Legal

Privacy Policy

Effective and last updated: July 17, 2026

This Policy explains how terrible llc processes information when you use terriblemail. For privacy questions or requests, email help@terrible.llc.

1. Information we collect

Account information

We collect your email address, password hash, email-verification status, plan, account preferences, session and API-key records, and support communications. Passwords are stored as one-way hashes. API-key secrets are shown once and stored as hashes.

Message information

To provide email service, we process sender and recipient addresses, subject lines, text and HTML bodies, headers, attachment metadata, raw inbound MIME, delivery status, spam and virus verdicts, message size, and timestamps. Outbound attachment content is processed to send the requested message. Inbound raw messages and attachments are stored in private object storage during their retention period.

Usage and technical information

We process quota usage, request method and path, response status, timing, request identifiers, IP addresses used for security and rate limiting, browser or client information available in infrastructure logs, webhook delivery information, and diagnostic events. We do not intentionally place message subjects or bodies in application logs.

Billing information

Stripe processes payment card and bank information. terriblemail receives customer and subscription identifiers, plan, subscription status, billing periods, and limited transaction metadata. We do not receive or store complete payment-card numbers.

2. Why we process information

Depending on applicable law, our legal bases may include performing a contract, legitimate interests in operating and securing the service, consent, and compliance with legal obligations.

3. Retention

By default, full message content and raw-recovery pointers are retained for 30 days, and remaining message metadata is retained for 90 days. Raw inbound objects expire after 30 days. Operational logs are generally retained for no longer than 30 days. Configuration may use shorter or longer periods when disclosed or reasonably required for security, fraud prevention, dispute handling, legal compliance, or backup integrity.

Account and billing records are retained while the account is active and afterward as reasonably necessary for legal, tax, accounting, security, and dispute obligations. Backups may persist for a limited period before rotation.

4. How we share information

We share information only as needed with infrastructure and service providers, including:

We may also disclose information when required by law; to protect recipients, users, terrible llc, or the public; during a merger, financing, acquisition, or sale; or with your direction or consent. We do not sell personal information or message content.

5. International processing

terriblemail and its providers may process information in the United States and other countries. Where required, we rely on appropriate contractual or legal transfer mechanisms.

6. Security

We use measures designed to protect information, including encryption in transit, private object storage, access controls, credential hashing, bounded message processing, signed webhooks, and restricted runtime permissions. No system is perfectly secure, and we cannot guarantee absolute security.

7. Your choices and rights

You can update billing details through Stripe’s customer portal and revoke API keys in your dashboard. You may request access, correction, deletion, restriction, portability, or objection where applicable by emailing help@terrible.llc. We may need to verify your identity and may retain information where law or legitimate security and accounting needs require it.

8. Children

The service is not directed to children under 18, and we do not knowingly collect their personal information.

9. Changes

We may update this Policy as the service or law changes. We will post the revised date and provide reasonable notice of material changes.

10. Contact

Privacy questions and requests: help@terrible.llc.