Privacy Policy
Last updated: March 14, 2026
1. Data Controller
The data controller responsible for the processing of your personal data on this website is:
Michael Contento
Auf der Hohl 7
56291 Badenhard, Germany
Email: info@mailgator.io
Phone: On request via info@mailgator.io
2. Overview of Data Processing
Mailgator is a transparent IMAP/SMTP proxy for email access control. We take your privacy seriously. This policy explains what personal data we collect, why we collect it, and your rights under the EU General Data Protection Regulation (GDPR).
All data processing is carried out in accordance with the GDPR, the German Federal Data Protection Act (BDSG), and the German Telecommunications-Telemedia Data Protection Act (TDDDG).
3. Hosting
This website and the Mailgator service are hosted on servers provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. All servers are located in Germany, ensuring your data remains within the European Union.
When you access our website, the hosting provider automatically collects and stores information in server log files that your browser transmits. This includes:
- IP address of the requesting device
- Date and time of access
- URL of the requested page
- HTTP status code
- Browser type and version
- Operating system
- Referrer URL
This data is processed on the basis of Art. 6(1)(f) GDPR. Our legitimate interest is the technically error-free presentation and optimization of our website. Server log files are stored for a maximum of 14 days and then deleted.
4. Account Registration
When you register for a Mailgator account, we collect and store:
- Email address
- Account creation timestamp
Authentication is handled via magic link (passwordless login). When you log in, we send a one-time login link to your email address. We do not store passwords.
This data is processed on the basis of Art. 6(1)(b) GDPR (performance of a contract). Your account data is retained for the duration of your account. Upon deletion of your account, personal data is removed within 30 days, unless retention is required by law.
5. Email Data
Important: We Never See Your Email Data
Mailgator is self-hosted software that runs entirely on your infrastructure. We do not operate the proxy — you do. All email data (content, metadata, credentials) stays on your systems and is never transmitted to us.
The only communication between the Mailgator proxy and our servers is a periodic license validation check. This check contains a cryptographic token only — no email content, metadata, or credentials are included.
Since all email processing happens locally on your infrastructure, the GDPR data processing responsibilities for email data lie with you as the data controller. We have no access to and no knowledge of the email data processed by the Mailgator proxy on your systems.
6. Payment Processing
We use Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA) as our payment processor. When you subscribe to a paid plan, your payment information (credit card number, billing address, etc.) is collected and processed directly by Stripe. We do not store your full credit card details on our servers.
We receive from Stripe:
- A unique Stripe customer ID
- Subscription status and plan information
- Last four digits of your payment card
- Invoice and payment history
Processing is based on Art. 6(1)(b) GDPR (performance of a contract). Stripe may transfer data to the USA. Stripe participates in the EU-U.S. Data Privacy Framework. For details, see Stripe's Privacy Policy.
7. Cookies
We use only technically necessary cookies. No tracking or advertising cookies are used.
| Cookie | Purpose | Duration |
|---|---|---|
| laravel_session | Session management, authentication state | 2 hours |
| XSRF-TOKEN | Cross-site request forgery protection | 2 hours |
| remember_web_* | "Remember me" authentication (optional) | 5 years |
These cookies are processed on the basis of Art. 6(1)(f) GDPR. Our legitimate interest is to provide a secure and functional website. You can configure your browser to refuse cookies, but this may prevent you from using our service.
8. Analytics
We currently do not use any third-party analytics or tracking services. If this changes in the future, this privacy policy will be updated accordingly before any analytics tools are deployed.
9. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law:
- Account data: Retained for the lifetime of your account. Deleted within 30 days of account deletion.
- Email data: Never stored on our servers. All email processing happens on your infrastructure.
- Payment records: Retained for 10 years after the end of the contract as required by German commercial and tax law (Sections 147 AO, 257 HGB).
- Server logs: Automatically deleted after 14 days.
10. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right of Access (Art. 15 GDPR)
You have the right to request confirmation of whether we process your personal data and to receive a copy of that data.
Right to Rectification (Art. 16 GDPR)
You have the right to request correction of inaccurate personal data or completion of incomplete data.
Right to Erasure (Art. 17 GDPR)
You have the right to request deletion of your personal data, subject to legal retention obligations.
Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request restriction of processing under certain conditions.
Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Right to Object (Art. 21 GDPR)
You have the right to object to processing based on legitimate interests at any time, for reasons relating to your particular situation.
Right to Lodge a Complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully. The competent authority for complaints in Germany is the data protection authority of the federal state in which we are based.
To exercise any of these rights, please contact us at info@mailgator.io.
11. Data Security
We use industry-standard security measures to protect your personal data, including TLS/SSL encryption for all data in transit, encrypted storage of sensitive data at rest, and regular security updates. All data is hosted within the European Union on Hetzner servers located in Germany.
12. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. For significant changes, we will notify you via email if you have an active account. We encourage you to review this policy periodically.