Privacy Policy
Last Updated: February 6, 2025
Introduction
Packetderm, LLC ("we," "our," or "us"), operating CodaMail and Cotse.Net services, is committed to protecting your privacy. This privacy policy explains our practices regarding the collection, use, and protection of your information across our services.
Our Core Privacy Principles
- We collect only the minimum information necessary to provide our services
- We do not sell or share your data with third parties
- We encrypt all stored email communications
- We offer zero-access encryption options
- We maintain no unnecessary logs
- We delete your data upon request
Information We Collect
Account Information
- Account name
- Payment transaction IDs
- Service subscription details
- Account creation and expiration dates
Service Operation Data
- Temporary session tokens for webmail access (cleared upon logout or timeout)
- Rolling 5-day server logs for technical operations and abuse prevention
- Failed login attempts (temporary, managed by fail2ban)
- Password hashes (using SHA512 and yescrypt)
Email Service Data
- Email content (messages individually encrypted at rest using elliptic-curve AES-GCM-256)
- Public PGP keys (when provided by user)
- Private PGP keys (only if user opts to store them on our servers)
- Email metadata necessary for delivery
How We Use Your Information
We use collected information solely for:
- Providing and maintaining our services
- Processing payments
- Preventing abuse and unauthorized access
- Troubleshooting technical issues
- Complying with legal obligations
Data Security
Email Security
- All stored emails are individually encrypted using elliptic-curve AES-GCM-256
- Zero-access automatic PGP encryption available for maximum privacy
- End-to-end encryption support via PGP
- Encrypted storage for all email content
Authentication Security
- Strong password hashing using SHA512 and yescrypt
- Two-factor authentication (TOTP) available
- Session management with automatic timeout
- POP/IMAP disabled by default, can be enabled by user
- User controllable CIDR-based access controls for IMAP/POP3
Server Security
- Limited log retention (5-day rolling period)
- No VPN or proxy service logs
- No IP address retention for VPN/proxy services
- Regular security updates and monitoring
- Intrustion Detection systems will capture IP addresses upon anomolies.
Data Retention and Deletion
Active Accounts
- Email content retained until deleted by user
- Server logs maintained for 5 days only
- Session data cleared upon logout or timeout
Account Termination
- Standard 30-day retention period after expiration
- Immediate deletion available upon request
- After deletion/expiration period:
- All user data is permanently deleted
- Basic account details (account name, expire date, services) retained for 3 months
- No content or personal data is retained
Third-Party Services
Payment Processing
- Payments processed by First Data and PayPal
- We maintain only transaction IDs
- No credit card information is stored on our servers
- Cash and money order payments accepted
Legal Compliance
We operate under United States and Commonwealth of Massachusetts laws and will:
- Review all legal requests for validity and scope
- Challenge overly broad or inappropriate requests
- Comply with valid legal orders
- Notify users of legal requests when permitted by law
Data Sharing
We do not share your data with:
- Advertising networks
- Analytics providers
- Business partners
- Other third parties
The only exceptions are:
- When required by valid legal process
- Payment processors for transaction processing
User Controls
You have control over:
- Email encryption methods
- PGP key storage location
- Account deletion timing
- Data retention periods
- Access method restrictions
Changes to This Policy
We will notify users of material changes to this policy through our service notices page. Continued use of our services after such notifications constitutes acceptance of the updated policy.
Contact Information
For privacy-related questions or concerns, contact us through:
- Our website: www.codamail.com/contact.html
- Support email: available through your account
- Postal mail: [Address available upon request]