Privacy Policy

Last updated: March 31, 2026

Mailbox Copy ("we," "us," or "our") is operated by Trick Solutions. This Privacy Policy describes how we collect, use, and protect your information when you use our email migration platform at mboxcopy.com and portal.mboxcopy.com (the "Service").

1. Information We Collect

Account Information

When you create an account, we collect your email address, name, and a password. If you subscribe to a paid plan, we collect billing information through our payment processor (Stripe). We do not store credit card numbers on our servers.

Mail Server Credentials

To perform email migrations, you provide IMAP server addresses, usernames, and passwords (or OAuth2 tokens) for your source and destination mail servers. These credentials are:

• Encrypted at rest using AES-256-GCM encryption
• Decrypted only in memory when actively performing a migration
• Passed to the migration engine via temporary RAM-only files that are zeroed and deleted immediately after use
• Never logged, cached in plaintext, or visible in process listings

Email Content

During a migration, email messages pass through our servers as they are copied from your source to your destination mail server. We do not read, analyze, index, or store the content of your emails. Email data flows through our migration engine and is written directly to your destination server. We do not retain copies of your email messages after the migration is complete.

Migration Metadata

We collect metadata about your migrations, including: number of messages transferred, folder names, data volume, transfer rates, timestamps, and error logs. This metadata is used to provide progress tracking, reports, and troubleshooting.

Usage Data

We collect standard web analytics data including IP addresses, browser type, pages visited, and timestamps. This data is used to improve the Service and diagnose technical issues.

2. How We Use Your Information

• To provide and operate the email migration Service
• To authenticate you and manage your account
• To process payments and manage subscriptions
• To send transactional emails (migration completion, account notifications)
• To provide customer support
• To improve and optimize the Service
• To comply with legal obligations

3. How We Protect Your Information

• Encryption at rest: All mail server credentials are encrypted with AES-256-GCM before storage
• Encryption in transit: All connections use TLS 1.2 or higher. Internal server communication is encrypted via WireGuard VPN with mutual TLS authentication
• Credential isolation: The encryption key is stored only on our portal server and is never transmitted to edge worker servers
• Access controls: Rate limiting on all API endpoints, JWT-based authentication with token rotation
• Infrastructure security: Firewalls (UFW), intrusion detection (fail2ban), automatic security updates

4. Information Sharing

We do not sell, rent, or trade your personal information. We share information only in these limited circumstances:

• Payment processing: Billing data is shared with Stripe for payment processing
• Infrastructure providers: Migrations may run on servers hosted by Vultr (cloud infrastructure). These servers only process migration data in transit and do not retain it
• Legal compliance: We may disclose information if required by law, court order, or governmental authority

5. Data Retention

• Account data: Retained while your account is active. Deleted upon account deletion request
• Mail server credentials: Retained while configured. Can be deleted at any time from the Credentials page. Automatically purged when your account is deleted
• Migration logs: Retained for 90 days after migration completion, then automatically deleted
• Email content: Never retained. Passes through our servers during migration only

6. Your Rights

You have the right to:

• Access your personal data via the Settings page
• Update or correct your account information
• Delete your mail server credentials at any time
• Request deletion of your account and all associated data
• Export your migration history (CSV export available in Reports)

7. Cookies

We use essential cookies for authentication (JWT tokens stored in the browser). We do not use tracking cookies, advertising cookies, or third-party analytics that track you across websites.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

10. Contact

For privacy-related questions or requests, contact us at privacy@mboxcopy.com.

Trick Solutions
Mailbox Copy — mboxcopy.com