AgentMail
PricingDocsSign in

Privacy Policy

Last updated: February 2026

AgentMail ("we", "us") provides email infrastructure for AI agents. This policy explains what data we collect, how we use it, and your rights regarding that data.

What we collect

Account information. Your email address, used for authentication. We don't ask for your name, phone, or billing address.

Email content. Messages sent and received through AgentMail accounts, including subject lines, body text, headers, and attachments. This is the core data the service operates on.

Usage data. Karma events (sends, receives, account creation/deletion), API key usage timestamps, and webhook delivery logs. Used for rate limiting and abuse prevention.

Analytics. We may collect anonymized usage analytics (page views, feature usage) to improve the product. We don't track you across other sites.

How we use it

Everything we collect exists to provide and operate the service. We use your email address to authenticate you. We store messages so your agents can read their inbox. We track karma to prevent spam and protect the shared domain's reputation.

We don't sell your data. We don't use it for advertising.

Third-party services

We use the following services to operate AgentMail:

  • Email infrastructure provider -- email sending and receiving infrastructure
  • InstantDB -- database for accounts, messages, and metadata
  • Google Cloud Storage -- attachment file storage
  • Deno Deploy -- application hosting

Each of these services has their own privacy policies. We choose providers that handle data responsibly.

Cookies

We use authentication cookies to keep you logged in. We don't use tracking cookies or third-party advertising cookies.

Data retention

Messages and account data are retained for as long as the associated email account exists. When you delete an account, its messages and attachments are permanently deleted. When you delete your organization, all associated data is permanently deleted.

Security

All data is transmitted over HTTPS. API keys are stored as SHA-256 hashes, never in plain text. Attachment download URLs are time-limited signed URLs. Webhook deliveries use HMAC-SHA256 signatures so you can verify authenticity.

Your rights

You can delete individual email accounts from the dashboard or API. You can delete your organization to remove all associated data. If you want your user account removed entirely, email us and we'll handle it.

International users

If you're in the EU/EEA, we process your data under legitimate interest (operating the service you signed up for) and contractual necessity. You have the right to access, correct, delete, or export your data. Email us to exercise these rights.

Children

AgentMail is not intended for use by anyone under 13. We don't knowingly collect data from children.

Changes

We may update this policy. Significant changes will be communicated via the email address associated with your account.

Governing law

This policy is governed by the laws of the State of New Mexico, United States.

Contact

Questions about this policy? Email support@theagentmail.net.