Updated privacy policy
Post categories
Founder & CTO
After the recent sale of FastMail back to the developers, we decided it was a good time to review and update our privacy policy. We hope this makes it clear that we strongly value our users privacy and will continue to do so in the future.
The new policy is available at https://www.fastmail.fm/help/overview_privacy.html and is included below.
The FastMail Team
Privacy Policy
At FastMail, we take the privacy of our users very seriously. We want to make our policies on managing your data clear and understandable, so we’ve tried to write our privacy policy in plain English. If you have any further privacy concerns we haven’t addressed, please email privacy@fastmail.fm.
Jurisdiction
FastMail is an Australian company and as such is subject to Australian law. Australia has strong privacy laws in relation to email, specified in the Telecommunications (Interception and Access) Act 1979. The Electronic Frontiers Australia organisation has an excellent summary; this privacy policy tries to make it clear how it applies in practice to FastMail.
Surveillance and law enforcement
We do not participate in, or co-operate with, any kind of blanket surveillance or monitoring. (We also point out that Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it.)
We also take technical measures where feasible to prevent surveillance of our users occurring without our co-operation, such as:
- using encrypted SMTP for sending your mail when the receiving server supports it.
- mandating encrypted access for webmail, IMAP and POP.
- using Perfect Forward Secrecy where possible for all encrypted connections.
- encrypting communications between our data centres.
Like any company, we can never guarantee our measures are 100% effective, as we don’t know the full capabilities of any attackers. However, these measures do act to increase the difficulty and expense of any surveillance.
As an Australian company, we are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation. This means we need to see a warrant signed by an Australian judge before we will hand over any email data. Such requests must always be for specific accounts; we do not participate in or co-operate with “fishing expeditions”. As a guideline, in the last year we disclosed information on fewer than 50 accounts.
We do not directly disclose any information about our users to law enforcement from outside Australia, and indeed our understanding of Australian law is that it would be illegal for us to do so.
Overseas law enforcement may apply via an appropriate mutual assistance treaty to obtain information on our users. If the request is approved, then Australian documentation will be issued for disclosure of this information.
This distinction may seem academic, but in our experience the extra administrative overhead, and the additional layers of judicial oversight mean that we receive very few valid requests that originate from overseas and they must always be targeted at specific accounts.
We do not condone illegal activity. We deal with all law enforcement requests personally and we are satisfied that all we have seen are justified.
Data mining and profiling
We do not sell or give information about our users to any third parties. Payments are securely handled via Pin, Global Collect or PayPal; your credit card details are never transmitted to our servers. Pin and/or Global Collect store your credit card details and address for the purpose of future payments with FastMail, unless you have requested your payment details not to be stored. Pin’s privacy policy is available at https://pin.net.au/privacy. Global Collect’s privacy policy is available at http://www.globalcollect.com/Privacy-statement/. PayPal’s privacy policy varies depending on your country of residence; you can select your country to find the relevant privacy policy at https://www.paypal.com/webapps/mpp/ua/legalhub-full.
Incoming messages are scanned for the purpose of spam detection unless you disable spam protection for your account. We may also scan some outgoing messages with the same software to prevent people using our service to send spam. Emails you report as spam are automatically analysed to help train our spam filter. Also, if enabled, emails reported as spam are forwarded on to some external email reporting services. These services aim to help monitor and reduce overall spam on the Internet. Currently the services we report to are Return Path and LashBack. These may change in the future. If you don’t want this, you can disable the reporting in the FastMail advanced settings.
To make message searching fast, we build an index of your messages (this is a table, just like you would find at the back of a reference book, in which you can look up a word to quickly find the emails in which it appears).
No information from any of these activities is used for any other purpose, or to compile any kind of profile on our users.
Data retention
We retain backups of deleted messages for at least a week. This is for the purpose of restoring messages in case of accidental deletion. After this point, deleted messages will be purged from all our backups, although the time this takes to happen may vary due to automated load balancing.
We normally keep logs of email and server activity for up to 6 months. This is for the purposes of diagnosing and fixing problems, which are often reported to us weeks or months after they occur. Message subjects may be contained in these logs, but not message bodies. Aggregate or anonymous data, which cannot be linked to individual user accounts, may be kept for longer periods, for the purpose of improving the FastMail service.
Backups and logs may be kept longer than these limits in special circumstances. For example, if a problem is taking a long time to resolve, logs relevant to that investigation may be retained. Or if a server that contains backups or logs is temporarily offline because of a fault, then those backups or logs may not be deleted until the server is brought back up.
These situations are unusual, however, and when they do occur, they are temporary.
Account deletion
Should you close your account, all data will be permanently deleted 7 days after closing. It may take a further 2 weeks to purge from all our backups.