Legal

Privacy Policy

Last updated: December 23, 2025

1. Introduction

This Privacy Policy explains how Artatol ("we", "us", or "our") collects, uses, and protects your personal information when you use the ArtaMail service.

2. Information We Collect

We collect information that you provide directly to us:

  • Account information (email address, name, organization name)
  • Email content and metadata that you send through our service
  • Contact information for recipients you add to your contact lists
  • Usage data and analytics about how you use our service
  • Technical data such as IP addresses, browser type, and device information
  • Payment and billing information (when using paid services):
    • Billing address and contact details
    • Company information for invoicing
    • VAT/Tax ID for EU compliance
    • Payment method information (processed by our payment provider)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our email services
  • Send transactional and marketing emails on your behalf
  • Process and track email delivery, opens, and clicks
  • Provide customer support and respond to inquiries
  • Detect, prevent, and address technical issues and abuse
  • Comply with legal obligations

4. Data Storage and Security

We store your data on secure servers located in the European Union and implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

  • Database storage: PostgreSQL hosted on OVH Frankfurt, Germany (Kubernetes)
  • Queue management: Redis hosted on OVH Frankfurt, Germany (Kubernetes)
  • Email delivery: AWS SES (eu-west-1, Ireland) for sending emails
  • Encryption: Industry-standard encryption for data in transit (TLS 1.3) and at rest (AES-256)

5. Data Sharing

We do not sell your personal information. We may share your information with:

  • Service providers: OVH (database hosting), AWS (email delivery), Cloudflare (security and performance)
  • Legal authorities: When required by law or to protect our rights
  • Business partners: With your explicit consent

Note: All application traffic is routed through Cloudflare's reverse proxy for DDoS protection, WAF security, and performance optimization. Cloudflare processes request metadata (IP addresses, User-Agent, cookies) as part of this service.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Email logs and analytics data are retained for up to 90 days. You can request deletion of your data at any time.

7. Your Rights

You have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

8. Cookies

We use essential cookies to operate our service and optional analytics cookies to understand how our service is used. You can manage your cookie preferences through your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].