Privacy Policy

Last updated: June 10, 2026

1. Who we are

The data controller for personal data described in this policy is Redbeard Innovation Kft., registered at Vöröskereszt utca 14. 1. emelet 5, 1033 Budapest, Hungary, operator of the service at llmail.dev ("llmail", "we", "us"). Contact us about privacy at legal@llmail.dev.

2. Scope

This policy covers personal data we process in connection with our public website, the dashboard, and the REST API at llmail.dev. It does not cover third-party services you choose to connect to (your mailbox providers, your SMTP relay, your webhook endpoints), which have their own privacy practices.

3. Controller and processor roles

We act as a controller for personal data we collect to administer our relationship with you: the email address you sign up with, password hash, organisation details, billing identity, and similar account information.

We act as a processor for personal data contained in the email and attachments that flow through the mailboxes you connect to the Service, where you (the Customer) are the controller. Those processing activities are governed by our Data Processing Addendum.

4. Data we collect and store

4.1 Account and organisation

• Email address (used as your login).
• Password hash (we never store the plaintext password).
• Account timestamps (sign-up date, last login).
• Organisation name, slug, and tier.
• Webhook URL and an organisation-level webhook signing secret.
• API key names, the SHA-256 hash and short prefix of each key, and last-used timestamps. We do not store the full API key after issue; the plaintext key is shown to you once at creation.

4.2 Connected mailboxes

For each mailbox you connect we store the email address, display name, IMAP and SMTP host/port/TLS settings, and the username used to authenticate. IMAP and SMTP passwords are encrypted at rest using a Fernet key held outside the database.

4.3 Email content

When you connect a mailbox, the Service polls it from the moment of connection. On first poll the existing inbox history is skipped; only mail arriving after the inbox is connected is ingested.

For each ingested message we store:

• The full raw payload retrieved from your mailbox, including sender, recipients, subject, date, all headers, plain-text body, HTML body, and attachment metadata.
• A parsed customer payload (Markdown body, derived threading fields, attachment URLs) that we deliver to your webhook URL or return through the polling API.
• Attachment files on the file system, keyed by organisation and attachment UUID. Attachments are stored regardless of plan; the plan tier governs whether they can be downloaded.
• Webhook delivery records (target URL, attempts, response status, and up to the first 2,000 characters of the response body from your endpoint, used for debugging delivery failures).

Outbound mail submitted through POST /api/v1/{slug}/send is relayed through your SMTP server and is not stored by us beyond transient processing.

4.4 Billing

If you upgrade to a paid plan, we store your Stripe customer and subscription identifiers, subscription status and interval, and the billing identity you enter on the Billing page (company name, VAT/tax ID, postal address, country). Payment method data (card numbers, bank details) is handled directly by Stripe; we do not store it.

4.5 Operational logs

For each HTTP request our application logs a request ID, method, path, response status, duration, and (if you are signed in) your user ID. Application logs do not record request or response bodies. Our web server's access logs may record the client IP address and user agent. If we have enabled Sentry, application errors are sent to Sentry with default personally identifiable information disabled.

5. How we use this data

• To operate the Service: poll mailboxes, parse mail, sign and deliver webhooks, serve the polling API and dashboard.
• To bill and invoice you for paid plans, including tax handling.
• To send transactional account email (email verification, password reset, billing notices).
• To debug delivery failures and operational issues.
• To detect and respond to abuse, fraud, and security incidents.
• To comply with legal obligations (for example, tax record-keeping).

We do not run advertising on the Service and we do not sell your personal data. We do not run language models or other AI inference over the content of your mail.

6. Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, our legal bases are:

• Performance of a contract for processing needed to provide the Service you signed up for.
• Legitimate interests for service security, abuse prevention, and limited operational logging.
• Legal obligation for tax and accounting records.
• Consent where required for specific optional features (for example, future marketing email; today we do not send marketing email from the Service).

7. Sub-processors and recipients

We share personal data with a small set of service providers to run the Service. The current list is maintained in our Data Processing Addendum and includes, by category:

• Cloud hosting and managed infrastructure ([TBD]).
• Stripe (billing identity and subscription metadata).
• The transactional email provider you configure us to use for account email ([TBD]).
• Sentry, if error monitoring is enabled (errors without default PII).

In addition, parsed inbound mail is transmitted to webhook URLs you configure. You control those endpoints and act as the data controller for the data we send to them.

The public marketing and dashboard pages load styling and a small amount of JavaScript from third-party CDNs (currently Tailwind's CDN, jsDelivr, and unpkg). When your browser fetches those assets, the CDN operators may log your IP address and user agent under their own policies.

8. International transfers

Our infrastructure and some sub-processors may be located outside the EEA or your country of residence. Where this is the case, transfers rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, supplemented by additional measures where required. Current hosting region: [TBD].

9. Retention

We are honest about what is automated today versus on request:

• Account and billing data: kept while your account is active and for the period required for tax, accounting, and legitimate-interest purposes after closure.
• Connected mailbox configuration: deleted when you remove the mailbox from the dashboard.
• Inbound email content and attachments: retained until you ask us to delete them. The Service does not currently run a scheduled deletion job for ingested email; removing a connected mailbox from the dashboard removes its configuration but does not by itself purge historical email content stored from prior polls. You can request deletion of all stored mail and attachments for your organisation by emailing legal@llmail.dev.
• Webhook delivery records and operational logs: kept for debugging and security and pruned over time.
• Backups: database snapshots and attachment archives are kept on a rolling schedule (currently 14 daily, 8 weekly, and 12 monthly retention windows). Deletions from the live system age out of backups within those windows.

10. Security

We use industry-standard technical and organisational measures, including:

• HTTPS in transit, with HSTS on the public service.
• Fernet encryption at rest for mailbox passwords.
• Password hashing with Django's default hasher.
• HMAC-signed outbound webhooks so you can verify their origin.
• Role-based access to the dashboard and admin tooling.
• Secure session and CSRF cookies in production.

No system is perfectly secure. Notify us at legal@llmail.dev if you believe your account or the Service has been compromised.

11. Cookies

The Service sets a session cookie and a CSRF cookie for signed-in users; both are first-party and necessary for the dashboard, billing flow, and API key management to work. We do not set advertising or analytics cookies. As described in section 7, the third-party CDNs that serve our front-end assets may set their own cookies under their own policies; we do not place them.

12. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to our processing of your personal data, to port your data, and to withdraw consent. Today these rights are handled manually: email legal@llmail.dev from the address on your account (or another address you can verify) and we will respond within the statutory time frame for your jurisdiction. Self-service export and delete-account tooling is on our roadmap.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data-protection supervisory authority.

13. Children

The Service is not directed at, and we do not knowingly collect data from, anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it.

14. Changes to this policy

We may update this policy from time to time. We will update the "last updated" date at the top of this page; for material changes we will give reasonable advance notice through the dashboard or by email to the address on your account.

15. Contact

Privacy questions, rights requests, and security reports: legal@llmail.dev.