This Privacy Policy describes how Ghst Particle, LLC, a Montana limited liability company (“MultiMail”, “we”, “us”, “our”), collects, uses, and protects information when you use the MultiMail platform (“Service”). By using the Service, you agree to the practices described in this policy.
MultiMail acts as a data processor on behalf of operators (our customers) who control agent mailboxes. Operators are the data controllers for email content transmitted through the Service. Operators determine the purposes and means of processing email data; MultiMail processes that data solely to provide the Service as instructed.
Account information. When you create an account, we collect your email address, operator name, and billing information (processed by Stripe). We do not store full payment card details.
Email content. The Service processes email messages sent and received by agent mailboxes under your account. This includes message bodies, headers, attachments, and any content within the email.
Email metadata. We collect metadata associated with each email, including sender and recipient addresses, subject lines, timestamps, message IDs, delivery status, bounce and complaint signals, and SMTP transaction details.
Operator and agent information. We collect operator names, agent display names, mailbox configurations, oversight mode settings, and API key usage data.
Technical data. We collect IP addresses, API request logs, error logs, and usage metrics necessary to operate and secure the Service.
We use collected information to:
The Service runs on Cloudflare Workers with data stored across the following Cloudflare services:
Outbound email delivery is handled by Postmark (Wildbit, LLC, a United States company), which processes sender addresses, recipient addresses, subject lines, and message content as necessary to deliver email. Postmark’s privacy policy is available at postmarkapp.com/privacy-policy.
Billing is processed by Stripe, Inc., which receives your payment information directly. We receive only a limited set of billing data from Stripe (subscription status, plan details, last four digits of card).
Email threat screening uses the Google Safe Browsing API (Google LLC, a United States company) to check URLs found in messages against Google’s threat lists. MultiMail extracts URLs from both inbound and outbound message bodies and sends those URLs (in full, including any path segments and query strings they contain) to Google’s threatMatches:find endpoint; message bodies, attachments, sender and recipient addresses, and subject lines are not sent. Because full URLs are forwarded, operators should avoid embedding per-recipient secrets (one-time tokens, magic-login codes, private share IDs) in email URLs — those tokens will be visible to Google on scan. Google’s privacy information for Safe Browsing is available at safebrowsing.google.com and policies.google.com/privacy.
Cloudflare Turnstile (Cloudflare, Inc., a United States company) runs on the MultiMail signup page to distinguish humans from automated abuse. When you visit the signup page, Turnstile loads a challenge script in your browser and evaluates signals (IP address, user-agent, behavioral heuristics) to issue a token, which MultiMail then verifies server-side. Turnstile is not loaded on any other page and does not run for logged-in users. Cloudflare’s privacy policy is available at cloudflare.com/privacypolicy.
MultiMail’s application codebase also contains inactive integration code for Sentry (error monitoring) and Coinbase Commerce (cryptocurrency payments). Both are disabled in current production deployments; enabling either would require a privacy policy revision before activation.
All data processing occurs in the United States.
Email content (message bodies, attachments) is retained for 90 days after delivery, then permanently deleted.
Email metadata (sender, recipient, subject, timestamps, delivery status) is retained for up to 12 months for abuse detection, deliverability monitoring, and audit purposes.
Account data is retained for the duration of your account and for a reasonable period after termination to fulfill legal and operational obligations.
Upon account termination, you have a 30-day grace period to export your data via the API. After the grace period, email content is permanently deleted. Metadata is retained according to the schedule above.
Where the General Data Protection Regulation applies, our legal bases for processing are:
If you are located in a jurisdiction that grants data protection rights (such as the EEA, UK, or California), you may have the right to access, correct, delete, port, or restrict processing of your personal data. Because MultiMail acts as a data processor for email content, requests relating to email data should be directed to the operator (data controller) who manages the relevant mailbox. For requests relating to your account data, contact us at [email protected].
The MultiMail website does not set its own cookies. We use Meta Pixel (provided by Meta Platforms, Inc.) and Google Ads gtag.js (provided by Google LLC) on selected marketing pages for conversion-attribution measurement. These scripts may set first-party cookies (_fbp, _gcl_au) only after you grant consent via the on-screen banner. Visitors in the EEA, UK, or those with Global Privacy Control (GPC) enabled see a consent banner before any tracking scripts load; all others may opt out at any time from our Cookies page.
We also capture click identifiers (gclid, fbclid, msclkid) and UTM parameters from landing-page URLs. These are first-party data stored in your browser’s localStorage (not cookies) and transmitted to our server only if you complete a signup. They contain no personally identifiable information.
The signup page loads Cloudflare Turnstile for bot detection (described in Section 4); Turnstile is not an analytics product and is not loaded on other pages. Authentication is handled entirely through API keys transmitted in request headers.
For a full breakdown of cookies and tracking technologies, including opt-out instructions, see our Cookies page.
We do not use email content, metadata, or any customer data to train machine learning models or AI systems. Email data is processed solely to provide the Service.
We do not sell personal data. We share data with the infrastructure sub-processors listed in Section 4 (Cloudflare Workers/D1/R2, Cloudflare Turnstile, Postmark, Stripe, and Google Safe Browsing) as necessary to provide the Service. When you grant consent (see Section 8), we also share data with Meta Platforms, Inc. (via Meta Pixel) and Google LLC (via Google Ads gtag.js) for ad-attribution measurement on our marketing pages. We may disclose data when required by law, legal process, or governmental request, or when necessary to protect the rights, property, or safety of MultiMail, our users, or the public.
We implement industry-standard security measures to protect data in transit and at rest, including TLS encryption for all API and email traffic, encrypted storage, and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
A Data Processing Agreement (DPA) is available on request for operators who require one under GDPR or similar regulations. Contact [email protected] to request a DPA.
All data is processed in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. For EEA/UK users, transfers are conducted under Standard Contractual Clauses where required.
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.
We may update this Privacy Policy as the Service evolves. Material changes take effect 30 days after notification to active account operators. We will notify operators via email before changes take effect.
For privacy-related questions or requests, contact us at [email protected].
Ghst Particle, LLC
Montana, United States