Privacy Policy

Effective Date: January 27, 2025

Mailbloc ("we," "us," or "our") is operated by KEYBLOC PTE. LTD. (UEN 202506039C), a company registered in Singapore. This Privacy Policy explains how we collect, use, store, and protect your information when you use mailbloc.com (the "Service").

1. Information We Collect

1.1 Account Information

When you register for Mailbloc, we collect:

  • Email address: Used for account identification, authentication, and communication
  • API token: Automatically generated unique identifier for API authentication
  • Subscription plan: Your selected service tier (Free or Pro)
  • Payment information: Processed through Stripe (we do not store credit card details)

1.2 API Usage Data

When you use our API to validate email addresses and IP addresses, we temporarily process:

  • Email addresses: Domains extracted for MX validation and risk classification (not stored long-term)
  • IP addresses: Checked against threat databases for reputation analysis (not stored long-term)
  • Request metadata: Timestamps, API token, and rate limiting information
  • Velocity patterns (Pro plan): Aggregated patterns for ML-based fraud detection

Important: We do not permanently store the specific email addresses or IP addresses you validate. We only retain minimal metadata necessary for rate limiting, abuse prevention, and service improvement. Individual validation queries are not logged or retained beyond processing.

1.3 Automatically Collected Information

  • Browser information: User agent, browser type, and version
  • Connection data: IP address, timestamps of requests
  • Usage patterns: API call frequency, feature usage, rate limit events

2. How We Use Your Information

We use collected information for:

  • Service provision: Processing API requests, performing email and IP validation
  • Account management: Authentication, billing, and subscription management
  • Rate limiting: Enforcing plan limits and preventing abuse
  • Fraud detection: Identifying and blocking malicious usage patterns
  • Service improvement: Enhancing validation accuracy and detection algorithms
  • Communication: Sending service updates, security alerts, and billing notifications
  • Support: Responding to inquiries and troubleshooting issues
  • Legal compliance: Meeting regulatory requirements and enforcing our Terms

3. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We only share data in the following limited circumstances:

3.1 Service Providers

  • Stripe: Payment processing (PCI-DSS compliant)
  • Hosting providers: Infrastructure and data storage
  • Email service: Transactional emails (account verification, notifications)

All service providers are bound by confidentiality agreements and process data only as instructed.

3.2 Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect our rights, property, or safety.

3.3 Business Transfers

If KEYBLOC PTE. LTD. is acquired or merged, your information may be transferred to the new entity. We will notify you before your data becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access controls: Role-based permissions and authentication
  • API security: Token-based authentication with rate limiting
  • Infrastructure: Secure cloud hosting with regular security audits
  • Monitoring: Continuous threat detection and incident response

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data as follows:

  • Account data: Retained for the lifetime of your account, plus 30 days after deletion to allow for recovery
  • API validation queries: Not stored permanently; processed in real-time and discarded immediately after returning results
  • Rate limiting data: Retained for 60 minutes (sliding window)
  • Aggregated velocity patterns: Retained for 90 days for ML model training (Pro plan only)
  • Payment records: Retained for 7 years to comply with Singapore tax and financial regulations

You can request account deletion at any time, which will permanently erase all associated data within 30 days.

6. Your Rights

Depending on your location, you may have the following rights:

6.1 GDPR Rights (EU/UK Users)

  • Right to access: Request a copy of all data we hold about you
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time

6.2 PDPA Rights (Singapore Users)

  • Access: Request information about how we collect, use, and disclose your data
  • Correction: Request correction of inaccurate data
  • Withdrawal: Withdraw consent for data collection (may impact service availability)

6.3 CCPA Rights (California Users)

  • Right to know: What personal information we collect and how it's used
  • Right to delete: Request deletion of personal information
  • Right to opt-out: We do not sell personal information, so no opt-out is necessary

To exercise any of these rights, contact us at team@mailbloc.com . We will respond within 30 days.

7. Cookies and Tracking

We use essential cookies only for authentication and session management. We do not use advertising cookies, third-party tracking, or analytics cookies. You can clear session cookies by logging out.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with GDPR and PDPA requirements.

9. Children's Privacy

Mailbloc is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the updated policy. For material changes, we will notify you by email.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

KEYBLOC PTE. LTD.

UEN: 202506039C

Email: team@mailbloc.com

Website: mailbloc.com

Last updated: January 27, 2025