The important highlights
- We don’t collect your email for marketing purposes, we don’t sell it on or try and track you in any way. Our business model is not based on de-anonymising, tracking or influencing people in any way shape or form.
- We delete the images and text of your documents after we’ve mailed you a copy and don’t keep the outgoing email either. We have 100% respect for your privacy and only keep your email address to track usage/abuse. We don’t make money, analysing or selling information about the documents you upload.
- We don’t require usernames or passwords or consent to use third parties since we have none.
- We don’t upload or take any other files or images from your Phone. We don’t know your name or query iPhone APIs to find out who you are.
- We welcome all uses for our app including the use of throw away accounts or scanning of completely non-personal documents like fliers, books, magazines etc.
Who we are
We are a company that provide Mailsnapper, an iPhone app that takes photos and turns them into PDF documents. You give us the images and we read the text from them, create a document and send it to the email address you provide. Our text extraction features give you a powerful way to organise and find those documents in the future.
The primary function is typically for uploading your paper letters which may contain your personal data.
What personal data we collect and why we collect it
Data required for minimum system functioning.
When you open our application for the first time the phone generates a unique code that represents you. The code is completely random and not based on any of your details. It is not generated from name, phone number or any other data. It is completely random.
Internally this unique code is called the “CreditToken” and it is used to track how many documents you send yourself. We currently give everyone a million free credits whilst we evaluate the feasibility of the app but there are longer term plans to offer limited free credits (e.g. 15) and to allow the purchase of more credits later. We maintain a database that links this identifier to the number of credits the user has remaining. Theft or loss of this database would not indicate who our users are and can in no way to be used to identify someone. Only your iPhone knows what your token is or could link a person to a token.
In the typical use-case our application involves a user uploading images to our server along with an email address. The file is uploaded and stored on the server, processed through an OCR tool we host on the same server and once the final document is prepared we email the user the final result. If the email is sent successfully then we immediately delete the original uploaded files from our servers. This includes both files coming in and the document we send out. We do not derive or record any data from your document, either directly or indirectly. For example, we do not record addresses or names or what sort of document it is, nor do we attempt to derive or guess any information about you.
Once the email is sent we update the credit balance against the token and record the email address and time we sent the email. We do this to prevent potential abuse to the service and to measure its popularity.
This company is not interested in generating revenue or impacting political opinion via collecting or selling of your information. The founder wrote this application for personal use and has made it available to everyone for a modest maintenance charge. We plan to charge our users upfront to use the service and are intentionally transparent about that long term goal. We keep as little data as possible to operate the service for your security. We understand our users’ trust and privacy are vitally important.
Our servers are based in Amsterdam and operate under UK and EU law including GDPR regulations. The company is based in London, UK. The Chief Information Officer is the company director, Phillip Taylor, who can be contacted using the email address on the Contact Us page.
The company address is registered to 3 Glebe House, Glebe Way, Twickenham, England, TW13 6HW.
We use standard Web based cookie technology inside our iPhone app to remember the email address you gave us when the app is closed.
If you have any further questions or concerns feel free to contact us using the email on the Contact Us page. You may also find Mailsnapper is a useful tool even if you don’t want to use it for personal data.
Legally to extract the text from your document and email it to you, we (the company) need to have the copyright for the image since sending an email could be considered a “copy” of the document. Therefore your use of the service grants us a non-exclusive royalty-free copyright to any image uploaded. We will never share or use your images or derived documents for our own benefits. We will not claim their copyright after we have finished processing it on our servers. We only claim the minimum possible rights required in order to perform the system’s advertised functions.
Reading your uploaded documents
Whilst we respect your privacy, we reserve the right to open any uploaded document should we have a situation such as an upload that keeps crashing our servers. At the current time only the company founder, is capable of potentially opening documents. This minimal access increases your privacy.
Feedback and poor service
Since we take your privacy seriously, we have no way to identify poorly processed documents and improve the experience. If you have specific documents that scan poorly and would like us to improve the experience for you, you can email them to us using the email on the Contact Us page and we will investigate. Remember to attach the images as we have no record of what data has been processed before. Please be advised the largest influence on whether an images text is cleanly extracted is how well the photo was taken.
General Website monitoring
Site and logs
When people access this website at either https://www.mailsnapper.com or https://api.mailsnapper.com either directly or via the application, our application logs record the user-agent and IP address. This allows us to detect abuse and to gauge how popular our site is. This is typically standard practice for all websites.
We use Google analytics on this website but not on the API site which the iPhone app uses.
How long we retain your data
We delete your images and the output document from our servers as soon as we can. As soon as the servers have done what they need to.
We simply retain people’s credit balances against their effectively anonymous token and we retain the email addresses we have emailed and what time. This is to provide proof of delivery for our future “paid-for” service.
How we protect your data
We use encryption (HTTPS) in order to ensure your documents are transferred securely to us and cannot be intercepted. Our email software always attempts to deliver mail using encryption (TLS) where possible too. Our servers use highly secured Linux and Docker containers based on Debian Buster and we keep our server software up to date to ensure your security. We don’t move your document around or between servers after it is uploaded. We have no reason to and our architecture does not require it. You document goes through an initial load balancer (Nginx) and straight to the application server. We delete your documents as soon as we finish processing them (likely within 10 minutes depending on system load) and the documents are also lost in system crashes. We accept this can provide a mild inconvenience to our users.
What data breach procedures we have in place
We maintain the minimum possible data we need to operate the service. Of that, the most personally revealing information we could lose is your email address. In the event of a breach we would inform our users in accordance with the law. In the event of any ongoing breach we would likely take the service offline to protect our users.
As stated above, but spelled out again for clarity of GDPR compliance, we have no third parties at the business level (Our applications are hosted on Digital Ocean and 123-Reg.co.uk operate our secure mail server). We do not pass any user information outside of the company. The iPhone app exists in the iPhone app store ecosystem therefore Apple may collect information about who is using what applications and you should consult their documentation with regards to how the app store collects data.
Your data protection rights
You have the right to request copies of the data we keep on you. As we cannot identify users by credit token and you also cannot see your credit token, you will need to email us from the email address you send your documents to. We will then reply with an event log of emails sent and a copy of your credit token record with remaining credits.
You have the right to correct data we have on you that is incorrect, although it is unlikely this situation will occur whilst the service is free.
You have the right to request the deletion of your data. We would scrub your email from our database by replacing it with something anonymous such as “redacted123” so that you can be sure in the event of a breach of our systems your email will never be compromised.
You have the right to restrict or object to processing of your data but we do not do this, except to OCR incoming requests, so by not using our service, you can be assured your data is not processed.