Legal

Privacy Policy

Last updated: February 20, 2026

1Who we are

MailArmor ('MailArmor', 'we', 'us') is an AI-powered email security platform operated by Protecte Technologies Pvt Ltd.

Contact

This Privacy Policy explains how we collect, use, share, and protect information when you:

  • visit our website, and/or
  • use MailArmor products and services (the 'Services').

2How this policy applies (website data vs customer data)

MailArmor handles different kinds of data:

  • Website & account data: When you visit our site or create an account, Protecte Technologies Pvt Ltd typically acts as the responsible entity for that data.
  • Customer Data (data processed to provide the Services): When an organization connects MailArmor to Microsoft 365, we process certain data to detect threats and provide email security. In those cases, we generally process Customer Data on behalf of the organization (the organization controls the mailbox environment and settings).

If you are using MailArmor through your employer/organisation, your organization's policies may also apply.

3What information we collect

A) Information you provide

  • Contact details (name, email, phone) when you fill out forms (demo, trial, waitlist, support).
  • Business details (company name, role, domain) when you sign up.
  • Support communications (tickets, chat messages, emails to support).

B) Information collected automatically (website)

  • Device and usage data such as IP address, browser type, pages viewed, and general region/city-level location derived from IP.
  • Cookies and similar technologies (see our Cookie Policy).

C) Information processed to deliver the Services (Customer Data)

When your organization connects MailArmor to Microsoft 365, we process data needed to detect threats and provide email security (e.g., through Microsoft 365 Graph API integrations and related workflows).

Depending on your configuration, this may include:

  • Email metadata (sender, recipient, subject line, timestamps, message IDs).
  • Email content and attachments only to the extent needed for scanning and protection features (e.g., phishing detection, malware scanning, URL checks, sandboxing).
  • Security and audit logs (admin actions, detections, policy events).
  • If enabled: DLP-style pattern scanning (e.g., Aadhaar / PAN / card-like patterns in outgoing emails).

D) Records required for legal/compliance (where applicable)

Where applicable under Indian law and CERT-In Directions, we may maintain certain registration, security, and usage records such as:

  • customer/subscriber name and contact details,
  • service usage period (start/end dates),
  • IP addresses and identifiers allocated/used,
  • registration timestamps and onboarding records,
  • other records required to meet lawful obligations.

4How we use information

We use the information above to:

  • Provide and operate the Services (setup, integrations, threat detection, reporting).
  • Improve security outcomes (tune detections, investigate abuse, and prevent fraud).
  • Provide support and respond to requests.
  • Billing and account management (subscriptions, trials, and invoices).
  • Communicate service notices and product updates (and marketing you request; you can opt out).
  • Meet security and compliance obligations, including maintaining required logs/records and reporting certain cyber incidents to CERT-In where applicable.

5Legal basis / permissions

Depending on applicable law, we process information based on one or more of:

  • Contract necessity (to deliver Services you request),
  • Legitimate interests (security, fraud prevention, service improvement),
  • Consent (optional cookies, marketing where required),
  • Legal obligations (e.g., compliance with recordkeeping, lawful requests).

6How we share information

We do not sell personal information.

We may share information with:

  • Service providers/subprocessors (hosting, monitoring, support tools, analytics, payment processing) who help us run MailArmor.
  • Legal/compliance with authorities if required by law, regulation, or valid legal process.
  • CERT-In / lawful incident response where incident-related information and relevant logs/records are required by law or requested for cyber incident response.
  • Business transfers (merger, acquisition, financing, or sale of assets) with appropriate safeguards.

7Data location and cross-border access

We primarily store and process core service data and required security logs within India (for example, AWS Mumbai), as part of our architecture.

In some cases, operational access from other locations may occur for support and security operations. When this happens, we use safeguards such as access controls, logging, and least-privilege practices.

8Data retention

We keep information only as long as needed to:

  • provide the Services,
  • meet legal/compliance obligations,
  • resolve disputes, and
  • enforce agreements.

Retention can vary by plan and configuration.

Where applicable:

  • Security/ICT logs may be retained for at least 180 days within India (CERT-In related).
  • Required customer/subscriber records may be retained for the period required by applicable law/CERT-In directions (where applicable to our Services).

You can request deletion or export where applicable. Some information may still be retained if required by law or for legitimate security/compliance needs.

9Security measures

We use administrative, technical, and organizational safeguards designed to protect data (access controls, monitoring, and security practices appropriate for an email security provider).

No method of transmission or storage is 100% secure. You are responsible for maintaining secure credentials and appropriate admin access controls in your environment.

10Incident reporting (CERT-In) and breach notifications

Certain cybersecurity incidents may be reported to CERT-In within required timelines (including within 6 hours where applicable), along with relevant information and logs, as required by law.

If we become aware of a personal data breach affecting personal data under applicable law, we will take steps consistent with applicable legal requirements (which may include notifying relevant authorities and/or affected users where required).

11Your rights and choices

Depending on applicable law, you may have rights to:

  • access, correct, or update your information,
  • request deletion,
  • withdraw consent (where consent is the basis),
  • object to certain processing, and
  • request export of certain data.

If you use MailArmor through an organization, your organization's admin may need to submit certain account-level requests.

To exercise rights: support@protecte.io

12Children's privacy

MailArmor is intended for business use and is not directed to children.

13Changes to this policy

We may update this policy from time to time. We'll post the updated version with a new "Last updated" date.

14Contact

For privacy questions: support@protecte.io