Legal

Privacy Policy

Last updated: 8 January 2026  ·  Effective: 8 January 2026

1. Introduction

SwiftMail.net ("SwiftMail," "we," "our," or "us") is a privacy-focused email service operated by SwiftMail Sàrl, a company incorporated under the laws of Switzerland with its registered office in Zürich, Switzerland.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our email, calendar, and contacts services (collectively, the "Service"). We are committed to transparency and to processing your data in accordance with the Swiss Federal Act on Data Protection (FADP/nDSG), the Swiss Ordinance on Data Protection (DPO/DSV), and, where applicable, the European Union General Data Protection Regulation (EU GDPR).

Our core principle is simple: we collect the minimum data necessary to provide the Service, and we never use your data for advertising, profiling, or sale to third parties.

2. Data Controller

The data controller responsible for the processing of your personal data is:

SwiftMail Sàrl
Bahnhofplatz 1
8001 Zürich, Switzerland
Email: privacy@swiftmail.net

If we appoint a Data Protection Officer or EU representative, their contact details will be published on our website at swiftmail.net/privacy.

3. What Data We Collect

3.1 Account Data

When you create an account, we collect:

  • Your chosen SwiftMail email address
  • A password (stored in hashed form only; we cannot read your password)
  • A recovery email address (optional, used solely for account recovery)
  • Payment information (processed by Stripe; see Section 7)

3.2 Service Data

In order to deliver the Service, our servers necessarily process:

  • Email metadata: sender address, recipient address, date/time, subject line, and message size
  • IP addresses used to access the Service (see Section 3.4 on retention)
  • Calendar and contact data you store within the Service

We do not read, scan, analyse, or mine the content of your emails, attachments, calendar entries, or contacts for any purpose other than delivering them to you.

3.3 Technical Data

When you interact with our website or Service, we may collect minimal technical data necessary for security and service delivery:

  • Browser type and version (for compatibility)
  • Operating system
  • Referring URL (if you arrived via a link)
  • Pages visited on swiftmail.net

We use Matomo, a privacy-respecting analytics platform that we self-host on our own Swiss infrastructure. Matomo does not use tracking cookies, does not track individuals across sites, and does not share data with third parties. We do not use Google Analytics.

3.4 IP Address Retention

IP addresses associated with account access are retained for 14 days for security and abuse prevention purposes, after which they are permanently deleted. We do not correlate IP addresses with email activity for any purpose other than detecting unauthorised access to your account.

4. What We Do Not Collect or Do

SwiftMail does not:

  • Read, scan, or analyse the content of your emails or attachments
  • Build advertising profiles or user segments based on your data
  • Use your data to train artificial intelligence or machine learning models
  • Sell, rent, or share your personal data with advertisers, data brokers, or any third party for commercial purposes
  • Use tracking cookies, advertising pixels, or cross-site tracking technologies
  • Display advertisements of any kind within the Service

5. Legal Basis for Processing

Under Swiss data protection law and, where applicable, the EU GDPR, we process your personal data on the following legal bases:

  • Performance of contract (Art. 6(1)(b) GDPR / Art. 31(1) nDSG): Processing your account data, email metadata, and service data is necessary to provide the Service you have subscribed to.
  • Legitimate interest (Art. 6(1)(f) GDPR / Art. 31(1) nDSG): Processing technical data and IP addresses for security, fraud prevention, and service improvement, balanced against your privacy rights.
  • Legal obligation (Art. 6(1)(c) GDPR / Art. 31(1) nDSG): Where Swiss law requires us to retain certain data or respond to valid legal requests.
  • Consent: Only where explicitly required and given, such as for optional marketing communications (which you can withdraw at any time).

6. Data Storage and Security

6.1 Location

All data is stored on servers physically located in Switzerland. Your data does not leave Swiss territory unless you send an email to a recipient outside Switzerland, in which case standard email transmission protocols apply to the outgoing message.

6.2 Security Measures

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS 1.2 or higher for all connections)
  • Encryption of data at rest on our servers
  • Regular security audits and penetration testing
  • Strict access controls; only a minimal number of authorised personnel can access server infrastructure
  • Full disk encryption on all servers

6.3 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) and affected users without undue delay, and in any event within 72 hours of becoming aware of the breach, in accordance with applicable law.

7. Payment Processing

We use Stripe to process payments. When you subscribe to the Service, your payment information (credit card number, billing address) is transmitted directly to Stripe and is not stored on SwiftMail servers.

Stripe processes your data under their own privacy policy (stripe.com/privacy). We receive only a transaction reference, the last four digits of your card, the card expiry date, and confirmation of successful payment. We do not have access to your full card number.

We may also accept cryptocurrency payments. For cryptocurrency payments, we store only the transaction hash for record-keeping.

8. Third-Party Data Sharing

We do not sell, trade, or rent your personal data to third parties. We share data only in the following limited circumstances:

  • Payment processing: With Stripe as described in Section 7.
  • Legal obligation: When required by a valid Swiss court order or legal process under Swiss law (see Section 9).
  • Service providers: With carefully selected subprocessors who assist in operating the Service (e.g., DNS, DDoS protection), subject to strict data processing agreements and the requirement that they process data only as instructed by us.

We maintain a public list of our subprocessors at swiftmail.net/subprocessors, including the data they process and their jurisdiction.

9. Law Enforcement and Government Requests

SwiftMail is subject exclusively to Swiss law. We respond only to legal requests that comply with Swiss legal procedures and are issued or validated by Swiss authorities.

We do not and cannot comply with foreign government requests for data unless those requests are channelled through the Swiss legal system via mutual legal assistance treaties (MLAT) or other formal international cooperation mechanisms.

Where legally permitted, we will notify you of any legal request for your data before disclosing it, to allow you to challenge the request. Where we are legally prohibited from notifying you, we will challenge such prohibition on your behalf where reasonably possible.

We publish an annual transparency report detailing the number of legal requests received, complied with, and rejected, available at swiftmail.net/transparency.

10. Your Rights

Under Swiss data protection law and, where applicable, the EU GDPR, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate personal data.
  • Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability: You may request your data in a standard, machine-readable format (e.g., MBOX for emails, vCard for contacts, iCalendar for calendar data).
  • Right to object: You may object to certain processing activities based on legitimate interest.
  • Right to restriction: You may request restriction of processing in certain circumstances.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@swiftmail.net. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if applicable, your local EU supervisory authority.

11. Account Deletion

You may delete your SwiftMail account at any time through your account settings or by contacting us at privacy@swiftmail.net.

Upon account deletion:

  • All emails, contacts, and calendar data are permanently deleted from our active servers within 30 days.
  • Account data (email address, hashed password) is deleted immediately.
  • Encrypted backups containing your data are purged within 90 days of account deletion.
  • Payment records are retained for the period required by Swiss tax and commercial law (currently 10 years for financial records), after which they are deleted.
  • Your SwiftMail email address will not be reassigned to another user.

We provide a data export tool that allows you to download all your data before deletion.

12. Data Retention

We retain personal data only for as long as necessary to provide the Service or as required by law:

  • Account data: For the duration of your active account.
  • Email and service data: For the duration of your active account.
  • IP addresses: 14 days from the date of access.
  • Payment records: 10 years from the transaction date, as required by Swiss commercial law (Art. 958f of the Swiss Code of Obligations).
  • Server logs: 7 days, then permanently deleted.

13. Cookies and Tracking

SwiftMail uses only strictly necessary cookies required for the functioning of the Service (e.g., session authentication cookies). We do not use:

  • Advertising or tracking cookies
  • Third-party analytics cookies
  • Social media tracking pixels
  • Browser fingerprinting techniques

Our website analytics (Matomo) is self-hosted on our Swiss infrastructure, is cookie-free, and does not track individual users across sessions or sites.

14. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will delete that data promptly.

15. International Data Transfers

Your data is stored in Switzerland. Switzerland has been recognised by the European Commission as providing an adequate level of data protection (adequacy decision). No additional safeguards are required for transfers between the EU/EEA and Switzerland.

We do not transfer your data to countries outside Switzerland or the EU/EEA except in the normal course of sending emails to recipients in those countries, which is initiated by you.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The current version will always be available at swiftmail.net/privacy, with a clear "last updated" date.

Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy. If you do not agree with the changes, you may close your account and export your data before the changes take effect.

17. Contact

For any questions about this Privacy Policy or our data practices:

Email: privacy@swiftmail.net

Postal address:
SwiftMail Sàrl
Bahnhofplatz 1
8001 Zürich, Switzerland