Privacy Policy

Stash is operated by a sole proprietor based in Bengaluru, India. For privacy questions, write to hello@gostash.app.

• Account data: your name, email address (for sign-in), and the domains you add.
• Mailbox content: emails sent and received through your Stash mailboxes — body, headers, attachments. We need this to actually run a mail service.
• Billing data: handled by Razorpay. We see the last four digits of your card and the transaction status; we don't see or store full card numbers.
• Operational logs: SMTP delivery records, login timestamps, IP address at sign-in. Used to investigate deliverability issues and abuse. Retained for 90 days.

Email is hosted on our own Mailcow server in Frankfurt, Germany (Contabo data centre). Account metadata (your name, domains, subscription status) is stored in a managed Postgres database in the same region (Neon, eu-central-1). Transactional email (sign-in links, billing alerts) is relayed through Brevo's SMTP relay. We do not transfer your data outside this set of providers.

Operationally, nobody at Stash reads customer email as a routine. The operator (one person) has the technical ability to access the server but accesses individual mailboxes only when you explicitly ask for help with a delivery issue, or in the rare case where we need to investigate abuse complaints against your domain. Every such access is on-request and ad-hoc.

We do not run analytics on email content. We do not train AI models on email content. We do not sell or rent data to anyone.

The portal sets one cookie — a session cookie — when you sign in. That's it. We don't run Google Analytics, Facebook Pixel, or any third-party tracker on the portal. The marketing site (this page, the landing page) is statically served and ships no scripts beyond what Next.js needs to render.

• Active accounts: kept while you're a customer plus 60 days after cancellation, then deleted.
• Email content: stored on the server while your mailbox is active. After deletion, it persists in encrypted off-site backups for up to 30 days, then expires.
• Billing records: retained for 7 years to comply with Indian tax law.
• Operational logs: 90 days.

You can access, export, correct, or delete your account data at any time. Most of this is self-service in the portal (settings page). For anything you can't do yourself — bulk export of email, deletion ahead of the standard retention window, etc. — email hello@gostash.app and we'll act within 7 working days.

Mailbox passwords are stored encrypted (AES-256-GCM); we keep the encrypted copy only so we can sign you into the webmail in one click. Account session cookies are HMAC-signed. The server is patched on a weekly cadence. Backups are encrypted at rest.

If Stash is sold, your data goes to the buyer under the same terms; you'll be notified 30 days in advance and can export and leave before that happens. If we shut down voluntarily, we'll give you 60 days' notice to export your email and DNS records before deleting anything.

We'll email registered customers when this policy changes materially. Cosmetic edits (wording, formatting) don't trigger a notice.