What we collect, what we do with it.

What we collect and why

Three categories of data live on blamepost. Each gets a different treatment described below.

Account data

Your name, email address, password hash (Argon2id — we never see the plaintext), passkey credential IDs, IP address at sign-in, and user-agent string for device identification. We use this to sign you in, send you security notifications, and detect abuse. Account data is sealed at rest and stored in the region you selected at signup.

Billing data

Card data lives at Stripe; we receive a customer identifier and invoice metadata (amount, date, plan, status). We never see your full card number, expiry, or CVC. Invoice records are retained for the tax-reporting period required by the jurisdiction the invoice was issued under.

Mail data

Your mailbox bytes — headers, subject, from, to, body, attachments, auth-results — are sealed before they touch disk. See /security for the cryptographic details. We don't read your mail to train models, target ads, or sell anything; we don't have models, ads, or anything to sell. We process mail to deliver it (DMARC verification, virus scan, storage, retrieval) and for nothing else.

Region residency

Ciphertext is not replicated outside the region you pick at signup. EU accounts default to EU-Central; you can pick a specific region in the onboarding wizard. The seal key is derived per-tenant inside the region.

Sharing

We don't share account data, billing data, or mail data with third parties except: (a) Stripe, for the payment-processing function you signed up for; (b) law enforcement, when compelled by a valid legal order specific to your account, in which case we'll notify you unless the order forbids it; (c) sub-processors that operate the underlying infrastructure (region cloud provider) under data-processing agreements that prohibit onward sharing.

Your rights

You can export your mailbox at any time via IMAP4rev2 or JMAP. You can delete your account at any time; after a 30-day recovery window the ciphertext is destroyed and the seal key is rotated out. You can request access to or correction of your account data by emailing privacy@blamepost.com.

Cookies

Currently blamepost.com sets no cookies of any kind. When the sign-in flow ships we will set a single first-party session cookie, scoped to blamepost.com, used only to remember that you're signed in. No third-party tracking cookies, no analytics cookies, no advertising cookies — the marketing page doesn't ship any third-party JavaScript at all.

Changes

We'll notify you of material changes to this policy via your account email at least 30 days before they take effect.

Contact

For questions about this policy: privacy@blamepost.com.