We place the highest possible value on the protection and security of your data. If the following information regarding privacy at Posteo is not sufficient, we are available to answer further questions via firstname.lastname@example.org.
The legal basis for privacy in connection with our email services is provided by German legal regulations (among others the TMG, TKG, TKÜV and BDSG). Posteo's services are hosted on servers in Germany. There are fundamental differences between inventory data, traffic data and content information (like emails, contacts and calendar entries).
We allow you to start a contract with us without entering personal user information (for example, your name, address and birthday). Entering a mobile number, to be used to reset your password, is optional. The mobile phone numbers are encrypted (salted hash) and stored in our database and can not be read by us, except the last three digits. For your pre-payment, you receive an invoice without a name on it, which shows the tax paid. The invoice is usually fully tax-deductible, even though there is no name shown on it.
When you pay by bank transfer or PayPal, your name or the name of the person who pays will be transmitted to us (with PayPal, your address as well). This information is not attached to your email account. We only evaluate whether a payment has occurred. The sole connection between payment transaction and email account – a randomly-generated payment code – is deleted at the moment the balance is loaded. We are legally required to keep records of all payments as a hard copy for 10 years for tax purposes.
Traffic data means data that accrues by using Posteo. We log every time an account sends or receives an email, in order to diagnose technical problems, quickly understand and eliminate errors and to recognise misuse. This data is automatically deleted after seven days. In addition, we anonymously compile usage data unconnected with accounts. These statistics do not contain IP addresses. We don't save the IP addresses of anyone who uses Posteo webmail or uses Posteo with an email program.
Your emails, address book and calendar data
We point out that it is possible, purely from a technical perspective, for us to see your emails, address book and calendar data, if you have not encrypted them. Your emails are, however, protected by secrecy of correspondence ("Briefgeheimnis") and actually viewing them would constitute a criminal offence. We ensure you that we will not view or use your emails at any time. In addition, we offer you the possibility of saving your address book and calendar data on our server with encryption (AES encryption). We back-up all emails, address book and calendar data on a daily basis, such that in case of technical problems as little loss of data occurs for you as possible. Please regularly make additional back-ups yourself, for additional protection. Our email servers' hard drives are encrypted. If the servers were to be stolen or impounded, your data is, according to current technology, safe.
We automatically pass your emails through virus and spam filters. Emails discovered by our filters to contain spam, viruses, or programs typically used to propagate viruses will not be accepted by our system. You can set up an exception list for the spam filter in the user menu. With Posteo, accessing your account fundamentally occurs with encryption, so that nobody can intercept your data. When you send or receive emails, our server always tries to communicate with the other server in an encrypted manner, if the other server supports it. If you end your contract and we delete your account (including settings, access information and additional functions such as calendar and address book), your data remains saved in the backups for seven days, and then it is completely deleted. If an account's credit runs out, we will never delete it straight away. If you run out of credit because, for example, you were in hospital, your data will not be irrevocably deleted. You can, of course, always request for your account to be deleted immediately – in this case your data will still remain within our backups for seven days.
We will never freely circulate your information to third parties. In some specific legally-governed cases, in particular with submission of a German judicial ruling in the case of a crime, we are required to hand over an account (including emails, calendar details, etc).
Creditworthiness and debt collection
Because you pay for our service in advance, we do not require any credit check information (e.g. from Schufa in Germany) from you. In addition, we do not engage any collection agencies to pursue debts.