and fraud, and your IP address may be retained if you are engaged in activities that breach our terms and conditions (spamming, DDoS attacks against Silverfox Email infrastructure, brute force attacks, etc).
Payment Information: The Company relies on third parties to process credit card, PayPal, and Bitcoin transactions so the Company necessarily must share payment information with third parties. Anonymous cash or Bitcoin payments and donations are accepted however.
Native Applications: When you use our native applications, we (or our mobile app platform providers) may collect certain information in addition to the information mentioned elsewhere in this Policy. We may use mobile analytics software (such as fabric.io app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers so that we can fix bugs rapidly. Some platforms (such as the Google Play Store or the Apple App Store) may also collect aggregate, anonymous statistics like which type of devices and operating systems that are most commonly used (like percentage of Android 6.x vs Android 7.x), the total number of installs, total number of uninstalls, and the total number of active users, and may be governed by the privacy policy and terms and conditions of the Google Play Store or the Apple App Store. None of the software on our apps will ever access or track any location-based information from your device at any time.
Data Use
We do not currently have any advertising on our site. Any data that we do have will never be shared except under the circumstances described below in the Data Disclosure Section. We do NOT do any analysis on the limited data we do possess with two exceptions:
- Emails sent unencrypted to Silverfox Email accounts (e.g. Gmail to Silverfox Email) are scanned automatically for spam so we can block IPs which are sending a lot of spam to Silverfox Email users and place spam messages in a spam directory.
- Inbound messages are scanned for spam in memory, and then encrypted and written to disk. We do not possess the technical ability to scan messages after they have been encrypted.
Emails sent by Silverfox Email users to outside (e.g. Gmail) users with encryption disabled are scanned automatically for spam in the same manner as incoming email. This is to ensure a Silverfox Email account which is being used for spamming purposes can be detected and locked so email deliverability for legitimate users is not degraded.
Data Storage
All servers used in connection with the provisioning of the Service are located either in the United States or the Netherlands. We do not currently own our servers, but we attempt to source our storage and computing requirements only from companies who hold the same values and commitments to privacy which the Company holds. Data is always stored in encrypted format on our servers. Offline backups may be stored periodically, but these are also encrypted. We do not possess the ability to access any user encrypted message content on either the production servers or in the backups.
Right to Access, Rectification, Erasure and Portability
Through the Service, you can directly access, edit, delete or export personal data processed by the Company in your use of the Service.
If your account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support.
Data Retention
When a Silverfox Email account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days.
Data Disclosure
We will only disclose the limited user data we possess if we receive notice regarding a court order that is coming from the two authorities we are legally obligated to recognize: the Courts of the State of Maryland or applicable United States Federal Courts. While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person, and provide a formal response.
If a request is made for encrypted message content that Silverfox Email does not possess the ability to decrypt, the fully encrypted message content may be turned over. If permitted by law, Silverfox Email will always contact a user first before any data disclosure. If legally allowed, we will attempt to notify the target of a data request, although such notification may come from the authorities and not from the Company.
Silverfox Email may from time to time, contest court orders if there is a public interest in doing so. In such situations, the Company will not comply with the court order until all legal or other remedies have been exhausted. Therefore, not all court orders described in our Transparency Report will lead to data disclosure.
Affiliated Services
Silverfox Email does not currently have any affiliated services.
Modifications to Privacy Policy
Silverfox Email reserves the right to periodically review and change this policy from time to time and we will notify users who have enabled the notification preference about changes to our Privacy Policy. Continued use of the Service will be deemed as acceptance of such changes.
Applicable Law
This Agreement shall be governed in all respects by the substantive laws of the State of Maryland. Any controversy, claim, or dispute arising out of or relating to the Agreement shall be subject to the jurisdiction of the competent courts of the State of Maryland, the jurisdiction of the applicable United States Federal Courts being expressly reserved.