Privacy Policy

1. Overview

Mailyra is a receive-only email service. The Service allows you to create receiving addresses and view inbound messages. We do not provide email sending functionality. This Policy describes what we collect, why we collect it, and how we handle it.

Inbound messages are created and sent by third parties. Inbound messages may contain personal or sensitive information. You are responsible for how you use, store, or share information you receive through the Service.

2. What we collect

We collect information necessary to operate, secure, and support a receive-only email service.

• Account identifiers: email address provided by your login provider (Google/Apple) and a unique internal user identifier (e.g., user ID).
• Authentication/session data: login/session tokens or provider identifiers required to verify sessions (stored and processed securely).
• Service data: receiving addresses created in the Service; message metadata (e.g., sender, subject, timestamps); and message content to display inbox functionality.
• Usage and log data: IP address, device/browser information, access timestamps, error logs, and security events used for abuse prevention and reliability.
• Cookies and similar technologies: used for essential functionality (session management, security), and where applicable, advertising/analytics.
• Subscription/entitlement metadata (if you purchase a paid plan): plan type, purchase status, start/end dates, and transaction/receipt identifiers required to unlock paid features and provide support.

We do not store full payment card numbers on our servers. Payments are handled by payment platforms (see Section 6).

3. How we collect data

• When you sign in using Google or Apple login.
• When you use the Service (e.g., create a receiving address, view messages).
• When you purchase a paid plan on the website or via in-app purchase (we receive confirmation/status signals from the payment platform).
• Automatically through standard web technologies (logs, cookies) when you access our website.

4. Why we use your data

• Account creation and authentication: to identify you and provide secure access.
• Provide core Service features: create and manage receiving addresses, display received messages, and maintain inbox functionality.
• Security and abuse prevention: detect and prevent fraud, automated abuse, unauthorized access, and harmful activity.
• Customer support: respond to inquiries and troubleshoot issues.
• Service improvement: monitor performance, fix bugs, improve reliability.
• Billing and entitlements: confirm purchase/entitlement status, enable paid features, prevent fraud, and support restoration where applicable.

5. Legal bases (where applicable)

Depending on your jurisdiction, we may process personal data based on one or more legal bases: (a) performance of a contract (providing the Service), (b) legitimate interests (security, fraud prevention, reliability), (c) compliance with legal obligations, and/or (d) your consent (for optional cookies/ads where required).

6. Sharing and disclosure

We do not sell your personal data. We may share data in the following limited circumstances:

• Service providers: hosting, infrastructure, monitoring, analytics, and security vendors who process data on our behalf under appropriate safeguards.
• Payment platforms and processors:
  • Web checkout (PayPal): If you purchase on our website, PayPal processes payment. We may receive and store limited information such as transaction identifiers, payment status, currency, timestamps, and (where provided) payer-related metadata necessary to verify purchases, prevent fraud, and provide support.
  • Apple App Store (in-app purchases): Apple processes payments and manages subscriptions purchased through the App Store. We may receive receipt/subscription status signals necessary to unlock paid features and prevent fraud.
  • Google Play (in-app purchases): Google processes payments and manages subscriptions purchased through Google Play. We may receive receipt/subscription status signals necessary to unlock paid features and prevent fraud.
  Payment platforms process your payment data under their own privacy policies. We do not store full payment card details on our servers.
• Legal requirements: when required by law, court order, or governmental request, or to protect rights, safety, and security.
• Business transfers: if we are involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction subject to safeguards.

7. Data retention

We retain personal data only as long as necessary to provide the Service and fulfill the purposes described in this Policy. Retention may vary by plan, account settings, operational needs, abuse prevention, and legal obligations.

• Account data: typically retained while your account is active. Upon account deletion, we delete or anonymize account data unless retention is required by law or needed to address disputes, fraud, or security incidents.
• Received messages / receiving addresses: retained to provide inbox access. Messages and/or receiving addresses may be removed based on retention rules, plan status, abuse prevention, compliance, or operational needs.
• Paid plans: eligible accounts may have extended retention and/or additional controls. Exact limits are displayed in the Service at the time of purchase and may change over time.
• Security logs: retained for a limited period to protect the Service, investigate incidents, and comply with legal obligations.

We may retain certain records longer when necessary to comply with law, enforce agreements, resolve disputes, prevent fraud/abuse, or maintain security.

8. International data transfers

Depending on where you access the Service and where our providers operate, your data may be processed in countries other than your own. We take steps to implement appropriate safeguards for cross-border transfers as required by applicable law.

9. Cookies, analytics, and advertising

We may use cookies and similar technologies for essential site functionality and to support advertising where enabled.

• Essential cookies: required for login/session and security.
• Advertising: the website may display ads (e.g., via Google). Ad providers may use cookies or device identifiers to show and measure ads.

You can usually control cookies via your browser settings. Where required by law, we will request consent for non-essential cookies. We do not respond to “Do Not Track” (DNT) signals.

10. Security measures

We implement reasonable technical and organizational measures to protect data, including:

• Encryption in transit (HTTPS) and protective storage controls where applicable.
• Access controls, least-privilege practices, and monitoring for suspicious activity.
• Network protections and operational controls to reduce abuse (the Service does not provide email sending features).

No method of transmission or storage is 100% secure. We work to protect data, but cannot guarantee absolute security.

11. Your rights

Depending on your location, you may have rights regarding your personal data, such as access, correction, deletion, and objection/restriction. To make a request, contact us at the email below. We may need to verify your identity before completing requests.

12. Children’s privacy

The Service is not intended for children under the minimum age required by applicable law. If you believe a child has provided us personal data, please contact us so we can take appropriate action.

13. Data controller

The data controller for this Service is Mailyra (bluecode). For privacy-related inquiries, contact junyoung810415@gmail.com.

Service provider details (CEO, business registration number, and address) are provided in our Terms of Service.

14. Contact

Privacy inquiries and requests:
Email: junyoung810415@gmail.com

15. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post an updated version on this page with a new effective date.

Effective date: December 31, 2025