Privacy policy

CipherMail B.V. processes personal information in line with the General Data Protection Regulation (GDPR). This page informs you about the ways we collect, store and anonymize this data.

Website analytics

We use the Matomo analytics software to collect visitor statistics on our websites.

Matomo processes the following information:

  • Your unique visitor number
  • Your IP address
  • Your approximate location based on your IP address
  • The web pages you visit on our website and the date and time you visit these web pages
  • The URL of the web page that referred you to our website
  • Your clicks on links on our website that refer to other websites (outlinks)
  • The files you download
  • An indication of the performance of our website on your device
  • Information related to your device: screen resolution, local time, preferred language, browser name, operating system and device type

The processing of this information is necessary in order to measure the usage and performance of our websites. The GDPR calls this 'legitimate interest'. We only keep the raw data for as long as necessary, and anonymize it as soon as feasible.

We have taken the following privacy precautions:

  • We mask the last five hextets of IPv6 addresses and the last two octets of IPv4 addresses that we collect from our visitors (e.g. 2001:db8:123:: or
  • We process the collected information on our own servers which are located in the Netherlands. There are no third parties that process the collected information.
  • Raw visitor data is anonymized after a maximum of seven days.
  • We do not allow third party trackers on our websites.
  • We respect Do Not Track headers, allowing you to opt out from our analytics system entirely. You can also opt out right here:

Matomo uses cookies in order to correctly identify you on our websites. You can read about these cookies on the Matomo website.

Logging and backups

Logs including your IP address and client information (such as your browser's user agent or, in the case of our mail servers, your email address) may be retained for a maximum period of fourteen days. This ensures that we can monitor the security, reliability and performance of our systems, and is part of our legimite interests under the GDPR. These logs will not be used for other purposes, but may be stored on third-party systems. We have signed data processing agreements with these parties to ensure legal compliance.

Personally identifiable information may additionally be stored in backups for up to 90 days. These backups are stored on our own systems and are not shared with third parties.

Mailing lists

We use the Mailman software in order to provide mailing list services to our users. These lists are used to communicate important (security) announcements to our users, as well as to provide a place to discuss our products.

Mailman collects the following personal information:

  • Your email address
  • Your name (optional)
  • Any personal information that you share in your messages

Subscriber information is stored on our servers in the Netherlands and will not be disclosed or shared with third parties. However, all messages that are posted to the lists will be publicly archived along with the details listed above.

Customer relationship management

If you contact us, for example through email, telephone or our ticketing system, we will keep the personally identifiable information you send us for as long as we need to fully process your request. We may also retain communication when we have other legitimate interests to do so.

CipherMail B.V. is required by law to retain certain (financial) information for up to seven years.

Sharing with third parties

We will not share your personal information with third parties. The only exceptions to this rule are:

  • third parties that are vital to providing our services, such as business partners and the parties described earlier on in this privacy policy;
  • when you give us explicit permission; and
  • when we are legally required to do so.

When sharing your personal information with third parties, we will ensure that appropriate technical and legal safeguards are in place in order to protect your privacy.

Your rights

Under the General Data Protection Regulation, you have the right to access the personally identifiable information that is processed by us. You may also request us to correct or remove your information, or object against the processing of your information. Read more about your rights on the website of the European Commission.

CipherMail B.V. is responsible for processing your personally identifiable information as described in this privacy policy. Please contact us if you have any questions regarding this privacy policy, or if you would like to send us a GDPR request. Note that we are required by law to sufficiently check your identity before processing your GDPR request. In most cases it is enough to provide just your Matomo ID (stored as a cookie in your browser) or to provide proof of control over your email address, phone number or postal address. In rare cases we might have to ask you for a copy of your government-issued identity document.