This Privacy Policy describes how AliasFleet collects, uses, and protects your personal information when you use our email alias management service.
Information We Collect
Account Information
When you create an account, we collect:
- Email address (for account notifications and password resets)
- Username (public identifier for your account)
- Full name (optional, for personalization)
- Avatar URL (optional, for profile display)
- Website URL (optional, for public profile)
- Password (hashed using bcrypt with salt)
- Identity number (internal reference)
- IP address and user agent at registration
Service Data
To provide email forwarding services, we store:
- Aliases: Alias names, domains, forwarding destinations, activation status, categories, and description
- Destinations: Email addresses, verification status, PGP public keys (optional), WKD encryption settings
- Custom Domains: Domain names, DNS verification status (MX, SPF, DKIM, DMARC), DKIM keys
- Email Logs: Delivery status, timestamps, sender/recipient metadata (not email content)
- Settings: Display preferences, notification settings, From name/subject customizations
Usage Data
We collect activity information:
- Login timestamps and IP addresses
- Session information (device type, browser)
- Alias creation and modification history
- Email forwarding counts per alias
- Failed authentication attempts
- API usage (for rate limiting)
Payment Information
For Pro subscriptions, we integrate with Stripe:
- We do NOT store payment card details
- We retain: Stripe Customer ID, Stripe Subscription ID, billing cycle, current period end
- Invoice records (subscription amount, status, date)
- Payment method last 4 digits and brand (for display only)
What We Don't Collect
We do not:
- Read, store, or analyze the content of emails passing through aliases
- Store email attachments or message bodies
- Track your browsing behavior outside AliasFleet
- Use third-party analytics cookies
- Sell your personal information
How We Use Your Information
We use your information for:
- Core Service: Forward emails from your aliases to verified destinations
- Authentication: Secure account access via password and optional 2FA (email or authenticator app)
- Security: Prevent fraud, detect suspicious activity, enforce rate limits
- PGP Encryption: Encrypt forwarded emails when you provide a public key
- Notifications: Send account alerts, security warnings, and billing notifications
- Support: Respond to tickets and troubleshoot issues
- Compliance: Meet legal obligations and respond to valid requests
Data Sharing
We do not sell your personal information. Limited sharing occurs with:
Stripe (Payment Processing): Subscription billing, invoice generation. Data subject to Stripe's privacy policy.
Cloudflare (DNS/Security): Custom domain DNS management and DDoS protection.
Legal Requirements: We may disclose information if required by law, court order, or to protect our rights and users' safety.
Data Storage
Your data is stored on servers we control and operate. Data is encrypted in transit and at rest.
Your Rights
Under GDPR, CCPA, and applicable privacy laws, you have the right to:
- Access: View all data we have about you via Settings → Profile
- Export: Download a complete copy of your data in JSON format
- Deletion: Permanently delete your account (removes most data within 24 hours)
- Correction: Update profile information in account settings
- Portability: Transfer your data to another service
To exercise these rights, contact legal@aliasfleet.com.
Data Security
We implement security measures to protect your data:
Encryption:
- TLS for all data in transit
- PGP encryption available for forwarded emails (optional)
Access Controls:
- bcrypt password hashing
- Two-factor authentication (2FA) via TOTP
- Automatic session timeouts
Infrastructure:
- Automated security updates
- Firewalls
Monitoring:
- Failed login attempt tracking
- Rate limiting to prevent abuse
No system is completely secure. We respond promptly to reported vulnerabilities.
Data Retention
We retain data according to these schedules:
| Data Type | Retention Period |
|---|---|
| Active account data | Until account deletion |
| Email forwarding logs | 90 days |
| Failed login attempts | 30 days |
| 2FA recovery codes | Hashed, until regenerated |
| Support tickets | 15 days after ticket is closed |
Note: Billing records are handled entirely by Stripe. We do not store billing addresses, invoices, or payment history on our servers.
Third-Party Services
Stripe: Processes all payments. Subject to Stripe's Privacy Policy.
Cloudflare: DNS management for custom domains. Subject to Cloudflare's Privacy Policy.
International Data Transfers
Your data is stored on servers we operate and control. If you are in the EU, UK, or other jurisdictions with data protection laws, appropriate safeguards are in place for any necessary data transfers.
Policy Changes
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated date.
Contact
For privacy-related questions or to exercise your rights:
Email: legal@aliasfleet.com
Mailing Address: Available upon request