Privacy Policy

We believe in data minimization. We only store what is strictly necessary to provide the email service.

1. Registration Data

When you register, we store exactly three things in our database table users:

• Username: The local part of your email (e.g., user in user@navi.land).
• Password Hash: A strong cryptographic hash of your password. We do not know your password.
• Creation Date: The timestamp of when the account was created.

We do not store your IP address, user agent, or personal email during registration.

2. Logs & Telemetry

• Web Logs: Nginx access_log is disabled. We do not log visits to the website or webmail.
• Mail Logs: Postfix and Dovecot logs are generated for delivery diagnostics and abuse prevention (SPAM filtering). These are rotated automatically and are not used for tracking.
• Analytics: We use a self-hosted instance of GoatCounter for aggregate usage statistics (visits, hits). It uses a non-identifiable hash so we cannot track individual users. No data is shared with third parties.

3. Email Storage

Emails are stored on disk using standard Maildir format. They are yours. When you delete an email via IMAP or Webmail, it is removed from the disk.

We do not scan your emails for advertising. We do not sell your data.

4. Cookies

We only use session cookies (PHPSESSID) required to keep you logged in to the web interface. These are ephemeral.

5. Right to Erasure

You can delete your account at any time via the Delete Account page. This action is permanent.

Last Updated: 2026-02-04