Privacy Policy

Last Updated: February 13, 2026

1. General Information

Mail P.I. provides AI-powered email threat analysis. When you forward an email to check@mailpi.app, the message is analyzed automatically and a risk report is returned. We are designed with privacy-first principles and minimal data retention.

2. Information We Collect

  • Hashed Email Addresses: We store a cryptographic hash of your email address to manage usage limits and subscriptions.
  • Email Content (Ephemeral): Forwarded emails are processed in memory for analysis and are not permanently stored.
  • Verification Tokens: Temporary verification tokens (1-hour expiry) may be created to confirm email ownership.
  • Usage Metadata: Daily scan counters are stored using anonymized hashed identifiers.
  • Operational Logs: System-level logs record webhook events and account state decisions. Advanced content logging is disabled by default.

3. How We Use Your Information

  • Perform real-time AI phishing and scam detection
  • Generate and deliver investigation reports
  • Enforce free-tier and subscription limits
  • Prevent abuse through email verification
  • Improve system reliability using anonymized aggregate metrics

4. Account & Verification Logic

  • New senders may be required to verify email ownership.
  • Verification tokens automatically expire after 1 hour.
  • Free-tier accounts may be limited to daily scan thresholds.
  • Business and enterprise tiers may apply domain-level access controls.
  • Duplicate submissions are prevented using hashed case identifiers.

5. Data Retention & Deletion

  • Email content: Processed ephemerally and not persistently stored.
  • Verification tokens: Automatically deleted after expiration.
  • Usage counters: Automatically expire after short retention windows.
  • Hashed identifiers: Retained only while access remains active.

6. AI & Third-Party Processing

Email content is analyzed using third-party AI model providers solely for real-time threat detection. We do not sell personal information or share identifiable user data.

7. Security

All communication occurs over encrypted TLS connections. Redis storage is access-restricted. Case IDs and account identifiers are cryptographically hashed. Verification tokens expire automatically.

8. Your Rights

  • Request deletion of hashed account data
  • Request confirmation of stored usage records
  • Unsubscribe from promotional emails at any time
  • Exercise GDPR/CCPA rights where applicable

9. Changes to This Policy

We may update this Privacy Policy to reflect technical or regulatory changes. Updates will be posted here with a revised "Last Updated" date.

10. Contact Us

Questions or concerns?

Email: support@mailpi.app

Get Protected Today →