MailOven
Login Sign up

Privacy Policy

Last updated: April 2026

Sweet Potato Software ("we", "us", "our") operates MailOven ("Service"). This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding it.

By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account information

When you register, we collect:

  • Your name
  • Your email address
  • Your password (stored as a bcrypt hash — we never store your plaintext password)

1.2 Organization information

When you create an organization, we collect:

  • The subdomain slug you choose (e.g. yourslug)
  • The organization name

1.3 Usage data

We automatically collect limited technical data to operate and secure the Service:

  • Login timestamps and IP addresses
  • API key usage counts and timestamps
  • Browser type and operating system (from request headers)

We use Pausible for analytics. We do not use cookies for tracking — session cookies are used solely to keep you signed in.

1.4 Email content

Emails received at your organization's subdomain are stored on our servers and are accessible to members of your organization. We do not read, analyze, or process the content of your emails beyond what is necessary to store and display them to you.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Provide the Service (receiving, storing, and displaying emails)
  • Authenticate API requests
  • Send transactional emails (email verification, password reset)
  • Detect and prevent abuse, fraud, and security incidents
  • Comply with legal obligations

We do not use your information for advertising. We do not sell your personal data to third parties.

3. Data Retention

Email content: Retained for the duration you configure (between 1 and 20 days). Emails older than your configured retention period are automatically and permanently deleted.

Account data: Retained for as long as your account is active. Unverified accounts (email address not confirmed) are automatically deleted after 2 days.

Upon account deletion, all personal data and email content associated with your account are permanently removed.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties, except in the following limited circumstances:

Service providers. We use Resend to deliver transactional emails (verification, password reset). Your email address is shared solely for this purpose and is subject to Resend's data processing agreement.

Legal requirements. We may disclose your information if required to do so by law or in response to a valid legal process (e.g. a court order or subpoena).

Business transfer. If Sweet Potato Software is acquired or its assets are transferred, your data may be transferred to the new owner. We will notify you before your data is subject to a different privacy policy.

5. Data Storage and Security

We implement reasonable technical and organizational measures to protect your personal data, including:

  • HTTPS for all data in transit
  • Hashed passwords (bcrypt)
  • CSRF token protection on all state-changing requests
  • API key authentication for programmatic access

6. Cookies

We use a minimal number of cookies:

CookiePurposeDuration
sessionKeeps you signed inSession / configurable

We do not use advertising cookies, tracking pixels, or third-party cookies.

7. Your Rights (PIPEDA)

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Withdraw consent to our use of your personal information (subject to legal or contractual restrictions)
  • Request deletion of your account and associated data

To exercise any of these rights, contact us at privacy@mailoven.com. We will respond within 30 days.

8. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

10. Contact

For privacy-related questions or to exercise your rights, contact:

Sweet Potato Software
privacy@mailoven.com

All @mailoven.com contact addresses are routed through Proton Mail, which provides end-to-end encryption for messages between Proton users and zero-access encryption for all stored emails.