We place the highest value on the protection and security of your data. Protecting your online privacy and maximising your control over your private data is the essence and the purpose of PlusPrivacy service.
The legal basis for privacy in connection with our services is provided by the EU General Data Protection (GDPR) regulation and the upcoming ePrivacy regulation. Wherever possible we go beyond the most stringent requirements of these regulations in order to protect your privacy.
Data minimization and full transparency
Fingerprinting and IP address logging
We do not log your IP address. We do not fingerprint you or your devices in any way and do not transfer any information from your devices to our servers unless you explicitly choose to subscribe to one of our opt-in services, in which case we receive and store minimal private data as described below.
You can use our services anonymously, without providing any personal or device information whatsoever to our servers. To do so, simply use our services (browser extension, mobile apps) without logging in. Our opt-in services will not be available in this mode.
Storing your data for opt-in services
The only opt-in service that is currently available is email identity management. In order to use it, you need to log in. When you do, the following data are stored on our servers (we need the data in order to provide the service):
- your email address
- the hash of your password
- your alternative email identities
- your transient emails
Our opt-in identity management service involves relaying email between your real email address and those of your correspondents. The relayed email briefly passes through our servers when in transit. We do not inspect and do not store the content (message body, subject and attachments) of the email messages. Our servers do inspect and rewrite part of the email message headers in order to provide the service. Once the transmission of an email message through our servers is completed, no trace of it is left on them.
In case you choose to log in, for authentication we use so-called session cookies that store data on your computer. The cookies are deleted at the end of the respective session.
Compliance with court orders
We will obey a valid court order or subpoena if these require us to provide the information that we do store, to law enforcement authorities or a court of law. We will only do so upon legal scrutiny and confirmation of validity of such order or subpoena in the country where we operate. Currently our servers operate from Lithuania, an EU Member State that complies with GDPR.
When you delete your account, all the data linked to it is wiped: email address, account password, alternative email identities etc., and our servers forget that this account ever existed.
To prevent man in the middle attacks, alternative email identities in the form firstname.lastname@example.org that were present in the deleted account become permanently unavailable for future use by any user of PlusPrivacy, including yourself if you re-register for the service with the same email address.
After you delete your account, you can continue to use our services anonymously as described above.