Privacy Policy
This policy explains what personal data nanimail processes, for what purposes, who we share it with, and what rights you have. It is written in accordance with Law 1581 of 2012 (Colombia's personal data protection regime) and its implementing regulations.
Data controller
The controller of your data is nanimail (hereinafter "nanimail", "we"). For any matter related to your privacy or the processing of your data, you can write to us at [email protected].
What data we process
- Account data: your email address, your name, and your preferences (such as language).
- Your organization's data: the organization name, the domains you connect, and the mailboxes you create.
- Your email content: the messages you send and receive, including their attachments. This content is stored encrypted at rest (see "How we protect your data").
- Usage and technical logs: information about how the service operates, such as timestamps, IP addresses, and email delivery events, for security, abuse prevention, and diagnostics.
- Payment data: when we enable payments, they will be processed by our payment provider (Paddle). We do not store full card details on our servers.
Purposes
We process your data to:
- Provide the email service: send, receive, and store your messages.
- Create and manage your account and organization.
- Authenticate you securely (for example, with one-time login codes).
- Protect the service against abuse, fraud, and spam, and enforce your plan's limits.
- Bill and manage your subscription where applicable.
- Communicate with you about the service.
- Comply with legal obligations.
How we protect your data
The contents of your mailboxes are stored encrypted at rest. We use envelope encryption: each organization has its own data key, which is in turn protected by a master key. That is solid protection for a business's email.
nanimail is a custodial email service: we manage the keys. This is a deliberate design choice, not a shortcoming. Holding the keys is exactly what lets us offer what you expect from professional email: recovering access if you forget your password, searching your inbox instantly, filtering spam, and syncing across your devices. End-to-end or zero-knowledge encryption gives all of that up in exchange for a guarantee most businesses do not need.
To be clear: because the service is custodial, we can access content when necessary to operate the service or comply with the law. nanimail is not end-to-end or zero-knowledge, and we do not present it as such. What we offer is professional email, encrypted at rest and operated with care.
Also note that email is an open system: the messages you send leave nanimail for your recipients' servers, over which we have no control.
Who we share data with
We do not sell your personal data. We share it only with providers that help us operate the service (subprocessors), such as our email delivery, storage, and infrastructure providers. You can see the full list on our Subprocessors page.
We may also disclose data where required by law or to protect our rights and the security of the service.
International transfers
Some of our subprocessors operate outside Colombia, primarily in the United States. By using nanimail, you accept that your data may be processed in those countries, always with adequate security guarantees.
Retention
We keep your data while your account is active and for as long as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete content or your account, we begin removing it from our systems within a reasonable period, unless the law requires us to retain it.
Your rights
As the data subject, Law 1581 of 2012 grants you the right to:
- Know, update, and correct your personal data.
- Request proof of the authorization granted.
- Be informed about how your data is used.
- File complaints with the Superintendency of Industry and Commerce for violations.
- Withdraw authorization and/or request deletion of your data, where applicable.
- Access your personal data free of charge.
To exercise these rights, write to us at [email protected].
Minors
nanimail is a service for businesses and is not directed at minors. We do not knowingly collect data from minors.
Changes to this policy
We may update this policy. When we do, we will change the "last updated" date and, if the change is significant, we will aim to notify you through the service.
Contact
For any matter related to this policy or the processing of your data, write to us at [email protected].