Legal

Privacy Policy

Last updated: January 2026

1. Introduction

Codemoon ("we", "us" or "our") attaches great importance to the protection of your personal data. This privacy policy describes how we collect, use, store and protect your data when you use our secure email service.

Our service is specifically designed for professionals and fully complies with the General Data Protection Regulation (GDPR).

2. What data do we collect

We collect the following categories of personal data:

Account data

Name, email address, company name, billing information

Communication data

Email addresses and phone numbers of recipients (for SMS verification)

Usage data

Login data, sent messages (metadata), access logs

3. How we use your data

We process your personal data for the following purposes:

  • Providing our secure email service
  • Sending SMS verification codes to recipients
  • Billing and administration
  • Customer service and technical support
  • Improving our services
  • Compliance with legal obligations

4. Legal basis for processing

We process your personal data based on the following legal grounds under the GDPR:

Performance of contract (Art. 6(1)(b) GDPR)

For providing our services to you

Legitimate interest (Art. 6(1)(f) GDPR)

For improving our services and security

Legal obligation (Art. 6(1)(c) GDPR)

For tax and administrative obligations

5. Data sharing

We only share your personal data with third parties when necessary for our services:

  • SMS provider: For sending verification codes (phone number only)
  • Hosting provider: EU-based servers for data storage
  • Payment provider: For processing payments

We never sell your data to third parties. All processors we work with have signed a data processing agreement in accordance with the GDPR.

6. Security

We take the security of your data very seriously and have implemented appropriate technical and organizational measures:

End-to-end encryption

All messages are stored encrypted

EU servers

Data stays within the European Union

SMS verification

Two-factor authentication for recipients

Automatic deletion

Messages are automatically deleted

7. Retention periods

We do not retain your personal data longer than necessary:

  • Secure messages: Automatically deleted after the set expiration date
  • Account data: Up to 1 year after termination of your subscription
  • Billing data: 7 years (legal retention requirement)
  • Access logs: Maximum 6 months

8. Your rights

Under the GDPR, you have the following rights regarding your personal data:

1

Right of access

You can request which data we process about you

2

Right to rectification

You can have incorrect data corrected

3

Right to erasure

You can request deletion of your data

4

Right to data portability

You can receive your data in a common format

5

Right to restriction

You can have processing of your data restricted

6

Right to object

You can object to certain processing activities

To exercise your rights, contact us at privacy@codemoon.io.

9. Cookies

Our website uses functional cookies that are necessary for the operation of the service. These cookies are used for session management and security purposes. We do not place tracking or advertising cookies.

10. Changes

We may update this privacy policy from time to time. For significant changes, we will inform you via email or through our service. The most recent version is always available on this page.

11. Contact

Do you have questions about this privacy policy or about the processing of your personal data? Please contact us:

Codemoon

privacy@codemoon.io

You also have the right to file a complaint with the Data Protection Authority (edpb.europa.eu).

Back to home