Privacy Policy

1. Introduction

This Privacy Policy explains how we process your personal data when you use our email hosting services (“Services”) and associated website (“Website”). We respect your privacy and comply with the General Data Protection Regulation (EU Regulation 2016/679, “GDPR”) and Portuguese Law No. 58/2019 of August 8, which ensures GDPR implementation in Portugal.

 

2. Data Controller

Contact: privacy@vaixin.com

 

3. Scope of Application

This policy applies to the website, account management applications, APIs, and all email services we provide.

 

4. Personal Data Collected

  • Account Data: Name, backup email address, phone number, and billing address (provided by the user; used to create and manage the account).

  • Email Content: Body, attachments, and headers (created or received through the service; necessary for service operation).

  • Usage Data and Logs: IP address, timestamps, session IDs, SMTP/IMAP/POP logs, and performance metrics (automatically generated; used for security and auditing).

  • Cookies and Similar Technologies: Session cookies and website language preferences (optional).

 

5. Purposes and Legal Basis for Processing

  • To provide and maintain the service — Contract performance (GDPR Art. 6(1)(b))

  • Authentication, fraud prevention, and security — Legitimate interests (GDPR Art. 6(1)(f))

  • Billing and accounting obligations — Legal obligation (GDPR Art. 6(1)(c))

  • Customer support and related communication — Contract performance (GDPR Art. 6(1)(b))

  • Email marketing — Consent (GDPR Art. 6(1)(a)). Users may withdraw consent at any time via the client area or the link in marketing emails.

  • Improvement of the website and services (analytics) — Legitimate interests (GDPR Art. 6(1)(f))

 

6. Data Sharing

We do not sell or rent your data. We only share it in the following cases:

  • Service providers (e.g., data centers and payment processors) acting as data processors, bound by confidentiality obligations and processing data only on our behalf.

  • Authorities, when required by law or court order.

  • Corporate transactions: In case of a merger, acquisition, or restructuring, under the condition that equivalent data protection levels are ensured.

 

7. Data Retention

  • Account data: Retained during the active account period and for 10 years to meet tax requirements.

  • Email content: Deleted within 180 days after user deletion or account closure, unless otherwise required by law.

  • Logs: Retained for 12 months for security and auditing, or longer if required by law.

  • Cookies: Session cookies are deleted when the browser is closed; preference cookies are valid for 12 months.

 

8. International Data Transfers

Data is hosted in data centers located within the EU. If data must be transferred outside the European Economic Area, we will use appropriate safeguards such as the EU Commission’s Standard Contractual Clauses.

 

9. Security Measures

We implement appropriate technical and organizational measures, including TLS encryption, encrypted storage at rest, optional multi-factor authentication, and regular security audits, to protect personal data from destruction, loss, tampering, or unauthorized access.

 

10. Data Subject Rights

Under the GDPR, you have the following rights: access; rectification; erasure (“right to be forgotten”); restriction of processing; data portability; objection to processing based on legitimate interests; and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal. You may also lodge a complaint with the supervisory authority (see section 12).

Please submit requests via privacy@vaixin.com or through your client area. We will respond within 30 days.

 

11. Cookies

We only use cookies that are strictly necessary for website operation, and analytics cookies are only used with your consent to enhance user experience. You can manage preferences via the cookie banner or your browser settings.

 

12. Supervisory Authority

Portuguese Data Protection Authority (CNPD)
Address: Av. D. Carlos I, 134 – 1.º, 1200‑651 Lisbon, Portugal
Phone: +351 213 928 400
Website: www.cnpd.pt

 

13. Policy Changes

We may update this policy from time to time. Changes will be published on the website with a revision date. In the case of material changes, we will notify you at least 30 days in advance by email.

 

14. Contact

For any questions regarding this policy or data processing, please contact us at privacy@vaixin.com.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by