CodaMail

Last Updated: March 22, 2025

Introduction

Packetderm, LLC ("we," "our," or "us"), operating CodaMail and Cotse.Net services, is committed to protecting your privacy. This privacy policy explains our practices regarding the collection, use, and protection of your information across our services.

Our Core Privacy Principles

  • We collect only the minimum information necessary to provide our services
  • We do not sell or share your data with third parties
  • We encrypt all stored email communications
  • We offer zero-access encryption options
  • We maintain no unnecessary logs
  • We delete your data upon request

Information We Collect

Account Information

  • Account name
  • Payment transaction IDs
  • Service subscription details
  • Account creation and expiration dates

Service Operation Data

  • Temporary session tokens for webmail access (cleared upon logout or timeout)
  • Rolling 5-day server logs for technical operations and abuse prevention
  • Failed login attempts (temporary, managed by fail2ban)
  • Password hashes (using SHA512 and yescrypt)

Email Service Data

  • Email content (messages individually encrypted at rest using elliptic-curve AES-GCM-256, server stores the key. Zero Access PGP based storage encryption available)
  • Public PGP keys (when provided by user)
  • Private PGP keys (only if user opts to store them on our servers)
  • Email metadata necessary for delivery

How We Use Your Information

We use collected information solely for:

  • Providing and maintaining our services
  • Processing payments
  • Preventing abuse and unauthorized access
  • Troubleshooting technical issues
  • Complying with legal obligations

Data Security

Email Security

  • All stored emails are individually encrypted using elliptic-curve AES-GCM-256 (server stores the key)
  • Zero-access automatic PGP storage encryption available for maximum privacy
  • End-to-end encryption support via PGP
  • Encrypted storage for all email content

Authentication Security

  • Strong password hashing using SHA512 and yescrypt
  • Two-factor authentication (TOTP) available
  • Session management with automatic timeout
  • POP/IMAP disabled by default, can be enabled by user
  • User controllable CIDR-based access controls for IMAP/POP3

Server Security

  • Limited log retention (5-day rolling period)
  • No VPN or proxy service browsing logs
  • No IP address retention for VPN/proxy services
  • Regular security updates and monitoring
  • Intrustion Detection systems will capture IP addresses upon anomolies.

Data Retention and Deletion

Active Accounts

  • Email content retained until deleted by user
  • Server logs maintained for 5 days only
  • Session data cleared upon logout or timeout

Account Termination

  • Standard 30-day retention period after expiration
  • Immediate deletion available upon request
  • After deletion/expiration period:
    • All user data is permanently deleted
    • Basic account details (account name, expire date, services) retained for 3 months
    • No content or personal data is retained

Third-Party Services

Payment Processing

  • Payments processed by First Data/Clover and PayPal
  • We maintain only transaction IDs
  • No credit card information is stored on our servers
  • Cash and money order payments accepted

Legal Compliance

We operate under United States and Commonwealth of Massachusetts laws and will:

  • Review all legal requests for validity and scope
  • Challenge overly broad or inappropriate requests
  • Comply with valid legal orders
  • Notify users of legal requests when permitted by law

Data Sharing

We do not share your data with:

  • Advertising networks
  • Analytics providers
  • Business partners
  • Other third parties

The only exceptions are:

  • When required by valid legal process
  • Payment processors for transaction processing

User Controls

You have control over:

  • Email encryption methods
  • PGP key storage location
  • Account deletion timing
  • Data retention periods
  • Access method restrictions

Changes to This Policy

We will notify users of material changes to this policy through our service notices page. Continued use of our services after such notifications constitutes acceptance of the updated policy.

Contact Information

For privacy-related questions or concerns, contact us through:

  • Our website: www.codamail.com/contact.html
  • Support email: available through your account
  • Postal mail: [Address available upon request]