PrivadoVPN Email Relay Privacy Policy
Last Updated: May 1, 2026
This Privacy Policy applies specifically to PrivadoVPN’s Email Relay service (the “Relay” or “Email Relay”). The Relay is a feature of the Services provided by Privado Networks ehf. This policy supplements, and should be read together with, the PrivadoVPN Privacy Policy available at https://privadovpn.com/privacy-policy/ (the “Main Privacy Policy”). Capitalized terms used but not defined in this policy have the meanings given in the Main Privacy Policy.
For information about your privacy rights, the supervisory authority, how to contact us, and other general data protection matters, please refer to the Main Privacy Policy. In the event of any conflict between this policy and the Main Privacy Policy, this policy controls with respect to the Email Relay.
Data Controller
Privado Networks ehf, a private limited company organized under the laws of Iceland, with its registered office at 2nd Floor, Suðurhraun 10, Garðabær, Reykjavík 210, Iceland, is the data controller for the processing of personal data in connection with the Email Relay.
Contact: support@privadovpn.com
Overview of the Email Relay
The Email Relay lets you create one or more alias email addresses that forward incoming messages to your private email address. The Relay can also block email tracking pixels and known tracking mechanisms before forwarding, and optionally display the original, unaltered email.
Personal Data We Process
To provide and maintain the Email Relay, we process the following categories of personal data:
- Alias configuration data. Your forwarding address and alias-to-forwarding-address mapping, which is necessary to route incoming messages to the correct destination.
- Email content. The original emails sent to your alias address, including headers, subject line, body text, and attachments. We process this content to deliver messages to your forwarding address, to block email tracking pixels and known tracking mechanisms, and (if you enable this option) to display the original, unaltered email.
- Delivery metadata. Technical information generated in the course of forwarding, including the time an email was received and forwarded, message size, and delivery status (e.g., successfully delivered, bounced, deferred).
- Account- or alias-level usage statistics. Limited statistics associated with your account or alias, such as the number of messages forwarded, the number of tracking pixels blocked, and similar feature metrics, used to populate your account dashboard, troubleshoot issues, and support the Relay.
- Aggregated service analytics. Aggregated or de-identified service-level statistics used to maintain service integrity, capacity planning, security, abuse prevention, and performance. To the extent such analytics are truly anonymous and cannot be linked to an identifiable individual, they fall outside the scope of applicable data protection law.
- What we do not do with Relay data. We do not use Email Relay message content for advertising, profiling, behavioral inference, keyword-based targeting, sentiment analysis, training or fine-tuning of artificial intelligence or machine learning models, or any purpose other than providing and securing the Relay. We do not sell or share Relay data with third parties for cross-context behavioral advertising or any other commercial purpose.
Legal Bases for Processing
For users in the EEA, Iceland, and Switzerland, the legal bases for processing personal data in connection with the Email Relay are as follows:
| Processing Activity | Legal Basis |
|---|---|
| Alias configuration (forwarding address, alias mapping) | Performance of a contract (Article 6(1)(b)) — necessary to provide the Email Relay as part of the Services you have subscribed to. |
| Email content processing (receiving, scanning for trackers, forwarding) | Performance of a contract (Article 6(1)(b)) — necessary to deliver the core functionality of the Relay. |
| Delivery metadata | Performance of a contract (Article 6(1)(b)) — necessary to confirm delivery and troubleshoot forwarding issues; Legitimate interest (Article 6(1)(f)) — to maintain service reliability and detect abuse. |
| Post-deactivation retention of alias mapping and delivery metadata (90 days) | Legitimate interest (Article 6(1)(f)) — to prevent abuse, detect fraud, and respond to security incidents following alias deactivation. We have conducted a balancing assessment and concluded that the limited scope and short duration of this retention does not override your fundamental rights and freedoms. |
| Account- or alias-level usage statistics (messages forwarded, tracking pixels blocked, feature metrics) | Performance of a contract (Article 6(1)(b)) — necessary to provide dashboard functionality and support the Relay; Legitimate interest (Article 6(1)(f)) — to troubleshoot issues and maintain service quality. |
| Aggregated service analytics | Legitimate interest (Article 6(1)(f)) — to maintain service integrity, plan capacity, secure the Services, prevent abuse, and analyze performance. To the extent such analytics are truly anonymous and cannot be linked to an identifiable individual, they fall outside the scope of the GDPR. |
Data Retention
- Email content. Original emails are retained for thirty (30) days by default from the date of receipt, then permanently deleted. Encrypted backups containing email content are purged within thirty (30) days following deletion of the original, for a maximum effective retention period of sixty (60) days.
- Alias configuration data. Retained for the duration that your alias is active. Upon alias deactivation or account deletion, alias mapping data is retained for ninety (90) days for security and abuse prevention purposes, then permanently deleted.
- Delivery metadata. Retained for the duration that your alias is active. Upon alias deactivation or account deletion, delivery metadata is retained for ninety (90) days, then permanently deleted.
- Account- or alias-level usage statistics. Retained for the duration that your alias is active. Upon alias deactivation or account deletion, such statistics may be retained for up to ninety (90) days for security, abuse prevention, support continuity, and troubleshooting, then permanently deleted.
- Aggregated service analytics. Retained indefinitely only to the extent they are aggregated or de-identified such that they cannot be linked to an identifiable individual.
Data Security
Email content is encrypted in transit (using TLS where supported by the sending and receiving mail servers) and at rest within our systems. We maintain logical separation between alias mapping data and message storage, enforce access controls limiting personnel who can access Relay infrastructure, and maintain audit logs of access to Relay systems. These audit logs are limited to personnel and system access to Relay infrastructure and administrative functions. They are not logs of end-user message content, Relay user activity, or PrivadoVPN activity, and are used solely for security, access control, incident response, and accountability.
The Email Relay processes email content by its nature. This distinguishes it from the PrivadoVPN service, which is designed not to generate or retain logs of browsing history, traffic destination, data content, VPN session IP logs, or DNS queries. Users should understand that while we apply strong security measures to Relay data, the Relay necessarily processes and temporarily stores email content in order to provide the forwarding service.
Service Providers. Privado operates the Email Relay infrastructure directly and does not use third-party email delivery or hosting providers for the core forwarding service.
Disclosure and Law Enforcement
We disclose Email Relay data only as described in the Main Privacy Policy and this policy.
Because the Email Relay processes and temporarily retains email content (unlike the PrivadoVPN service, which does not retain traffic data), we may have limited data available for disclosure in response to valid legal process. Specifically, within the applicable retention windows described above, the following data may exist and be subject to compelled disclosure:
- alias configuration data (forwarding address and alias mapping);
- email content (original messages, headers, subject lines, body text, and attachments); and
- delivery metadata (time received/forwarded, message size, delivery status).
We will disclose such data only when legally compelled by valid and binding legal process issued or recognized under Icelandic law. Requests from foreign law enforcement or regulatory authorities must be formally processed through the legal channels available under Icelandic law, including mutual legal assistance treaties (MLAT) or other recognized international cooperation mechanisms.
We review all legal process for validity and scope before disclosure, challenge overbroad or legally deficient requests, and where lawfully permitted, notify affected users of requests for their data.
After the applicable retention periods have expired, the relevant data no longer exists in our systems and cannot be produced in response to any request.
Cross-Border Data Transfers
The Email Relay infrastructure is operated within Iceland and the EEA. Your alias configuration data, email content (during the retention period), and delivery metadata are stored and processed in these jurisdictions.
User-directed forwarding. When you configure a forwarding address, you instruct Privado to transmit incoming messages to the mail server associated with that address. If that mail server is located outside the EEA, forwarding necessarily involves a transfer of email content to that destination.
For such transfers:
- Where the destination country benefits from an adequacy decision or another recognized transfer framework applicable to the destination recipient, the transfer is made on that basis.
- Where neither an adequacy decision nor another recognized transfer framework applies, the transfer occurs only because you have specifically designated that forwarding destination and instructed Privado to send messages there as the core function of the Relay. To the extent applicable, Privado relies on the derogation for transfers necessary for the performance of a contract at your request (Article 49(1)(b) GDPR), and applies technical safeguards such as TLS encryption in transit, where supported by the destination mail server.
By designating a forwarding address whose provider operates outside the EEA, you instruct Privado to transfer the email content necessary to complete the forwarding to that destination and acknowledge that the destination jurisdiction may not provide a level of data protection equivalent to that of the EEA. If you do not want Relay content transferred to a particular jurisdiction, do not configure a forwarding address served from that jurisdiction.
Privado does not independently transfer Relay data to third countries for its own purposes. All cross-border transfers of email content occur solely as a consequence of the forwarding destination you configure. Once a forwarded message is delivered to your designated provider, further handling of that message is governed by that provider’s own terms and privacy practices, not this Policy.
Age Restriction
You must be at least eighteen (18) years of age to use the Email Relay. This age requirement applies regardless of whether you are otherwise eligible to use PrivadoVPN under the Terms of Service, which permit users aged sixteen (16) and older with parental consent to use the VPN service.
The higher age threshold for the Email Relay reflects the nature of the data processed: the Relay handles the content of email communications, which may include sensitive personal information, and applies a higher minimum age accordingly.
California Residents
Email content processed by the Email Relay constitutes Sensitive Personal Information (“SPI”) under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).
- Use of SPI. We limit our use of Email Relay SPI strictly to what is reasonably necessary to provide and secure the Relay. We do not use email content to infer characteristics about you, and we do not use Relay SPI for any purpose other than providing the service, maintaining security, and complying with legal obligations.
- No sale or sharing. We do not sell or share (as those terms are defined under the CCPA) any personal information or SPI collected through the Email Relay.
- Your rights. California residents have the right to limit the use and disclosure of SPI under CCPA §1798.121. Because we already limit our use of Relay SPI to what is necessary to provide the service, this right is satisfied by our default practices. You also retain all rights described in the Main Privacy Policy, including the rights to access, delete, and opt out of sale or sharing (though there is no sale or sharing to opt out of). To exercise any right, contact us at support@privadovpn.com.
Changes to This Policy
We may update this policy from time to time. When we make material changes, we will notify you by reasonable means as described in the Main Privacy Policy. The “Last Updated” date at the top of this policy indicates when changes were most recently published.
Contact
Privado Networks ehf
2nd Floor, Suðurhraun 10, Garðabær
Reykjavík 210, Iceland
Email: support@privadovpn.com
For information about your privacy rights, the supervisory authority (Persónuvernd), and the Data Protection Officer determination, please refer to the Main Privacy Policy.
