Privacy Policy
The ONS Mail Privacy Policy explains how we collect, use, protect, store, and process your personal data. It also outlines your privacy rights, data security practices, international data transfers, cookies, and our commitment to GDPR-compliant privacy protection.
1. Introduction
This Privacy Policy explains how ONS Mail ("ONS Mail", "we", "us", or "our") collects, uses, stores, protects, discloses, and otherwise processes personal data when you access or use our products and services. It also explains your privacy rights and the choices available to you regarding the processing of your personal data.
ONS Mail is committed to protecting the privacy, confidentiality, and security of its users. We believe that privacy is a fundamental human right, and we have designed our services with privacy and data protection as core principles. Our systems follow the principles of Privacy by Design and Privacy by Default, ensuring that only the minimum amount of personal data necessary to provide our services is processed.
This Privacy Policy applies to all ONS Mail services, including our web application, mobile applications, desktop applications, IMAP and SMTP services, APIs, ONS Secure features, self-destructing messages, calendar, contacts, notes, tasks, custom domain services, and any other products or services that we currently provide or may offer in the future.
We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation (UK GDPR) where applicable, and other applicable privacy and data protection laws in the jurisdictions in which we operate.
ONS Mail processes personal data only for legitimate, specified, and transparent purposes. We do not sell personal data, use personal data for behavioral advertising, or build advertising profiles based on your activities or the content of your communications. Your personal data is processed only to the extent necessary to provide, secure, maintain, improve, and comply with the legal obligations applicable to our services.
Please read this Privacy Policy carefully before using ONS Mail. By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. Nothing in this Privacy Policy limits or overrides any rights you may have under applicable data protection laws.
If you have any questions regarding this Privacy Policy or the way we process your personal data, you may contact us using the contact details provided in the "20. Contact Information" section of this Privacy Policy.
2. Data Controller
For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), ONS Mail is the Data Controller responsible for the processing of personal data collected through our products and services.
As the Data Controller, ONS Mail determines the purposes and means of processing personal data and is responsible for ensuring that such processing is carried out in accordance with applicable privacy and data protection laws.
ONS Mail is committed to processing personal data lawfully, fairly, and transparently. We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction, while ensuring compliance with applicable legal and regulatory requirements.
Where ONS Mail engages trusted third-party service providers to process personal data on our behalf, such providers act as Data Processors and are contractually required to process personal data only in accordance with our documented instructions and applicable data protection laws.
Data Controller
ONS Mail
Website: https://onsmail.com
Privacy Email: privacy@onsmail.com
Support Email: support@onsmail.com
If you have any questions regarding the processing of your personal data, wish to exercise your privacy rights, or would like additional information about our data protection practices, you may contact us using the contact details provided above or those listed in the "20. Contact Information" section of this Privacy Policy.
3. Scope of this Privacy Policy
This Privacy Policy applies to the processing of personal data in connection with all products, services, websites, applications, and online platforms operated or provided by ONS Mail.
It applies to all individuals who access, visit, register for, or use ONS Mail services, including free and paid account holders, custom domain administrators, domain administrators, API users, website visitors, customers, business partners, and individuals who otherwise interact with ONS Mail.
This Privacy Policy applies to, but is not limited to, the following services:
ONS Mail web application
Mobile applications
Desktop applications
IMAP, SMTP, and other supported email protocols
ONS Secure features
Self-destructing messages
Calendar, Contacts, Notes, and Tasks
Custom Domain email services
Domain Administration services
User account registration and authentication services
Security features, including Two-Factor Authentication (2FA)
Developer APIs and related services
Customer support services
Official ONS Mail websites
Any current or future products or services provided by ONS Mail
This Privacy Policy applies only to services operated by ONS Mail. It does not apply to third-party websites, applications, products, or services that may be accessible through links or integrations provided by ONS Mail. Such third parties maintain their own privacy policies, and ONS Mail is not responsible for their privacy practices or the content of their policies.
Your use of ONS Mail services is also governed by our Terms of Service, Cookie Policy, and any additional legal notices or service-specific privacy notices that may apply. Where a separate privacy notice has been provided for a specific service or feature, that notice will supplement this Privacy Policy to the extent applicable.
This Privacy Policy is intended to provide a comprehensive overview of how ONS Mail processes personal data. It should be read together with any additional notices that may be provided at the time your personal data is collected or processed, ensuring that you have a clear understanding of how and why we use your information.
4. Our Privacy Principles
At ONS Mail, privacy is not an optional feature—it is a fundamental principle that guides the design, development, and operation of our services. We are committed to protecting personal data through responsible data handling practices, strong security measures, and transparent processing activities.
When processing personal data, ONS Mail adheres to the following core privacy principles.
4.1 Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and transparently. Users are provided with clear information about how their personal data is collected, used, shared, retained, and protected. We strive to ensure that our privacy practices are understandable and accessible.
4.2 Purpose Limitation
Personal data is collected only for specified, explicit, and legitimate purposes. We do not process personal data in a manner that is incompatible with the purposes described in this Privacy Policy unless permitted or required by applicable law.
4.3 Data Minimization
We collect and process only the personal data that is necessary to provide, maintain, secure, and improve our services. We do not intentionally collect excessive or unnecessary personal information.
4.4 Accuracy
We take reasonable steps to ensure that personal data is accurate, complete, and kept up to date where necessary. Users are encouraged to review and update their account information whenever changes occur.
4.5 Storage Limitation
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with applicable legal, regulatory, contractual, or operational requirements. When personal data is no longer required, it is securely deleted, anonymized, or otherwise disposed of in accordance with our data retention policies.
4.6 Integrity and Confidentiality
We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. Security is integrated into every stage of the design and operation of our services.
4.7 Privacy by Design and by Default
Privacy considerations are integrated into the development lifecycle of our products and services. We design our systems to process only the personal data necessary for each specific purpose and to provide privacy-friendly default settings wherever reasonably possible.
4.8 Accountability
ONS Mail is committed to demonstrating compliance with applicable data protection laws. We regularly review and improve our privacy practices, internal policies, and security controls to ensure ongoing compliance and accountability.
4.9 No Sale of Personal Data
We do not sell, rent, or trade personal data to third parties. We do not use personal data for behavioral advertising or commercial profiling, and we do not monetize user information through data brokerage or advertising networks.
4.10 User Control and Transparency
We believe users should remain in control of their personal data. Where applicable, we provide tools and mechanisms that enable users to access, update, export, or delete their information and to exercise their rights under applicable data protection laws.
These principles form the foundation of ONS Mail's privacy program and guide every aspect of how we collect, process, protect, and manage personal data.
5.1 Account Information
When you create an ONS Mail account or update your account information, we may collect and process the personal data necessary to establish, manage, secure, and maintain your account.
Depending on the services you use, the information we collect may include:
Username
Primary email address
Password hash (your password is never stored in plain text)
Recovery email address (optional)
Display name (optional)
Profile photo (optional)
Language preference
Time zone and regional settings
Account preferences and configuration settings
Creating a free ONS Mail account generally does not require your real name, government-issued identification, phone number, or payment information. We are committed to collecting only the minimum information necessary to provide our services.
If you choose to subscribe to paid services or enable optional features, additional information may be required to provide those services or to comply with applicable legal and regulatory obligations.
Account information is processed for purposes including:
Creating and managing your user account
Authenticating your identity
Providing access to ONS Mail services
Securing your account against unauthorized access
Maintaining your account preferences and settings
Communicating important service-related information
Complying with applicable legal obligations
You are responsible for ensuring that the information associated with your account is accurate and up to date. Where available, you may review and update your account information through your account settings at any time.
5.2 Technical Information and Service Usage Data
When you access or use ONS Mail, certain technical information and service usage data are collected automatically to ensure the secure operation, reliability, performance, and integrity of our services.
Depending on how you interact with our platform, we may collect the following information:
IP address
Login and logout timestamps
Authentication events
Browser type and version
Operating system
Device type
Preferred language
Time zone
Session identifiers
API access logs (where applicable)
Security event logs
Error and diagnostic logs
Network connection information
Application version and compatibility information
This information is processed for the following purposes:
Providing and maintaining ONS Mail services
Authenticating users and managing active sessions
Detecting, preventing, and investigating unauthorized access attempts
Protecting accounts against fraud, abuse, spam, malware, and other security threats
Monitoring system health, availability, and performance
Diagnosing technical issues and resolving service errors
Improving service reliability, stability, and compatibility across supported devices and platforms
Complying with applicable legal and regulatory obligations
Technical information is processed only to the extent necessary for the operation and security of our services. ONS Mail does not use this information to build advertising profiles, perform behavioral tracking, or monitor users for commercial marketing purposes.
Where technically feasible, diagnostic and operational information may be aggregated or anonymized before being used for statistical analysis, service improvement, or infrastructure planning, ensuring that it cannot reasonably be used to identify individual users.
5.3 Email and Communication Data
To provide secure and reliable email services, ONS Mail processes information necessary for the transmission, storage, synchronization, and delivery of electronic communications.
Depending on how you use our services, we may process the following information:
Sender and recipient email addresses
CC and BCC recipient information
Email subject lines
Email message content
File attachments
Message size
Date and time of transmission and delivery
Delivery status information
Message identifiers
Technical routing information required for email transmission
Mailbox folders, labels, and filtering rules
Email signatures and user-configured mail settings
This information is processed solely for the following purposes:
Sending, receiving, storing, and synchronizing email messages
Providing access to your mailbox across supported devices
Processing attachments and user-configured mailbox features
Detecting and preventing spam, malware, phishing, and other malicious activity
Troubleshooting delivery issues and maintaining service reliability
Protecting the integrity and security of our email infrastructure
Complying with applicable legal and regulatory obligations
ONS Mail does not use the content of your emails or communications for advertising, behavioral profiling, targeted marketing, or the sale of personal data.
Where end-to-end encryption is available and enabled for a particular service or feature, ONS Mail does not possess the cryptographic keys required to decrypt protected content. As a result, we cannot access, read, or disclose the contents of end-to-end encrypted communications.
For standard email communications exchanged with external email providers (such as Gmail, Outlook, Yahoo, or other SMTP-compatible services), messages are protected using industry-standard transport security protocols during transmission. The level of encryption available to the recipient depends on the capabilities and security configuration of the receiving email provider.
Please note that email metadata—such as sender and recipient addresses, timestamps, message identifiers, and routing information—may be processed where necessary to operate, secure, troubleshoot, and deliver the email service in accordance with applicable law.
5.4 Subscription and Payment Information
If you subscribe to ONS Mail paid plans or purchase premium services, we may collect and process information necessary to manage your subscription, process payments, comply with legal obligations, and provide customer support.
Depending on the services you use, we may process the following information:
Subscription plan and service tier
Subscription status
Billing information
Invoice details
Payment status
Transaction identifiers
Payment dates
Renewal and cancellation preferences
Tax-related information where required by applicable law
Customer support records related to billing inquiries
ONS Mail does not store your complete payment card number, card verification code (CVV/CVC), or other sensitive payment credentials.
Payment transactions are processed by authorized third-party payment service providers that operate as independent data controllers or processors, as applicable. These providers process payment information in accordance with their own privacy policies, contractual obligations, and applicable legal and regulatory requirements, including industry security standards such as the Payment Card Industry Data Security Standard (PCI DSS) where applicable.
We process subscription and payment information for the following purposes:
Activating and managing paid subscriptions
Processing payments and issuing invoices
Managing renewals, upgrades, downgrades, and cancellations
Providing customer support for billing-related matters
Detecting and preventing fraudulent payment activity
Complying with accounting, tax, financial reporting, and other legal obligations
Maintaining records required by applicable law
Subscription and payment information is retained only for as long as necessary to fulfill the purposes described above or to satisfy applicable legal, tax, accounting, and regulatory requirements.
Additional information regarding payment providers and data sharing practices can be found in the "16. Third-Party Services" section of this Privacy Policy.
5.5 Security and Abuse Prevention Data
Protecting our users, infrastructure, and services is a fundamental part of ONS Mail's operations. To detect, prevent, investigate, and respond to security threats, fraud, abuse, and unauthorized access, we collect and process certain security-related information.
Depending on your use of our services, we may process the following information:
Successful and failed login attempts
Authentication and verification events
Two-Factor Authentication (2FA) events
Backup recovery code usage
Application password activity
Active session information
Device and browser security information
IP addresses associated with authentication events
Suspicious login attempts
Account lockout events
Password reset requests
Security alerts and notifications
Audit logs
Rate limiting events
Spam and abuse detection records
Malware detection events
Reports of unauthorized activity
Security incident records
This information is processed exclusively for legitimate security and operational purposes, including:
Authenticating users and protecting user accounts
Detecting and preventing unauthorized access
Preventing spam, phishing, malware, and other malicious activities
Identifying fraudulent or abusive behavior
Protecting the integrity, confidentiality, and availability of ONS Mail services
Investigating suspected violations of our Terms of Service or applicable law
Responding to security incidents and conducting forensic investigations
Maintaining audit trails for security and compliance purposes
Complying with applicable legal and regulatory obligations
Security and abuse prevention data is processed only to the extent necessary to protect our services and users. Access to this information is strictly limited to authorized personnel and systems with a legitimate operational or security need.
ONS Mail does not use security-related information for advertising, behavioral profiling, or commercial marketing purposes.
Where appropriate, security logs and audit records may be retained for a limited period in accordance with our Data Retention policy, applicable legal requirements, and operational security needs.
5.6 Cookies and Similar Technologies
ONS Mail uses cookies and similar technologies to provide secure, reliable, and user-friendly services. These technologies help us authenticate users, maintain secure sessions, remember user preferences, and ensure the proper operation of our websites and applications.
Depending on the services you use, we may utilize:
Essential cookies
Authentication cookies
Session cookies
Security cookies
Preference cookies
Language preference cookies
Theme and appearance preferences
Session identifiers
Local Storage
Session Storage
Other technologies required for the secure operation of our services
These technologies are used for purposes including:
Maintaining secure user sessions
Authenticating users after login
Protecting against unauthorized access and session hijacking
Preventing Cross-Site Request Forgery (CSRF) and other web-based attacks
Remembering language, theme, and accessibility preferences
Improving usability and service reliability
Supporting the functionality of our web applications
ONS Mail does not use advertising cookies, cross-site tracking technologies, or third-party behavioral profiling tools. We do not use cookies to build advertising profiles, sell user data, or track users across unrelated websites.
Where analytics or performance measurement technologies are used, they are implemented only where permitted by applicable law and, where required, with the user's consent. Whenever possible, analytical information is aggregated or anonymized to minimize the processing of personal data.
You may control or delete cookies through your browser settings. Please note that disabling essential cookies or similar technologies may affect the availability, security, or functionality of certain ONS Mail services.
For more detailed information about the cookies and similar technologies we use, including their purposes, categories, and retention periods, please refer to our Cookie Policy.
5.7 User Content
ONS Mail enables users to create, upload, send, receive, store, organize, and manage various types of content through its services. Such content is processed solely for the purpose of providing the services requested by the user and maintaining the functionality, security, and reliability of the platform.
Depending on how you use ONS Mail, user-generated content may include:
Email messages
File attachments
ONS Secure messages
Self-destructing messages
Calendar events
Contacts and address books
Notes
Tasks and reminders
Email signatures
Mail folders, labels, and filters
Custom mailbox rules
Files and other content uploaded by users
Any other information voluntarily submitted through ONS Mail services
User content is processed exclusively for purposes such as:
Delivering and storing your communications
Synchronizing your data across supported devices
Providing requested features and functionality
Maintaining service integrity and availability
Protecting the security of your account and our infrastructure
Complying with applicable legal obligations where required
ONS Mail does not use user content for advertising, behavioral profiling, targeted marketing, or the commercial sale of personal data.
Where end-to-end encryption is available and enabled for a specific service or feature, ONS Mail does not possess the cryptographic keys necessary to decrypt protected content. Consequently, we cannot access, read, disclose, or otherwise process the plaintext contents of end-to-end encrypted communications.
Users remain responsible for the content they create, upload, transmit, or store using ONS Mail services. Users should ensure that their content complies with applicable laws, regulations, and our Terms of Service.
Except where required by applicable law or necessary to provide the requested service, ONS Mail does not access user content beyond what is reasonably necessary to operate, maintain, secure, and troubleshoot the platform.
6. Purposes for Processing Personal Data
ONS Mail processes personal data only for specified, explicit, and legitimate purposes that are necessary to provide, secure, maintain, and improve our services. We do not process personal data for purposes that are incompatible with those described in this Privacy Policy unless required or permitted by applicable law.
The purposes for which we process personal data include the following.
6.1 Providing Our Services
We process personal data to deliver the products and services requested by our users, including:
Creating and managing user accounts
Sending, receiving, storing, and synchronizing email messages
Providing access to mailboxes through web, mobile, desktop, IMAP, and SMTP services
Operating Calendar, Contacts, Notes, Tasks, and other productivity features
Providing ONS Secure features and self-destructing messages
Managing Custom Domain services and domain administration
Applying user preferences and account settings
6.2 Authentication and Account Security
We process personal data to verify user identity and protect user accounts against unauthorized access.
This includes processing information necessary to:
Authenticate users during sign-in
Manage active sessions
Support Two-Factor Authentication (2FA)
Manage application passwords
Process account recovery requests
Detect suspicious authentication activity
Protect user accounts from unauthorized access
6.3 Security, Fraud Prevention, and Abuse Detection
Protecting our users and infrastructure is one of our primary responsibilities. Personal data may be processed to:
Detect and prevent spam, phishing, malware, and other malicious activities
Prevent unauthorized access and account compromise
Detect fraudulent or abusive behavior
Protect the integrity, confidentiality, and availability of our services
Investigate security incidents
Enforce our Terms of Service
Maintain audit and security logs
6.4 Service Operations and Reliability
We process personal data to ensure that ONS Mail remains secure, reliable, and available.
This may include:
Monitoring system performance
Diagnosing technical issues
Resolving software errors
Maintaining infrastructure
Performing capacity planning
Improving service stability and compatibility
6.5 Customer Support
If you contact ONS Mail for assistance, we may process personal data in order to:
Respond to support requests
Verify your identity
Investigate reported issues
Resolve technical problems
Improve customer support services
6.6 Subscription, Billing, and Payment Management
Where you subscribe to paid services, personal data may be processed to:
Activate and manage subscriptions
Process payments
Issue invoices
Manage renewals, upgrades, downgrades, and cancellations
Detect payment fraud
Comply with accounting and tax obligations
6.7 Compliance with Legal Obligations
We may process personal data where necessary to comply with applicable laws, regulations, court orders, or lawful requests from competent authorities.
This may include:
Maintaining legally required records
Responding to lawful government requests
Meeting financial, tax, and accounting obligations
Exercising or defending legal claims
Complying with regulatory requirements
6.8 Service Communications
We may use your contact information to communicate with you regarding matters related to your account or our services, including:
Account verification
Password reset requests
Security notifications
Service maintenance announcements
Important changes to our services
Updates to this Privacy Policy or our Terms of Service
These communications are essential to the operation and security of ONS Mail and are not considered marketing communications.
6.9 Service Improvement and Operational Analytics
We may process aggregated, anonymized, or de-identified information to:
Improve the performance of our services
Analyze service reliability
Plan infrastructure capacity
Develop new features
Enhance security controls
Improve the overall user experience
Where possible, analytical information is processed in a manner that does not identify individual users.
6.10 No Advertising or Commercial Profiling
ONS Mail does not process personal data for:
Behavioral advertising
Targeted advertising
Commercial profiling
Selling personal data
Data brokerage
Third-party marketing purposes
Personal data is processed exclusively for the purposes described in this Privacy Policy and in accordance with applicable data protection laws, including the GDPR.
7. Legal Bases for Processing Personal Data
ONS Mail processes personal data only where a valid legal basis exists under applicable data protection laws. Depending on the nature of the processing activity, one or more legal bases under the General Data Protection Regulation (GDPR) and other applicable privacy laws may apply.
The legal bases on which we process personal data are described below.
7.1 Performance of a Contract
We process personal data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract.
This includes processing necessary to:
Create and manage your ONS Mail account
Provide email and communication services
Authenticate users and maintain secure sessions
Deliver Calendar, Contacts, Notes, Tasks, and other services
Operate ONS Secure features and self-destructing messages
Manage Custom Domain services
Process subscriptions and paid services
Provide customer support
This processing is based on Article 6(1)(b) GDPR.
7.2 Compliance with Legal Obligations
We may process personal data where necessary to comply with legal or regulatory obligations applicable to ONS Mail.
This may include processing required to:
Comply with applicable laws and regulations
Maintain legally required business records
Meet accounting and tax obligations
Respond to lawful requests from competent authorities
Cooperate with judicial or regulatory proceedings
Fulfill statutory reporting obligations
This processing is based on Article 6(1)(c) GDPR.
7.3 Legitimate Interests
We may process personal data where such processing is necessary for our legitimate interests or those of a third party, provided that those interests are not overridden by your fundamental rights and freedoms.
Our legitimate interests include:
Maintaining the security of our services
Preventing fraud, abuse, spam, phishing, and cyberattacks
Detecting unauthorized access
Protecting users and infrastructure
Monitoring service performance and reliability
Improving our products and services
Maintaining audit and security records
Establishing, exercising, or defending legal claims
Where we rely on legitimate interests, we carefully assess the impact on users' privacy and implement appropriate safeguards.
This processing is based on Article 6(1)(f) GDPR.
7.4 Consent
In certain circumstances, we process personal data based on your freely given, specific, informed, and unambiguous consent.
Consent may be requested for activities such as:
Optional analytics or performance cookies
Optional product features
Marketing communications, where offered
Other processing activities requiring consent under applicable law
You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
This processing is based on Article 6(1)(a) GDPR.
7.5 Establishment, Exercise, or Defense of Legal Claims
Personal data may be processed where necessary for the establishment, exercise, or defense of legal claims or in connection with judicial, administrative, or dispute resolution proceedings.
This may include:
Investigating legal disputes
Preserving evidence
Responding to legal proceedings
Enforcing contractual rights
Protecting the rights of ONS Mail, our users, or third parties
Such processing may be based on Article 6(1)(f) GDPR or other applicable legal provisions, depending on the circumstances.
7.6 Special Categories of Personal Data
ONS Mail does not intentionally collect or process special categories of personal data (also referred to as "sensitive personal data") unless:
Required by applicable law;
Explicitly provided by the user for a specific purpose;
Necessary to establish, exercise, or defend legal claims; or
Otherwise permitted under Article 9 GDPR or other applicable laws.
Where such processing is required, appropriate safeguards will be implemented.
7.7 Data Minimization and Accountability
Regardless of the legal basis relied upon, ONS Mail processes personal data in accordance with the principles of:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
We process only the personal data necessary for the specific purpose identified and maintain appropriate technical and organizational measures to demonstrate compliance with applicable data protection laws.
8. Sharing of Personal Data
ONS Mail is committed to protecting the confidentiality of your personal data. We do not sell, rent, lease, or otherwise monetize personal data, and we do not share personal data with third parties for advertising, behavioral profiling, or commercial marketing purposes.
We disclose personal data only where necessary to provide our services, comply with legal obligations, protect our legitimate interests, or with your authorization.
8.1 Service Providers
We may share personal data with carefully selected third-party service providers that assist us in operating, securing, and maintaining ONS Mail.
Depending on the services provided, these providers may support:
Cloud infrastructure and hosting services
Data center operations
DNS services
Content Delivery Network (CDN) services
DDoS protection and network security
Payment processing
Email delivery infrastructure
Backup and disaster recovery services
Spam and malware prevention
Customer support platforms
Security monitoring services
These providers process personal data only on our behalf, under written agreements, and only for the purposes specified by ONS Mail. They are contractually required to implement appropriate technical and organizational security measures and may not use personal data for their own marketing or commercial purposes.
8.2 Legal Compliance and Government Requests
We may disclose personal data where required to comply with applicable laws, regulations, court orders, or lawful requests from competent governmental, judicial, or regulatory authorities.
Before disclosing personal data, we evaluate each request to determine whether it is legally valid, appropriately scoped, and consistent with applicable law.
Where permitted by law, we seek to limit disclosures to the minimum amount of information necessary to satisfy the legal requirement.
Additional information is provided in the "18. Government and Law Enforcement Requests" section of this Privacy Policy.
8.3 Corporate Transactions
If ONS Mail is involved in a merger, acquisition, corporate restructuring, financing, sale of assets, or similar business transaction, personal data may be transferred as part of that transaction.
In such circumstances, we will take reasonable steps to ensure that:
Appropriate confidentiality obligations remain in place;
Personal data continues to be protected in accordance with this Privacy Policy; and
Users are notified where required by applicable law.
8.4 Sharing Based on Your Instructions
We may share personal data with third parties where you expressly instruct or authorize us to do so.
Examples include:
Exporting your data
Connecting third-party applications through authorized integrations
Using developer APIs that you choose to enable
Sharing information with organizations or administrators that manage your account, where applicable
Such disclosures are limited to the information necessary to perform the requested action.
8.5 International Service Providers
Some of our service providers may operate from jurisdictions outside your country of residence.
Where personal data is transferred internationally, ONS Mail implements appropriate safeguards in accordance with applicable data protection laws, including the GDPR.
Further information is available in the "9. International Data Transfers" section of this Privacy Policy.
8.6 No Sale or Commercial Disclosure of Personal Data
ONS Mail does not:
Sell personal data;
License or rent personal data;
Share personal data with advertising networks;
Share personal data with data brokers;
Use personal data for behavioral advertising;
Disclose email content for commercial analytics or marketing purposes.
Our business model is based on providing secure communication services—not monetizing user data.
8.7 Data Protection Measures
Whenever personal data is shared, ONS Mail applies appropriate safeguards designed to protect your information.
These safeguards include:
Data minimization
Access controls
Encryption where appropriate
Confidentiality agreements
Data Processing Agreements (DPAs) with processors
Security assessments of service providers
Ongoing monitoring of compliance obligations
We disclose only the personal data necessary for the specific purpose of the disclosure and only where there is a lawful basis to do so.
Except as described in this Privacy Policy or as required by applicable law, ONS Mail does not disclose your personal data to third parties.
9. International Data Transfers
ONS Mail is committed to protecting your personal data regardless of where it is processed. Where personal data is transferred outside your country of residence or outside the European Economic Area (EEA), United Kingdom (UK), or other jurisdictions with applicable data protection laws, we implement appropriate safeguards to ensure that your personal data remains protected.
International data transfers are carried out only where necessary to provide our services, operate our infrastructure, comply with legal obligations, or support authorized third-party service providers.
9.1 Where Your Data May Be Processed
Depending on the services you use and the infrastructure supporting them, your personal data may be processed or stored in one or more countries.
ONS Mail selects processing locations based on factors including:
Security and privacy standards
Service availability and reliability
Regulatory compliance
Business continuity and disaster recovery requirements
Technical and operational efficiency
9.2 Legal Basis for International Transfers
Where personal data is transferred internationally, ONS Mail relies on one or more lawful transfer mechanisms permitted under applicable data protection laws.
These may include:
An adequacy decision issued by the European Commission;
The European Commission's Standard Contractual Clauses (SCCs);
The UK International Data Transfer Agreement (IDTA) or UK Addendum, where applicable;
Your explicit consent, where required by law;
The necessity of the transfer for the performance of a contract;
Other lawful transfer mechanisms recognized under applicable legislation.
9.3 Appropriate Safeguards
Where required, ONS Mail implements appropriate technical, contractual, and organizational safeguards designed to protect personal data during international transfers.
These safeguards may include:
Standard Contractual Clauses (SCCs)
Data Processing Agreements (DPAs)
Encryption during transmission and, where appropriate, at rest
Access controls and authentication measures
Confidentiality obligations
Security assessments of service providers
Ongoing monitoring of compliance with applicable privacy laws
9.4 International Service Providers
Some third-party service providers engaged by ONS Mail may operate from countries outside your jurisdiction.
Where such providers process personal data on our behalf, they are contractually required to:
Process personal data only on documented instructions from ONS Mail;
Implement appropriate technical and organizational security measures;
Maintain the confidentiality of personal data;
Comply with applicable data protection laws and contractual obligations.
9.5 Your Rights
International transfers of personal data do not reduce or limit the privacy rights granted to you under applicable law.
Where required by law, you may request additional information regarding:
The countries to which your personal data may be transferred;
The legal transfer mechanism relied upon;
The safeguards implemented to protect your personal data.
Requests may be submitted using the contact details provided in the "20. Contact Information" section of this Privacy Policy.
9.6 Ongoing Compliance
ONS Mail regularly reviews international data transfer practices to ensure continued compliance with applicable privacy laws and evolving regulatory requirements.
Where legal requirements or regulatory guidance change, we may update our transfer mechanisms and safeguards accordingly to maintain an appropriate level of protection for your personal data.
International transfers are carried out only where necessary and always in accordance with the principles of lawfulness, transparency, data minimization, and accountability set out in this Privacy Policy.
10. Data Retention
ONS Mail retains personal data only for as long as necessary to fulfill the purposes for which it was collected, to provide our services, to comply with applicable legal obligations, to resolve disputes, to enforce our agreements, and to protect the security and integrity of our platform.
When personal data is no longer required, it is securely deleted, anonymized, or otherwise disposed of using appropriate technical and organizational measures.
The length of time we retain personal data depends on factors including:
The purpose for which the data was collected;
The nature of the service being provided;
Applicable legal, regulatory, accounting, and tax requirements;
Operational and security requirements;
The need to establish, exercise, or defend legal claims.
10.1 Retention Periods
The table below provides an overview of the general retention periods for the primary categories of personal data processed by ONS Mail.
| Data Category | Retention Period |
|---|---|
| Account Information | For as long as the account remains active |
| Email Messages | Until deleted by the user or the account is permanently deleted |
| Calendar, Contacts, Notes, and Tasks | Until deleted by the user or the account is permanently deleted |
| ONS Secure Messages | According to the applicable feature settings and user preferences |
| Self-Destructing Messages | Automatically deleted after the user-defined expiration period |
| Security Logs | Retained only for as long as necessary for security and operational purposes |
| Audit Logs | Retained for compliance, security, and legal purposes as appropriate |
| Authentication and Session Logs | Retained for a limited period to protect account security |
| Error and Diagnostic Logs | Retained only as long as necessary to diagnose and resolve technical issues |
| Customer Support Records | Retained for the duration necessary to resolve the request and satisfy legal obligations |
| Billing and Invoice Records | Retained for the period required by applicable accounting and tax laws |
| Cookie Data | Retained according to the applicable cookie type and purpose |
The retention periods listed above are general guidelines and may vary where required by applicable law, regulatory obligations, contractual requirements, or legitimate operational needs.
10.2 Account Deletion
When you permanently delete your ONS Mail account, personal data associated with your account will be deleted or anonymized within a reasonable period, unless continued retention is required by applicable law or permitted for legitimate legal or security purposes.
Certain information may be retained where necessary to:
Comply with legal obligations;
Maintain financial or tax records;
Prevent fraud or abuse;
Resolve disputes;
Protect the security and integrity of our services;
Establish, exercise, or defend legal claims.
10.3 Backup Systems
For business continuity and disaster recovery purposes, personal data may temporarily remain in secure backup systems after deletion from active systems.
Backup data:
Is not used for day-to-day operations;
Is accessible only under controlled recovery procedures;
Is protected by appropriate security measures; and
Is automatically deleted or overwritten in accordance with our backup retention schedules.
10.4 Secure Deletion
When retention periods expire, ONS Mail securely deletes or irreversibly anonymizes personal data using methods appropriate to the nature of the information and applicable industry standards.
We regularly review our retention practices to ensure that personal data is not retained longer than necessary and that our retention schedules remain consistent with applicable legal, regulatory, and operational requirements.
Data retention practices are implemented in accordance with the principles of storage limitation, data minimization, integrity, confidentiality, and accountability under applicable data protection laws, including the GDPR.
11. Account Deletion and Data Erasure
ONS Mail respects your right to control your personal data. Subject to applicable law, you may request the deletion of your account and the erasure of your personal data at any time.
Account deletion and data erasure are carried out in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), our legal obligations, and our internal data retention policies.
11.1 Deleting Your Account
You may permanently delete your ONS Mail account through your account settings or by contacting our support team, where applicable.
Once your account deletion request has been confirmed:
Access to your account will be permanently disabled.
Active sessions will be terminated.
Email delivery and mailbox access will cease.
Associated ONS Mail services linked to your account will no longer be available.
The deletion process will begin in accordance with our internal retention procedures.
Account deletion may be irreversible. Before requesting deletion, you should export or back up any information you wish to retain.
11.2 Personal Data Erasure
Following account deletion, ONS Mail will delete or irreversibly anonymize personal data associated with your account within a reasonable period, except where continued retention is required or permitted by applicable law.
Depending on the services you have used, this may include:
Account information
Email messages
File attachments
Calendar events
Contacts
Notes
Tasks
ONS Secure content
Self-destructing message records, where applicable
User preferences and account settings
Profile information
The scope and timing of deletion may vary depending on legal, operational, and technical requirements.
11.3 Information We May Retain
Certain information may continue to be retained after account deletion where necessary to:
Comply with legal or regulatory obligations;
Meet accounting or tax requirements;
Detect, investigate, or prevent fraud and abuse;
Protect the security and integrity of our services;
Resolve disputes;
Establish, exercise, or defend legal claims.
Such information will be retained only for the period required by applicable law or for legitimate operational purposes and will not be used for unrelated purposes.
11.4 Backup Copies
Following deletion from active systems, certain data may temporarily remain in secure backup systems maintained for disaster recovery and business continuity purposes.
Backup copies:
Are not used for normal service operations;
Are protected by appropriate technical and organizational security measures;
Are accessible only through controlled recovery procedures; and
Are permanently deleted or overwritten in accordance with our backup retention schedules.
11.5 Requests for Data Erasure
You may exercise your right to request the erasure of your personal data where provided by applicable law.
Before processing a deletion request, ONS Mail may take reasonable steps to verify your identity in order to protect your account and prevent unauthorized deletion requests.
If we are legally required to retain certain information, or if another lawful basis for continued processing applies, we will inform you accordingly.
11.6 Data Export Before Deletion
Before permanently deleting your account, you may have the opportunity to export certain categories of your personal data using available export tools or by submitting a request, where applicable.
Supported export formats and available data categories may vary depending on the services you use.
11.7 Irreversible Deletion
Once the deletion process has been completed and applicable backup retention periods have expired, deleted personal data generally cannot be recovered or restored.
For this reason, we strongly recommend that you export any emails, attachments, contacts, calendar data, notes, tasks, or other important information before permanently deleting your account.
ONS Mail is committed to carrying out account deletion and data erasure requests in a secure, transparent, and timely manner, while ensuring compliance with applicable data protection laws and our legitimate legal obligations.
12. Data Security
ONS Mail is committed to protecting the confidentiality, integrity, and availability of personal data. We implement appropriate technical and organizational measures designed to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.
Our security program is continuously reviewed and updated to address evolving threats, technological developments, industry best practices, and applicable legal and regulatory requirements.
12.1 Encryption and Secure Communications
We use industry-standard security technologies to help protect personal data during transmission and, where appropriate, while stored.
Depending on the service and technical implementation, these measures may include:
Transport Layer Security (TLS) for data transmitted between users and ONS Mail services
Encryption of stored data where appropriate
Secure communication protocols for IMAP, SMTP, POP3, and API connections
Cryptographic protections for authentication credentials
End-to-end encryption for supported features where enabled
Where end-to-end encryption is available, ONS Mail does not possess the cryptographic keys necessary to decrypt protected communications.
12.2 Authentication and Access Controls
We implement multiple layers of authentication and access control to protect user accounts and internal systems.
These measures may include:
Strong password requirements
Password hashing using modern cryptographic algorithms
Multi-Factor Authentication (MFA), including Two-Factor Authentication (2FA)
Application-specific passwords
Session management and automatic session expiration
Role-based access controls
Least-privilege access principles
Account recovery verification procedures
Access to personal data is restricted to authorized personnel who require such access to perform their job responsibilities.
12.3 Infrastructure and Network Security
ONS Mail maintains security controls designed to protect its infrastructure against cyber threats and unauthorized access.
These controls may include:
Network segmentation
Firewalls
Intrusion detection and prevention mechanisms
Distributed Denial-of-Service (DDoS) protection
Security monitoring and logging
Vulnerability management
Malware detection and spam filtering
Continuous infrastructure monitoring
12.4 Operational Security
To maintain the security of our services, we implement operational safeguards including:
Security event monitoring
Audit logging
Change management procedures
Access reviews
Incident response procedures
Secure software development practices
Regular security updates and patch management
These controls are intended to reduce security risks and improve the resilience of our services.
12.5 Backup and Disaster Recovery
ONS Mail maintains backup and disaster recovery procedures designed to protect against data loss and service interruptions.
These procedures include:
Secure backup processes
Disaster recovery planning
Business continuity measures
Controlled restoration procedures
Backup retention policies
Backup systems are protected using appropriate technical and organizational security controls.
12.6 Security Testing and Continuous Improvement
We regularly evaluate and improve our security posture through activities such as:
Security assessments
Vulnerability scanning
Penetration testing where appropriate
Risk assessments
Internal security reviews
Monitoring emerging security threats
Security controls are continuously updated to reflect changes in technology, regulatory requirements, and industry best practices.
12.7 Personnel and Confidentiality
Employees, contractors, and authorized service providers with access to personal data are subject to confidentiality obligations and receive appropriate security and privacy training.
Access to personal data is granted only where necessary for legitimate business purposes and is regularly reviewed.
12.8 Shared Responsibility
While ONS Mail is responsible for protecting the security of its services, users also play an important role in maintaining account security.
Users are encouraged to:
Use strong and unique passwords;
Enable Two-Factor Authentication (2FA);
Keep recovery information up to date;
Protect their devices against unauthorized access;
Promptly report suspected security incidents or unauthorized account activity.
12.9 No Absolute Security Guarantee
Although ONS Mail applies appropriate technical and organizational measures to protect personal data, no method of electronic transmission, storage, or processing can be guaranteed to be completely secure.
Accordingly, while we continuously work to protect our systems and improve our security controls, we cannot guarantee absolute security under all circumstances.
ONS Mail remains committed to maintaining a high standard of information security and continuously improving our security practices to protect our users and their personal data.
13. Security Incidents and Data Breaches
ONS Mail takes all security incidents seriously and maintains procedures designed to detect, investigate, contain, and respond to events that may affect the confidentiality, integrity, or availability of our services or personal data.
Our incident response processes are intended to minimize potential harm, restore affected services as quickly as reasonably possible, and comply with applicable legal and regulatory obligations.
13.1 Detection and Monitoring
ONS Mail continuously monitors its infrastructure and security systems to identify potential threats, unauthorized access attempts, suspicious activities, service disruptions, and other events that may indicate a security incident.
Security monitoring may include:
Authentication and access monitoring
Infrastructure and network monitoring
Security event logging
Intrusion detection mechanisms
Abuse and fraud detection systems
Malware and spam detection
Operational health monitoring
13.2 Incident Response
When a potential security incident is identified, ONS Mail follows established incident response procedures, which may include:
Investigating the nature and scope of the incident
Containing and mitigating the impact
Isolating affected systems where appropriate
Preserving relevant evidence for forensic analysis
Restoring affected services
Implementing corrective actions to reduce the risk of recurrence
Incident response activities are coordinated according to the severity and potential impact of the event.
13.3 User Notification
Where a security incident results in a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, ONS Mail will notify affected users without undue delay where required by applicable law.
Such notifications may include, where appropriate:
A description of the nature of the incident;
The categories of personal data affected;
The likely consequences of the incident;
Measures taken or proposed to address the incident;
Recommended actions users can take to protect themselves;
Contact information for obtaining additional assistance.
13.4 Regulatory Notification
Where required under applicable data protection laws, including the General Data Protection Regulation (GDPR), ONS Mail will notify the appropriate supervisory authority within the legally required timeframe.
Such notifications will be made only where the applicable legal requirements are met.
13.5 Investigation and Remediation
Following a security incident, ONS Mail conducts an internal review to:
Determine the root cause;
Assess the effectiveness of existing security controls;
Identify lessons learned;
Implement technical and organizational improvements;
Update internal procedures where necessary.
The objective of each review is to strengthen our security posture and reduce the likelihood of similar incidents in the future.
13.6 User Responsibilities
Users also play an important role in protecting their accounts and personal data.
We encourage users to:
Use strong and unique passwords;
Enable Two-Factor Authentication (2FA);
Protect their devices against unauthorized access;
Keep account recovery information current;
Be vigilant against phishing and social engineering attacks;
Immediately report any suspected unauthorized access or suspicious account activity.
13.7 Reporting Security Issues
If you believe your ONS Mail account has been compromised, discover a potential security vulnerability, or become aware of any activity that could affect the security of our services, you should notify ONS Mail as soon as reasonably possible using the contact information provided in this Privacy Policy.
Reports are reviewed by our security team and handled in accordance with our internal incident response procedures.
ONS Mail is committed to continuously improving its security capabilities and responding promptly, responsibly, and transparently to security incidents while protecting the privacy and security of our users.
14. Your Privacy Rights
ONS Mail respects your privacy rights and is committed to enabling you to exercise your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy legislation.
Depending on your jurisdiction and the circumstances of the processing, you may have the following rights.
14.1 Right of Access
You have the right to request confirmation as to whether ONS Mail processes your personal data and, where applicable, to obtain access to that personal data.
You may also request information regarding:
The categories of personal data being processed;
The purposes of the processing;
The recipients or categories of recipients to whom the data has been disclosed;
The retention period for the data;
The safeguards applied to international data transfers, where applicable.
14.2 Right to Rectification
You have the right to request that inaccurate or incomplete personal data be corrected or updated without undue delay.
Many account-related details can be reviewed and updated directly through your account settings.
14.3 Right to Erasure ("Right to be Forgotten")
Subject to applicable law, you may request the deletion of your personal data where:
The data is no longer necessary for the purposes for which it was collected;
You withdraw consent where processing is based on consent;
You successfully object to the processing;
The processing is unlawful; or
Erasure is required by applicable law.
This right is not absolute and may be limited where ONS Mail is legally required or otherwise permitted to retain certain information.
14.4 Right to Restrict Processing
You may request that we temporarily restrict the processing of your personal data under certain circumstances, including where:
You contest the accuracy of the data;
The processing is unlawful but you oppose deletion;
We no longer require the data, but you need it for legal claims; or
Your objection to processing is pending evaluation.
14.5 Right to Data Portability
Where applicable, you have the right to receive the personal data you have provided to ONS Mail in a structured, commonly used, and machine-readable format.
Where technically feasible, you may also request that such data be transmitted directly to another service provider.
14.6 Right to Object
You have the right to object to the processing of your personal data where processing is based on our legitimate interests or is carried out for certain other purposes permitted by applicable law.
Where a valid objection is received, we will cease processing unless we demonstrate compelling legitimate grounds that override your rights or where continued processing is otherwise permitted by law.
14.7 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time.
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
14.8 Rights Related to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, where such processing produces legal effects concerning you or similarly significantly affects you, except where permitted by applicable law.
ONS Mail does not use personal data for automated decision-making or profiling for advertising or commercial purposes.
14.9 Right to Lodge a Complaint
If you believe that your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority in your country or jurisdiction.
You may also contact ONS Mail directly, and we will make reasonable efforts to address your concerns before they escalate into a formal complaint.
14.10 Exercising Your Rights
You may exercise your privacy rights by contacting us using the details provided in the "20. Contact Information" section of this Privacy Policy.
To protect your personal data and prevent unauthorized disclosure, we may request additional information to verify your identity before processing your request.
We will respond to requests within the timeframes required by applicable law. In certain circumstances, where permitted by law, we may decline a request or request additional information if necessary to verify your identity or clarify the scope of your request.
ONS Mail is committed to respecting your privacy rights and handling all requests in a transparent, fair, and accountable manner consistent with applicable data protection laws.
15. Cookie Policy
This Cookie Policy explains how ONS Mail uses cookies and similar technologies when you visit our websites, access our web applications, or use related online services.
Cookies are small text files that are stored on your device by your web browser. They help websites function properly, maintain security, remember your preferences, and improve the overall user experience.
ONS Mail is committed to protecting your privacy and uses cookies only for legitimate operational, security, and service-related purposes.
15.1 Types of Cookies We Use
Depending on the services you use, ONS Mail may use the following categories of cookies.
Essential Cookies
Essential cookies are necessary for the operation of our services and cannot be disabled through our systems.
These cookies help us:
Authenticate users
Maintain secure login sessions
Process requests securely
Protect against unauthorized access
Ensure the proper functioning of our websites and applications
Without these cookies, certain features of ONS Mail may not function correctly.
Functional Cookies
Functional cookies allow us to remember your preferences and personalize your experience.
These cookies may remember:
Language preferences
Theme selection (light or dark mode)
Time zone
Accessibility preferences
User interface settings
Other account preferences
Security Cookies
Security cookies are used to protect both users and our services.
They may be used to:
Prevent Cross-Site Request Forgery (CSRF) attacks
Detect session hijacking
Validate authenticated sessions
Prevent unauthorized access
Support fraud prevention mechanisms
Analytics and Performance Cookies
ONS Mail does not use analytics cookies for advertising or behavioral profiling.
Where analytics or performance measurement technologies are used, they are intended solely to:
Measure service performance
Identify technical issues
Improve website reliability
Enhance user experience
Where required by applicable law, analytics cookies will be used only after obtaining your consent.
Whenever reasonably possible, analytical data is aggregated or anonymized.
Advertising Cookies
ONS Mail does not use:
Advertising cookies
Third-party advertising trackers
Cross-site tracking technologies
Behavioral advertising cookies
Marketing profiling cookies
We do not monetize user activity through advertising technologies.
15.2 Similar Technologies
In addition to cookies, ONS Mail may use similar technologies necessary for the secure operation of our services, including:
Session tokens
Authentication tokens
Local Storage
Session Storage
Browser security mechanisms
Other technologies required to maintain secure sessions and user preferences
These technologies serve functions similar to cookies and are used only for legitimate operational purposes.
15.3 Managing Cookies
Most web browsers allow you to control cookies through browser settings.
Depending on your browser, you may be able to:
View stored cookies
Delete existing cookies
Block certain categories of cookies
Configure browser preferences for future cookies
Please note that disabling essential cookies or similar technologies may affect the availability, security, or functionality of certain ONS Mail services.
15.4 Third-Party Cookies
ONS Mail does not permit third-party advertising networks to place cookies on our services.
However, certain third-party providers that support our services—such as payment processors, CAPTCHA providers, content delivery networks (CDNs), or other infrastructure providers—may place technical cookies necessary for the operation of their respective services.
Any such cookies are governed by the privacy policies of the relevant third-party providers.
15.5 Changes to This Cookie Policy
ONS Mail may update this Cookie Policy from time to time to reflect changes in legal requirements, technology, or our services.
Where material changes are made, we may notify users through our website, within the service, or by other appropriate means where required by applicable law.
The latest version of this Cookie Policy will always be available on our website and will become effective upon publication unless otherwise stated.
ONS Mail is committed to using cookies responsibly, transparently, and in accordance with applicable privacy and data protection laws, including the GDPR.
16. Third-Party Services
ONS Mail uses carefully selected third-party service providers to support the operation, security, reliability, and delivery of our services. These providers perform specific functions on our behalf and process personal data only where necessary to provide the services requested by ONS Mail.
We carefully evaluate third-party providers based on their security practices, privacy standards, technical capabilities, and compliance with applicable data protection laws.
16.1 Categories of Third-Party Services
Depending on the services you use, ONS Mail may engage third-party providers in the following categories:
Cloud infrastructure and hosting services
Data center services
Domain Name System (DNS) providers
Content Delivery Network (CDN) services
Distributed Denial-of-Service (DDoS) protection
Payment processing services
Email delivery infrastructure
Spam and malware protection services
Backup and disaster recovery services
CAPTCHA and bot protection services
Customer support platforms
Security monitoring and logging services
Domain registration services
Notification and communication services
These providers receive access only to the personal data necessary to perform the services for which they have been engaged.
16.2 Authorized Integrations
ONS Mail may allow users to connect authorized third-party applications or services.
Where you choose to enable such integrations:
Data is shared only with your authorization;
Only the information necessary for the requested integration is disclosed;
You may revoke access where supported by the relevant integration.
Third-party applications operate under their own privacy policies and terms of service. ONS Mail is not responsible for the privacy practices of independent third-party applications or services.
16.3 Payment Service Providers
If you subscribe to paid services, payment transactions are processed by authorized third-party payment providers.
ONS Mail does not store:
Full payment card numbers;
Card verification codes (CVV/CVC);
Other sensitive payment credentials.
Payment providers process payment information under their own legal obligations and security standards, including compliance with applicable payment industry requirements such as PCI DSS, where applicable.
16.4 Security and Infrastructure Providers
To protect our users and maintain reliable services, ONS Mail may rely on specialized infrastructure and security providers for services such as:
Network protection
DDoS mitigation
DNS resolution
Spam filtering
Malware detection
Security monitoring
Traffic management
Infrastructure resilience
These providers support the operation of our services but are not permitted to use personal data for independent commercial purposes.
16.5 Third-Party Websites
Our websites or services may contain links to third-party websites or services that are not owned or operated by ONS Mail.
If you access a third-party website, your interactions with that website are governed by its own privacy policy, terms of service, and security practices.
ONS Mail is not responsible for the privacy practices, content, or security of third-party websites or services.
16.6 Data Protection Requirements
Third-party service providers that process personal data on behalf of ONS Mail are required to:
Process personal data only on documented instructions from ONS Mail;
Maintain appropriate technical and organizational security measures;
Protect the confidentiality of personal data;
Comply with applicable data protection laws;
Notify ONS Mail of certain security incidents where required by contract or law;
Delete or return personal data upon completion of the services, where applicable.
Where required, ONS Mail enters into Data Processing Agreements (DPAs) or equivalent contractual arrangements with such providers.
16.7 No Advertising or Data Brokerage
ONS Mail does not share personal data with:
Advertising networks;
Marketing companies;
Data brokers;
Behavioral profiling providers; or
Third parties for commercial advertising purposes.
Third-party services are engaged solely to support the operation, security, maintenance, and lawful provision of ONS Mail services.
We remain committed to ensuring that all third-party relationships are managed in a manner consistent with applicable privacy laws, industry best practices, and the privacy commitments described in this Privacy Policy.
17. Children's Privacy
ONS Mail is committed to protecting the privacy of children and recognizes the importance of safeguarding the personal data of minors. Our services are designed for a general audience and are not intentionally directed toward children below the minimum age required to provide valid consent under applicable data protection laws.
17.1 Minimum Age Requirement
To create and use an ONS Mail account, you must be at least the minimum age required by the laws of your country or jurisdiction to consent to the processing of your personal data.
Where applicable law requires parental or legal guardian consent, users below the required age may use ONS Mail only with such consent.
If local legislation establishes a higher minimum age than the GDPR default, the higher legal standard will apply.
17.2 No Knowing Collection from Children
ONS Mail does not knowingly collect personal data from children in violation of applicable law.
If we become aware that personal data has been collected from a child without the legally required consent, we may take appropriate action, including:
Verifying the user's age;
Requesting parental or legal guardian authorization where appropriate;
Restricting or suspending access to the account;
Permanently deleting the account; and
Deleting or anonymizing the associated personal data where required by law.
17.3 Parents and Legal Guardians
Parents or legal guardians who believe that a child has provided personal data to ONS Mail without the required authorization may contact us using the information provided in this Privacy Policy.
After verifying the request, we may, where appropriate:
Provide information regarding the processing of the child's personal data;
Correct inaccurate information;
Restrict further processing;
Delete the child's personal data; or
Close the associated account where required by applicable law.
17.4 Educational and Organizational Accounts
Where ONS Mail services are provided through educational institutions, organizations, or other entities acting on behalf of children, the responsibilities of the relevant organization and ONS Mail may be governed by separate contractual agreements and applicable laws.
In such circumstances, the organization using ONS Mail may act as the data controller for certain processing activities, while ONS Mail may act as a data processor or independent data controller, depending on the nature of the service and applicable law.
17.5 Protecting Children's Privacy
ONS Mail is committed to complying with all applicable laws relating to children's privacy and the protection of minors' personal data.
We regularly review our policies and practices to ensure that children's personal data is processed only where legally permitted and with appropriate safeguards.
If you believe that a child has provided personal data to ONS Mail in a manner that does not comply with applicable law, please contact us promptly using the contact details provided in the "20. Contact Information" section of this Privacy Policy.
We will investigate the matter and take appropriate action in accordance with applicable legal and regulatory requirements.
18. Government and Law Enforcement Requests
ONS Mail is committed to protecting the privacy and confidentiality of our users while complying with applicable laws and legally binding requests from competent governmental, judicial, and regulatory authorities.
We carefully review every request for user information to ensure that it is lawful, valid, proportionate, and consistent with applicable data protection laws and internationally recognized privacy principles.
18.1 Review of Government Requests
Before disclosing any personal data, ONS Mail evaluates each request to determine whether it:
Has a valid legal basis;
Has been issued by a competent authority with appropriate jurisdiction;
Clearly identifies the legal authority for the request;
Is limited in scope and proportionate to its stated purpose; and
Complies with applicable laws and due process requirements.
Where a request is unlawful, overly broad, unclear, or otherwise inconsistent with applicable legal standards, ONS Mail may challenge, narrow, or refuse the request where legally permitted.
18.2 Disclosure of Personal Data
Where disclosure is legally required, ONS Mail will disclose only the minimum amount of personal data necessary to comply with the applicable legal obligation.
We do not voluntarily provide user information to government authorities except where required or authorized by applicable law.
18.3 Encrypted Data
Certain ONS Mail services support end-to-end encryption or other encryption technologies that prevent ONS Mail from accessing the plaintext content of protected communications.
Where ONS Mail does not possess the cryptographic keys required to decrypt protected data, we are technically unable to access, decrypt, or disclose the encrypted content—even in response to a lawful government request.
18.4 User Notification
Where permitted by applicable law and not prohibited by a valid legal order, ONS Mail may notify affected users before disclosing their personal data in response to a government or law enforcement request.
Notification may not be possible where:
Disclosure is prohibited by law;
A court order or other legally binding directive prohibits notification;
Notification could compromise an ongoing investigation; or
Immediate disclosure is required to prevent imminent harm or comply with applicable law.
18.5 Transparency
ONS Mail believes that transparency is essential to maintaining user trust.
Where legally permitted, we may publish periodic Transparency Reports containing aggregated information regarding:
The number of government requests received;
The types of requests received;
The number of requests complied with;
The legal basis for such requests, where appropriate.
These reports contain only aggregated statistical information and do not identify individual users or disclose personal data.
18.6 Protection of Fundamental Rights
ONS Mail evaluates government and law enforcement requests with due regard for:
The rule of law;
Human rights;
Freedom of expression;
The right to privacy;
Data minimization;
Necessity and proportionality principles.
Our objective is to comply with legitimate legal obligations while protecting the privacy and fundamental rights of our users to the greatest extent permitted by law.
Except where legally required, ONS Mail does not disclose personal data to governments, law enforcement agencies, or other public authorities without an appropriate legal basis.
We remain committed to handling all government requests responsibly, transparently, and in accordance with applicable privacy laws, including the GDPR and other relevant data protection legislation.
19. Changes to this Privacy Policy
ONS Mail may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, regulatory guidance, security practices, or business operations.
We encourage users to review this Privacy Policy periodically to stay informed about how we collect, use, protect, and process personal data.
Unless otherwise stated, any updated version of this Privacy Policy becomes effective on the date it is published.
19.1 Reasons for Updates
We may revise this Privacy Policy for reasons including, but not limited to:
Changes in applicable laws or regulations;
Updates to GDPR or other data protection requirements;
The introduction of new products, services, or features;
Changes to existing services or technical infrastructure;
Improvements to our security and privacy practices;
Business or organizational changes;
Clarifications intended to improve transparency or readability.
19.2 Notification of Material Changes
Where required by applicable law or where changes materially affect your rights or the way we process your personal data, ONS Mail will provide appropriate notice before the changes become effective.
Notification may be provided through one or more of the following methods:
Notices on the ONS Mail website;
In-app notifications;
Email notifications sent to your registered email address;
Other communication methods permitted by applicable law.
The method of notification may vary depending on the nature and significance of the changes.
19.3 Current Version
The most current version of this Privacy Policy will always be available through the official ONS Mail website.
For transparency, the Privacy Policy may include information such as:
Effective Date;
Last Updated Date;
Version Number, where applicable.
Users should refer to the latest published version when using ONS Mail services.
19.4 Continued Use of the Services
By continuing to access or use ONS Mail after an updated version of this Privacy Policy becomes effective, you acknowledge that you have been informed of the revised Privacy Policy.
Nothing in this section limits or waives any rights you may have under applicable data protection laws.
19.5 Previous Versions
ONS Mail may retain archived versions of this Privacy Policy for legal, regulatory, operational, or transparency purposes.
Where appropriate, previous versions may be made available upon request or published to help users understand significant changes over time.
We are committed to maintaining a Privacy Policy that is clear, transparent, and consistent with evolving legal requirements and industry best practices.
20. Contact Information
If you have any questions about this Privacy Policy, the way ONS Mail processes your personal data, or your privacy rights, you may contact us using the details below.
We are committed to responding to privacy-related inquiries in a timely, transparent, and professional manner, in accordance with applicable data protection laws.
20.1 Privacy and Data Protection
For questions regarding privacy, personal data processing, or to exercise your rights under applicable data protection laws, please contact our Privacy Team.
Privacy Email:
privacy@onsmail.com
20.2 Customer Support
For technical support, account assistance, billing inquiries, or general questions about ONS Mail services, please contact our Support Team.
Support Email:
support@onsmail.com
20.3 Website
The latest versions of our legal documents, policies, service announcements, and additional information about ONS Mail are available on our official website.
Website:
https://onsmail.com
20.4 Exercising Your Privacy Rights
To exercise your rights under applicable data protection laws, you may submit a request using the contact information provided above.
To protect your personal data and prevent unauthorized disclosure, we may request additional information to verify your identity before responding to your request.
Requests will be handled within the timeframes required by applicable law. Where legally permitted, we may extend the response period if a request is particularly complex or involves multiple requests, in which case you will be informed accordingly.
20.5 Updates to Contact Information
If our contact details change, the updated information will be published on the official ONS Mail website and, where appropriate, communicated through our services or by other means consistent with applicable law.
Effective Date: June 25, 2026
Last Updated: June 25, 2026
This Privacy Policy applies to all products and services provided by ONS Mail unless a separate privacy notice applies. ONS Mail is committed to protecting personal data, respecting user privacy, and processing personal information in accordance with the General Data Protection Regulation (GDPR) and all other applicable privacy and data protection laws.