Oops! Sorry!!


This site doesn't support Internet Explorer. Please use a modern browser like Chrome, Firefox or Edge.

Privacy policy

At The Swaddle Pro, we take the privacy of our users very seriously. We want to make our policies on managing your data clear and understandable, so we've tried to write our privacy policy in plain English.

Jurisdiction

The Swaddle Pro is based in the U.S.A company and as such is subject to U.S.A law. U.S.A has strong privacy laws in relation to email, specified in the Telecommunications (Interception and Access) Act 1979.

Surveillance and law enforcement

We do not participate in, or co-operate with, any kind of blanket surveillance or monitoring.

We also take technical measures where feasible to prevent surveillance of our users occurring without our co-operation, such as:

  • using encrypted SMTP for sending your mail when the receiving server supports it.
  • mandating encrypted access for webmail, IMAP and POP.
  • using Perfect Forward Secrecy where possible for all encrypted connections.
  • encrypting all email, contacts, notes and calendar entries while at rest on our servers.
  • encrypting communications between our data centres.

Like any company, we can never guarantee our measures are 100% effective, as we don't know the full capabilities of any attackers. However, these measures do act to increase the difficulty and expense of any surveillance.

As a U.S.A. company, we are required to disclose information about specific individual accounts to properly authorised U.S. law enforcement with the appropriate supporting documentation. This means we need to see a warrant signed by a U.S. federal judge before we will hand over any email data. Such requests must always be for specific accounts; we do not participate in or co-operate with "fishing expeditions". As a guideline, in the last year we disclosed information on fewer than 50 accounts.

We do not directly disclose any information about our users to law enforcement from outside U.S.A, and indeed our understanding of US law is that it would be illegal for us to do so.

Overseas law enforcement may apply via an appropriate mutual assistance treaty to obtain information on our users. If the request is approved, then United States documentation will be issued for disclosure of this information.

This distinction may seem academic, but in our experience the extra administrative overhead, and the additional layers of judicial oversight mean that we receive very few valid requests that originate from overseas and they must always be targeted at specific accounts.

Unless prohibited by law, we will disclose to the account holder when we receive a warrant for their account.

We do not condone illegal activity. We deal with all law enforcement requests personally and we are satisfied that all we have seen are justified.

Data mining and profiling

We do not sell or give information about our users to any third parties. Payments are securely handled via Stripe or PayPal; your credit card details are never transmitted to our servers. The payment provider will store your credit card details and address for the purpose of future payments with The Swaddle Pro, unless you have requested your payment details not to be stored. Stripe's privacy policy is available at https://stripe.com/au/privacy. PayPal's privacy policy varies depending on your country of residence; you can select your country to find the relevant privacy policy at https://www.paypal.com/webapps/mpp/ua/legalhub-full.

Incoming messages are scanned for the purpose of spam detection unless you disable spam protection for your account. We may also scan some outgoing messages with the same software to prevent people using our service to send spam. Emails you report as spam are automatically analysed to help train our spam filter. Also, if enabled, emails reported as spam are forwarded on to some external email reporting services. These services aim to help monitor and reduce overall spam on the Internet.

Employee access to data

Due to the nature of their jobs as system administrators, some of our employees have the capability to access YCE accounts. We hold all of our employees to the highest ethical standards, and this includes not accessing anyone's account without their permission. If you ask us to look at a specific message, for example because it isn't displaying properly in our interface, we will normally request that you move it to a special folder so we can be sure we won't access anything else.

If we receive abuse reports for an account, backed up with evidence that it has been used for sending spam or fraud, we may look at the account to decide whether to lock it permanently. This is to reduce the likelihood of accidentally locking a legitimate account. In this instance, it will normally be sufficient for us to just scan the subject and preview lines in a mailbox, but not read any full emails (and we certainly have no wish to do so).

Data retention

We retain backups of deleted messages for at least a week. This is for the purpose of restoring messages in case of accidental deletion. After this point, deleted messages will be purged from all our backups, although the time this takes to happen may vary due to automated load balancing.

We normally keep logs of email and server activity for up to 6 months. This is for the purposes of diagnosing and fixing problems, which are often reported to us weeks or months after they occur. Message subjects may be contained in these logs, but not message bodies. Aggregate or anonymous data, which cannot be linked to individual user accounts, may be kept for longer periods, for the purpose of improving the YCE service.

Backups and logs may be kept longer than these limits in special circumstances. For example, if a problem is taking a long time to resolve, logs relevant to that investigation may be retained. Or if a server that contains backups or logs is temporarily offline because of a fault, then those backups or logs may not be deleted until the server is brought back up.

These situations are unusual, however, and when they do occur, they are temporary.

Account deletion

Should you close your account, all data will be permanently deleted 7 days after closing. It may take a further 2 weeks to purge from all our backups.