Updated May 24, 2026
Privacy Policy
This Privacy Policy explains how Korpur eMail processes personal data, mailbox data, technical data, cookies, and privacy requests for users in the European Union and elsewhere.
Who operates the service
- Korpur eMail is operated from Lithuania by the service operator or deployment owner configured for this installation.
- For privacy requests, security reports, or data-protection questions, contact support@korpur.com, legal@korpur.com, or info@korpur.com.
Data we process
- Account data such as username, role, permissions, authentication state, password-reset state, and administrator-controlled access settings.
- Mailbox data such as generated inbox addresses, sender and recipient addresses, subject lines, message bodies, attachments where enabled, spam records, delivery timestamps, and reply/compose activity.
- Device and technical data such as IP-derived request metadata, browser/device information, service-worker state, push subscription identifiers, security logs, and operational diagnostics.
- Preference and storage data such as theme choice, cookie consent, cached PWA assets, notification settings, and last-used app state.
Legal basis under EU law
- We process data to provide the requested email service, account access, inbox display, SMTP/IMAP workflows, password reset, notifications, and security controls.
- We process security, abuse-prevention, audit, and reliability data where there is a legitimate interest in protecting users, infrastructure, and the public from misuse.
- Where optional features require consent, such as browser notifications or non-essential browser storage, users may grant or withdraw permission through browser or app settings.
- We may process or disclose data when required to comply with Lithuanian, European Union, or other applicable legal obligations.
How data is used
- To authenticate users, show inboxes, send replies, manage generated addresses, filter spam, trigger notifications, and maintain service reliability.
- To investigate misuse, unauthorized access, delivery failures, spam, phishing, harassment, fraud, malware, privacy violations, or other unlawful activity.
- To improve security, troubleshoot technical problems, and maintain auditability for deployment operators.
Data sharing and processors
- We do not sell personal data.
- Data may be processed by hosting providers, database providers, IMAP/SMTP systems, DNS providers, push-notification services, logging systems, or other infrastructure required to operate this deployment.
- Data may be disclosed to competent authorities where legally required, or where necessary to protect users, third parties, infrastructure, or legal rights.
International transfers
- If infrastructure providers or email systems process data outside the European Economic Area, the operator should use appropriate safeguards such as adequacy decisions, standard contractual clauses, or equivalent protections where required by GDPR.
Retention
- Account, mailbox, spam, log, and notification data are retained according to the deployment owner’s operational configuration, legal obligations, security needs, and backup schedule.
- Disposable inboxes should not be used as long-term storage unless the operator explicitly supports that use.
Your privacy rights
- Depending on applicable law, users may request access, correction, deletion, restriction, portability, objection to processing, or withdrawal of consent.
- EU users may also contact the Lithuanian data-protection authority or their local supervisory authority if they believe their rights have not been respected.
- Privacy requests should include enough information to identify the relevant account, generated address, deployment, and request scope.
Security
- The app uses authentication, permission checks, sanitization, configuration controls, and operational logging to reduce unauthorized access risk.
- No web or email system can guarantee absolute security, so users should avoid sending sensitive secrets to disposable addresses unless their deployment policy allows it.