Privacy Policy

Last updated: May 5, 2026

MailBond LLC, a California limited liability company ("MailBond", "we", "us", "our"), operates the MailBond™ email security add-in for Microsoft Outlook and the website at mailbond.us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

1. Information We Collect

Account Information: When you sign up or request a demo, we collect your name, work email address, company name, and number of users.

Email Analysis Data: When you use the MailBond add-in to scan an email, we process the currently selected email's headers, sender information, recipient address, subject line, URLs, attachment metadata, supported attachment content, screenshots, OCR text, and decoded QR/barcode payloads to perform security analysis. This request content is ephemeral: it is validated, analyzed, returned as a verdict, and destroyed. Limited scan metadata, including sender, recipient, subject, extracted URLs, attachment names and hashes, source counts, and the resulting risk score, is retained for a limited period so your dashboard, audit log, scan history, and export features are available to your security team.

Usage Data: We collect scan counts, feature usage, and error logs to improve our service.

Payment Information: Billing is handled by Stripe. We do not store credit card numbers. Stripe's privacy policy governs payment data processing.

2. How We Use Your Information

• To provide and maintain our email security analysis service
• To detect and report phishing, BEC, QR-code phishing, image-only lures, look-alike domains, and other email-borne threats
• To process your subscription and billing
• To respond to your demo requests and support inquiries
• To improve our threat detection algorithms and service reliability
• To send service-related communications (e.g., billing confirmations, security alerts)

3. Data Retention

• Request content: email bodies, supported attachment content, screenshots, OCR text, and decoded QR/barcode payloads are not persisted. They are processed for the scan and destroyed after analysis.
• Scan metadata (sender, recipient, subject, extracted URLs, attachment names and hashes, source counts, risk score): retained for up to 90 days to power your dashboard, audit log, scan history, and customer export features.
• Customer exports: authorized customer administrators can export scan history before the 90-day retention window expires.
• URL reputation and anonymized threat intelligence (e.g., "this URL was seen as malicious" without customer identifiers): may be retained indefinitely to improve detection accuracy for all customers.
• Account & billing records: retained while your account is active and for up to 30 days after cancellation, after which personal data is deleted. Billing records required by law (e.g., tax records) are retained by Stripe per their policies.

You can request earlier deletion of your scan history at any time by contacting admin@mailbond.us.

4. Data Sharing

We do not sell your personal information. We share data only with:

• Google Web Risk: URLs extracted from emails, discovered by OCR, or decoded from QR/barcodes are checked against Google's threat databases. We do not send email bodies, attachments, screenshots, or customer identifiers to Google Web Risk.
• PhishTank: URLs extracted from emails, discovered by OCR, or decoded from QR/barcodes may be checked against PhishTank's crowdsourced phishing database. We do not send email bodies, attachments, screenshots, or customer identifiers to PhishTank.
• Stripe: For payment processing
• Microsoft Azure: Our infrastructure provider, bound by their data processing agreements

5. Data Security

We use industry-standard security measures including TLS 1.2+ encryption in transit, encrypted storage at rest, server-side API key authentication, Microsoft Single Sign-On for customer dashboard access, and role-based administrative access controls. MailBond is hosted on Microsoft Azure, which maintains SOC 2, ISO 27001, and other compliance certifications for covered Azure infrastructure and platform services. These are inherited cloud-provider controls; MailBond does not currently hold its own SOC 2 attestation.

6. Microsoft Outlook Add-in Permissions

MailBond requests ReadItem permission only — the minimum permission required to analyze the currently open email. We cannot modify, delete, or send emails on your behalf, and we cannot browse other mailbox items.

7. Cookies

Our website uses minimal cookies:

• Essential cookies: Required for basic website functionality
• Analytics cookies: We may use privacy-respecting analytics to understand website traffic. No personal data is shared with third-party advertisers.

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Data portability

To exercise these rights, contact us at admin@mailbond.us.

9. Children's Privacy

MailBond is a business product not directed at individuals under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy, please contact:

MailBond LLC
100 W High St, PO Box 1153
Moorpark, CA 93020
Privacy: privacy@mailbond.us
General: admin@mailbond.us
Website: mailbond.us