Login Get API Key

Privacy Policy

Last updated: May 1, 2026

RiskMail ("we", "us", or "our") operates the RiskMail Email Domain Risk API and website at riskmail.io. This Privacy Policy explains how we collect, use, and protect information when you use our services.

1. Information We Collect

Account Information

When you create an account we collect your email address and any billing details required to process payments via Stripe. We do not store full credit card numbers — all payment data is handled by Stripe.

API Usage Data

When you call the API, we log the domain or email address you submitted, the timestamp, your API key identifier, the HTTP response code, and the latency of the request. This data is used to generate your usage dashboard, enforce rate limits, and monitor for abuse.

Log and Diagnostic Data

We collect standard server logs including IP addresses, browser user-agent strings, referring URLs, and pages visited. These logs are retained for up to 30 days for security and debugging purposes.

2. How We Use Your Information

  • To provide and operate the RiskMail API service
  • To authenticate API requests and enforce usage quotas
  • To send transactional emails (receipts, password resets, account alerts)
  • To detect and prevent fraud or abuse of the API
  • To improve the accuracy of our risk scoring models
  • To comply with legal obligations

We do not sell your personal information to third parties. We do not use API-submitted domains or emails for any purpose other than returning the risk result and recording your usage.

3. Data Retention

Account data is retained for as long as your account is active. API request logs are retained for 90 days and then automatically deleted. Billing records are retained as required by applicable tax and accounting law (typically 7 years).

You may request deletion of your account and associated data at any time by emailing [email protected]. Billing records required by law may be retained beyond your deletion request.

4. Cookies and Tracking

We use a single session cookie to keep you signed in to the dashboard. We do not use third-party tracking cookies, advertising networks, or analytics SDKs that send your data to other companies. We run our own lightweight analytics using server-side request logs only.

5. Third-Party Services

We share data with the following third-party processors:

  • Stripe — payment processing. Governed by Stripe's Privacy Policy.
  • Postmark — transactional email delivery.
  • Hetzner / Fly.io — infrastructure hosting within the EU and US.

6. Security

All data is transmitted over HTTPS/TLS. API keys are stored hashed. We conduct periodic security audits. For more detail see our Security page.

7. Your Rights (GDPR / CCPA)

Depending on your location you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the revised policy.

9. Contact

Questions or concerns about this policy? Email us at [email protected] or write to us at RYAN CONSULTING SG PTE. LTD., 152 BEACH ROAD #11-05, GATEWAY EAST, SINGAPORE 189721.