StartMail<ul>
<li>Benefits</li>
<li>Why StartMail?</li>
<li>Pricing</li>
<li>Privacy</li>
<li>Support</li>
<li>Blog</li>
</ul> EN DE Sign up Log in <p>
</p>
“Privacy.
It’s not just our policy.
<strong>It’s our mission</strong>.”
<p>StartMail is built by the people behind
Startpage, the world's most private
search engine.
We believe that privacy is a fundamental human
right.
As early as 2005 we recognized that clever technical solutions
would be required so you can exercise your right to privacy online.
We
turned out to be ahead of our time.
Over the next decade, revelation
after revelation,
showed how much our online privacy had come under attack.
In response,
we built more and more defenses into our search engines to protect our
users.
People now use Startpage to find information millions of times
per day, without being tracked or profiled.</p>
<p>We then turned to our next challenge: <strong>email privacy</strong>.
Everyone uses
email but sending regular email is structurally unsafe.
It's like
sending a postcard---which makes snooping very easy! Advanced
encryption technology already exists to stop hacking and mass
surveillance, but making this technology user‐friendly was our
challenge.</p>
<p>That's why we built StartMail from scratch.
A total solution for
protecting your email privacy that includes features like extra-secure
data storage, disposable alias email addresses, and an ownership that
will resist unwarranted intrusion.
It has easy‐to‐use 'one‐click'
encryption, and a very clear privacy policy.
We are on a mission to
empower people to take back their online privacy!</p>
<p>
<strong>Robert E.G Beens</strong> CEO</p>
StartMail has been developed to Protect your Privacy
<p>Using StartMail, you can protect yourself against unwarranted
intrusion and mass surveillance and take back your right to
communications privacy.
Our core values include "privacy by design"
and "minimal data retention".</p> Read more
<p>Our core values are:</p>
<ul>
<li>
<strong>Privacy by design.</strong> Privacy shouldn't be an afterthought.
We
built StartMail from scratch, and privacy has always been our main
objective.</li>
<li>
<strong>Encryption made easy.</strong> Encryption is a must to achieve
privacy.
While existing encryption solutions for email are
cumbersome, StartMail makes encryption easy for everyone.</li>
<li>
<strong>Optimal security.</strong> Privacy and security must go hand in
hand.
There is no privacy without security.</li>
<li>
<strong>Minimal data retention.</strong> We store and process as little personal
information about you as possible.</li>
<li>
<strong>Transparency of purpose.</strong> We have no hidden agenda with your
information.
If we store your data at all, we always tell you
exactly why.</li>
<li>
<strong>Responsible protection of users' civil rights.</strong> We believe
communications privacy is a fundamental right.
StartMail protects
your email against unauthorized and unconstitutional intrusions.</li>
<li>
<strong>Transparency about our solutions and remaining threat vectors.</strong>
100% privacy or security does not exist.
We strive to be as open and
clear as possible about what our solution can and cannot offer.</li>
</ul>
<p>Definitions of the capitalized terms are included in the Terms of
Service.</p> We put you Back in Control
<p>We are fully transparent about which data we process and why.
We put
you back in the driver's seat when it comes to your data.</p> Read more
<p>Your inbox and other personal information are yours even though we
help you by securing it and making it accessible through our
user-friendly interface.
Exactly which part of your data is processed
by us and why, depends on how you are using our Website and the
StartMail Service.</p>
1.
Visiting our Website
<p>When you visit the Website, the following details are automatically
processed:</p>
<ul>
<li>Your IP address → to allow effective troubleshooting and abuse
control.</li>
<li>Browser and operating system type and version → to display the
Website in the right format for your browser and operating system.</li>
<li>Browser language settings → to show you the Website in the right
language.</li>
<li>Country (based on IP-address), date and time → to know in which
countries and at what moments our marketing efforts appear to be
effective.</li>
<li>Origin of your visit (such as whether you directly typed the Website
URL or accessed the Website through a search engine query or link
from another website) → to assess the success of our search engine
optimization and information outreach efforts.</li>
<li>Clicked links and visited (parts of) pages on our Website → to help
us get an idea of which of our pages appear to be effective to
inform our visitors.</li>
</ul>
<p>In our weblogs we store the browser user agent, pages visited, IP
address and timestamp for a maximum of 7 days after which they are
deleted.</p>
<p>All other information is processed in a self-hosted analytics tool and
stored anonymized, in order to analyze usage trends.</p>
2.
Signing up for an Account
<p>Additionally, when signing up for the StartMail Service you may be
asked to provide:</p>
<ul>
<li>A name that you choose (optional and may be an alias or pseudonym,
but see also our Terms of Service, → to be
able to address you when we communicate with you.</li>
<li>Your desired email address (required), → to provide you with your
StartMail email address.</li>
<li>A password (required), → to provide authentication for your Account.</li>
<li>A Verification Email Address, → This address is used to send you an
activation link to activate your StartMail trial account.
To
maintain the integrity of the StartMail service, StartMail must take
measures to avoid the automatic creation of accounts by
spammers.
This is because if spammers use StartMail to send
messages, StartMail's IP addresses can become blocked by major mail
providers such as Gmail, Yahoo, Outlook, etc.</li>
<li>A Recovery Email Address (optional, see also our Term of Service), →
to communicate with you in the event that you need to recover access
to your StartMail Account should you ever lose your password.</li>
<li>A promotional code (optional, if you have one), → to give you the
benefit of a promotional offer.
Your preference as to whether you
would like to subscribe to our newsletter(s), → to send you our
newsletters only if you want to receive them.</li>
<li>Payment method information.
(see 3.
Paying for an Account below)</li>
<li>Information collected as a result of you answering prompts, such as
image labeling data, text converted from audio files played to you,
→ in order for us to protect our website from spam and abuse, we use
hCaptcha.
Intuition Machines can deduce if we are dealing with a
legitimate website visitor or a robot.
We have a legitimate interest
to know this.
For more information, please read hCaptcha's Privacy
Statement.</li>
</ul>
3.
Paying for an Account
<p>StartMail offers a paid subscription service which can be paid for
with various online payment methods.
To facilitate payment and to
manage the customers' subscription, StartMail works with third-party
payment providers and a subscription management provider.</p>
<ul>
<li>For payment processing, StartMail relies on third parties such as
Stripe and Paypal to process payment details such as credit card
information to process your payments or refunding such payments.
In
accordance with Payment Card Industry Security Standards (PCI DSS),
which our payment and subscriptions providers all adhere to, they are
not permitted to use your information for anything other than
processing your payment.</li>
<li>For subscription management, StartMail relies on Chargebee to manage
customer lifecycle operations such as managing trials, assigning
credits, issuing refunds and making mid-cycle subscription
changes.
Our subscription management provider processes data only as
our 'processor' (as intended in the GDPR).
Through our data processing
agreement, we have bound this provider to only process data in order
to provide their services to us and not for other purposes.
In
addition, we pseudonymize your data before providing it to our
subscription management provider.</li>
</ul>
<p>StartMail necessarily must share some information with these
third-party data processors to provide the StartMail Service</p>
<p>The legal basis of this processing is the performance of the contract
between you and StartMail.</p>
<p>In order to protect your privacy, StartMail will minimize the type and
amount of data which is being shared with our data processors so you
can make use of the StartMail service without sharing more of your
private information than necessary.</p>
<p>For example: For StartMail to manage your subscription through
Chargebee, a unique and random identifier is generated and shared with
Chargebee.
This unique identifier enables StartMail to link your
StartMail e-mail address to your subscription at Chargebee but not the
other way around.
Chargebee only receives this unique identifier and
as a result Chargebee cannot directly link the payment details to the
email address you have registered at StartMail.
This provides an
additional safeguard to protect your privacy.
For additional privacy,
StartMail also offers anonymous payment
methods.
Please send a message to support@startmail.com to
receive more information on how to perform such a payment.</p>
Information required for Payment, billing and subscription information
<p>The specialized payment and subscription providers
Stripe,
Paypal and
Chargebee have been
carefully chosen to responsibly process payment details and billing
information which is used to manage your subscription.
These companies
have strict security standards, as laid down in the Payment Card
Industry Security Standards (PCI
DSS),
with which they are fully compliant.
These providers store account
payment details under a unique identifier but cannot connect the payment
data to the account email address.
The StartMail system also works
with this unique identifier and has no direct access to Stripe's system --
effectively separating the two systems.</p>
Privacy Policies
Chargebee
<p>The information that you provide through Chargebee is subject to the
Chargebee Privacy Policy.
A
random e-mail pseudonym is generated when you register at StartMail
which will be shared with Chargebee to help you and StartMail manage
your subscription.
This for example allows you to receive an invoice
without Chargebee knowing your account name.</p>
Stripe
<p>The information that you provide through Stripe such as your credit
card number, credit card expiration date, card security code is
subject to the Stripe Privacy
Policy.</p>
PayPal
<p>StartMail supports PayPal as a payment processing provider.
You can
find their privacy policy
here: To make
payments as easy and user-friendly as possible, StartMail sends your
name and e-mail address to Paypal during a payment process.
All this
information would be requested by the provider anyway.</p>
4.
Location of data
StartMail
<p>The StartMail databases (containing customer emails which are stored
in encrypted user vaults) are located in data centers in the
Netherlands.
Payment and subscription details are stored in the
(cloud) servers used by our payment and subscription management
providers, outside of the EU.
See below for more information.</p>
Stripe
<p>Stripe's data (credit card information for payment processing) is
hosted solely in data centers in the US.
Under EU data protection law,
there is no requirement to localize, i.e., to store data in the
EU.
However, when data is transferred to a non-EU country that does
not offer the same level of data protection as the European Union's
General Data Protection Regulation (GDPR), a data transfer mechanism
has to be implemented to ensure this protection.
Stripe's existing
measures include the EU Commission's approved Standard Contractual
Clauses (SCCs) to accommodate international data transfers.</p>
Chargebee
<p>Chargebee has their main servers located in the US.
To facilitate
this, StartMail and Chargebee have a Data Processing Addendum (DPA)
for the transfer of data outside of the EU.
StartMail uses
pseudonymization to ensure that our subscription management provider
cannot relate your subscription information to your e-mail
address.
Chargebee's existing measures include the EU Commission's
approved Standard Contractual Clauses (SCCs) to accommodate
international data transfers.</p>
Paypal
<p>Please see Paypal's privacy
statement
to understand how they manage your payment details.
Paypal's existing
measures include the EU Commission's approved Standard Contractual
Clauses (SCCs) to accommodate international data transfers.</p>
5.
Using the StartMail Service
<p>All of your email messages are stored in a secure User Vault on our
servers.
All information in the vault is encrypted (see StartMail
Gives You Ironclad Data Protection on how we use encryption to protect
your data)</p>
<p>Everything you can see through the regular user interface (your inbox
and folders, including spam folder, but excluding contacts) is stored,
and is stored safely in the User Vault.</p>
<p>Additionally, the following is also stored in the User Vault:</p>
<ul>
<li>personalized spam preferences of the User as part of the self-learning
process of the spam filter</li>
<li>a search index, which allows an efficient email search functionality</li>
</ul>
<p>When you use the StartMail Service to send an email, your IP address
is not included in the header of the email.
Instead our IP address is
shown.</p>
<p>We may offer the option to subscribe to our newsletter.
If you have
subscribed, you may receive our newsletters until you have
unsubscribed.
You can unsubscribe at any time.</p>
6.
Support
<p>You may visit our support section or send us feedback or a support
request.
StartMail processes personal data to offer you support.
For
this purpose, we use the information provided by you, such as your
email address and your feedback or request.
We need this information
for the performance of a contract: to respond to your feedback or
support request.</p>
<p>We use Zendesk to power our support section and process your feedback
or support request.
Zendesk is a global company with its head office
in the United States.
We and Zendesk have taken appropriate safeguards
to protect your personal data when using Zendesk to handle your
support request.
For example, Zendesk has implemented binding
corporate rules (BCRs) which have been approved by the appropriate
privacy supervisory authority.
In addition, we have made use of the
option to bind Zendesk to standard contractual clauses made by the
European Commission in order to protect your privacy.</p>
<p>Nevertheless, If you do not want Zendesk to be used to handle your
support inquiry, then you can send an e-mail to
support-alt@startmail.com.
Note that it may take slightly longer for
an agent to pick up your request.
We store any communications up to a
maximum of two years.</p>
7.
Subscribing to our newsletter
<p>On our support form, we may offer the option to subscribe to our
newsletter.
If you have subscribed, you may receive our newsletters
until you have unsubscribed.
You can unsubscribe at any time.</p>
8.
Deleted is Deleted
<p>When you delete an email, it is immediately deleted from your secure
user vault.
As part of our backup strategy a (fully encrypted) copy
will remain for the maximum retention period of three days.</p>
<p>Your Account will be stored for as long as our Agreement remains in
force.
When an Agreement is fully terminated, all data contained in
the Account, including all emails, will be deleted permanently.</p>
9.
Viewing and Amending your Personal Data
<p>If you have any questions about our Privacy Policy or if you have
questions about viewing, amending or deleting your personal data, you
can contact us at: legal@startmail.com.</p> No Tracking or Advertising -- Guaranteed
<p>StartMail is an ad-free service.
StartMail does not collect or share
any data with a third party for advertisement or tracking purposes
within its application.
We only use cookies to the extent that this is
necessary to provide you with a smooth and user-friendly experience,
and to understand how our Website is used in general.</p> Read more
<p>Other webmail providers collect and use your personal data to display
personalized ads to you.
As a result, you pay for your webmail with
your privacy.
We think your privacy is worth more than gold.
We
therefore don't track your behavior online and we don't build any
personal profiles of you.
The StartMail Service is strictly ad-free.</p>
What (tracking) cookies are and what they can do
<p>A cookie is a small file that is stored on a computer (such as a PC,
smartphone or tablet) when visiting a website.
Cookies are very useful
to enable a smooth and user-friendly experience on a website, for
example to prevent that visitors would have to supply their login
details again for every action on the website, or to remember the
contents of a shopping basket.
However, so-called 'tracking cookies'
can also be used to track users across multiple websites and to build
personalized profiles for advertising or other purposes, negatively
affecting privacy.</p>
<p>StartMail will set cookies for the following purposes.
First of all,
we want to better understand how our StartMail product is used so that
we can improve the service.
And secondly, we want to evaluate the
effectiveness of our marketing efforts aimed at attracting new
StartMail users.
Click
here
for a complete and up-to-date overview of the cookies used by
StartMail.</p>
We use only anonymous data to try to improve our services
<p>We collect only strictly anonymous statistics from our
domain.
Anonymous data is collected only in order to get an idea about
what pages are effective in informing our users about the StartMail
Service, and to improve the user interface.
For example, we count the
total number of times each page is being visited and we may get some
insight into which pages or features are usually accessed
consecutively, but we never know who has visited which pages and when.</p>
<p>We use an open source statistical measurement tool for this, called
Matomo.
We run this very lightweight tool on our own infrastructure to
prevent anybody snooping the data, and we have specifically configured
it for minimal data collection to ensure that no personal data is
recorded at any time.</p>
StartMail blocks remote content by default, to protect your privacy
<p>Some emails contain remote content (such as images, which may even be
invisible).
If such remote content is loaded automatically, this
enables the sender to know when the e-mail was opened, because the
sender can detect when its content was loaded and by whom.</p>
<p>To protect your privacy, StartMail prevents any remote content to be
loaded automatically when you open an email.
It is possible to
explicitly choose to always load such content automatically in your
Settings.
Please note that you should still be careful to avoid
opening any attachments or clicking on any links in any email, unless
you trust the sender and the content.</p> StartMail gives you Ironclad Data Protection
<p>We use state-of-the-art technical and organizational security measures
to protect your data.</p> Read more
<p>
<strong>On the Technical Side</strong>, we use state-of-the-art cryptography to
protect your data.
For example:</p>
<ul>
<li>Traffic between the User and our servers is encrypted with TLS, and
perfect forward secrecy is applied.</li>
<li>We only store passwords in hashed form on our servers.</li>
<li>Your StartMail inbox and its folders are stored in your own
encrypted User Vault.
Your User Vault is only opened when you
login.
Without the account password or a recovery key the vault is
inaccessible when it is closed.</li>
<li>When you are logged out of StartMail, your entire inbox is
encrypted.
When you are logged in, your unencrypted emails are
unencrypted, but all of your PGP-encrypted emails are still
encrypted unless you open an encrypted email by submitting your
PGP-passphrase.</li>
<li>Users can encrypt emails via OpenPGP.</li>
<li>The users' key-pair is stored in the User Vault.
Additionally, the
private key is encrypted by means of the passphrase.
Without the
passphrase the private key can't be decrypted or used.</li>
<li>We only use validated encryption algorithms that are considered safe
by respected cryptographers.</li>
</ul>
<p>For more detailed information about our technical security measures,
please read our Security White Paper.</p>
<p>
<strong>On the Organizational Side</strong> we have strict protocols in place to
ensure the safety of your data.
For example:</p>
<ul>
<li>At each level, access to our systems is restricted to authorized
staff with a legitimate need to know.
This access is tightly limited
and is only for the purpose of providing the StartMail Service to
you.</li>
<li>Any individual, who is given access to the StartMail system, is
required to sign a confidentiality agreement.</li>
<li>No third party, contractor, or sub-contractor of StartMail is given
access to the system, except for the purpose of enabling us to
provide the StartMail Service to you.
All such parties must sign a
data processing agreement, containing confidentiality provisions and
stringent security protocols.</li>
</ul>
Compliance with Legitimate Requests by Authorities
<p>While we respect and try to protect your privacy to the best of our
abilities, your use of StartMail does not place you above the law.
But
neither do we place authorities above the law.
We have a strong belief
in the Rule of Law of the Netherlands.
ONLY if we receive a request
from Dutch judicial authorities to hand over information about one of
our Users, we will have our lawyers check the validity of the request
and determine whether we are obliged to comply.
We will NOT comply
with such requests unless we are convinced that the request is legally
valid and we believe that it is undeniably our legal obligation to
comply.</p>
<p>We will NOT comply with requests from any authorities other than Dutch
authorities.
If we receive a request from any foreign government, we
will refuse to comply and will instead instruct the requestor to place
a formal request to the Dutch authorities for mutual assistance.</p>
<p>StartMail will never cooperate with any voluntary surveillance
programs.
Under the strong laws that protect the right to privacy in
Europe, European governments cannot legally force service providers
like StartMail to implement a blanket-spying program on their users.</p>
Requests by Private Third Parties
<p>We will NOT comply with any requests from private third parties to
provide information about our Users, unless we would receive a valid
Dutch court order and we believe it is undeniably our legal obligation
to comply.</p>
We will not reduce your rights without your explicit consent
<p>We may change our Privacy Policy from time to time.
Any changes to our
Privacy Policy will be posted on this page, and we will provide a more
prominent notice, such as an email message, if we believe a change
significantly affects your privacy.</p> StartMail complies with the World's toughest Privacy Laws
<p>StartMail is based in The Netherlands, Europe, where privacy laws and
regulations are among the strictest in the world.</p> Read more
<p>For example, we do the following to comply with the General Data
Protection Regulation, which is widely renowned as one of the
strongest privacy laws in the world and gives you formidable legal
rights:</p>
<ul>
<li>clearly state our identity as a 'controller' of your personal data and
how you can contact us with questions or requests about your privacy;</li>
<li>clearly explain for what legitimate purposes and interests and under
which legal basis we process personal data, as we do in this privacy
policy;</li>
<li>clearly state which kinds of parties may need to receive your personal
data from us and why;</li>
<li>first request your express consent to the processing of your personal
data in cases where your consent is required, giving you the right to
withdraw your consent at any time;</li>
<li>do everything we can to prevent that we would process more personal
data than necessary for our legitimate purposes, or store it for
longer than necessary;</li>
<li>implement appropriate security measures to protect your personal data,
and demand the same of any party processing personal data on our
instructions;</li>
<li>respect your right to request inspection of your personal data and
have them corrected or deleted, or to restrict our processing of it.</li>
</ul>
Legal basis for processing your data
<p>The following legal grounds apply to process your personal data:</p>
<ul>
<li>Your consent.
By using the StartMail Service, you consent to our
processing of your data as part of the StartMail Service.</li>
<li>Necessary to perform a contract with you or take steps before
entering into a contract with you at your request.
By signing up for
the StartMail Service, you request us to prepare your contract.
Once
your contract has been entered into, we may process your data as
necessary to perform our contract with you (providing the StartMail
Service to you).</li>
<li>Our legitimate interest, to provide the StartMail Service to you in
the best way we can.</li>
<li>Our legal obligations, for example our obligation to store invoices
for tax purposes.</li>
</ul>
Your rights with respect to your data
<p>You may ask us at any time to access, correct or erase your data.
You
may also request us to keep your information but block it from further
processing.
You can submit any such request by using our contact
details below.</p>
<p>If you inform us that you withdraw your consent to process your
information, we will delete your information, unless we are legally
required to keep it (e.g.
invoices, as explained below under retention
periods).</p>
Retention periods
<p>
<u>Invoices</u>
</p>
<p>We store invoices for 7 years, or whichever period may be prescribed
under applicable tax law.</p>
<p>
<u>E-mail account</u>
</p>
<p>If you have subscribed to the StartMail Service, your Account will be
stored for as long as our Agreement remains in force.
When an
Agreement is fully terminated, all data contained in the Account,
including all emails, will be deleted permanently.</p>
Dutch Data Protection Authority
<p>We are always here to help.
If you have any feedback or complaint
about our services in general, or more specifically about how your
privacy is protected when you use our services, please let us know via
the contact details below.
In accordance with EU privacy laws and
regulations, you have the right to lodge a complaint with the national
supervisory authority responsible for the protection of personal data
if you think we have unlawfully processed your personal data.
For the
Netherlands, this supervisory authority is the <em>Dutch Data Protection
Authority</em>, which you can contact
here.</p> Our company and contact information
<p>
<em>Still have privacy questions?</em>
</p>
<p>With this privacy policy we have done our utmost to inform you as well
as possible about your privacy while using our services.
We hope that
you agree that your privacy is in good hands with us.
Startmail.com is
owned and operated by StartMail BV, Boulevard 11, 3707 BK Zeist, The
Netherlands.
Representative for the Privacy Policy is Robert
E.G.
Beens.
You can contact us at privacypolicy@startmail.com.</p>
<p>Last Modified: September 24th, 2020</p>
<p>Effective: October 1st, 2020</p>
<p>Privacy.
It's not just our policy - it's our mission.</p> Privacy.
It’s not just our policy - it’s our mission.
StartMail B.V.
© 2020 <ul>
<li>Privacy</li>
<li>Terms of Service</li>
<li>Technical White Paper</li>
<li>Release Notes</li>
<li>Status</li>
<li>Press</li>
<li>Jobs</li>
</ul>FacebookTwitterLinkedIn