Suoja.email Privacy Policy
Last Updated: 5.5.2026
1. Introduction
Welcome to Suoja.email. This Privacy Policy explains how Suoja.email Oy (“Suoja.email,” “we,” “us,” or “our”), located in Pori, Satakunta, Finland, collects, uses, protects, and discloses information when you use our secure messaging service, website, and related applications (collectively, the “Service”).
This policy applies to all individuals who interact with our Service, including organization administrators (“Customers”), individual account holders (“Users”), and individuals receiving secure communications (“Recipients”).
2. Our Zero-Knowledge Architecture
Privacy and security are the foundational principles of Suoja.email. Our Service is built on a zero-knowledge architecture.
- End-to-End Encryption: Your messages, files, and attachments (“Content”) are encrypted and decrypted locally on your client-side device.
- No Access to Content: We cannot, and will not, access, decrypt, or view the unencrypted substance of your Content. We act merely as a secure conduit for your encrypted data.
- Master Key: Your 24-word BIP39 Mnemonic Recovery Phrase (“Master Key”) is generated locally. We never transmit, store, or have access to your unencrypted Master Key.
3. Information We Collect
Because of our zero-knowledge design, the data we collect is strictly limited to what is necessary to operate, secure, and bill for the Service.
A. Information You Provide to Us
- Account Information: When you register, we collect basic account credentials (such as an email address) to establish your identity and facilitate login.
- Billing Information: For Customers purchasing paid subscriptions, we collect billing details, which may include payment method information and billing addresses, which are processed securely by our payment partners.
- Support Interactions: If you contact us for technical support, we collect the information you provide to us to resolve your request.
B. Information We Collect Automatically (Metadata)
To ensure the security and operational integrity of the Service, we process limited metadata, including:
- Network Information: IP addresses used to access the Service.
- Device Information: Device fingerprints and basic system information to authenticate access and prevent fraudulent activity.
- Usage Logs: Basic telemetry regarding system load, access timestamps, and subscription capacity metrics (e.g., active user counts).
4. How We Use Your Information
We use the limited information we collect for the following purposes:
- Service Provisioning: To create accounts, authenticate Users and Recipients, and deliver encrypted messages.
- Billing and Account Management: To process payments, calculate prorated usage, and manage subscription limits.
- Security and Fraud Prevention: To monitor for unauthorized access, mitigate security threats, and enforce our Acceptable Use Policies.
- Customer Support: To investigate and resolve technical issues (only with your explicit permission to audit the related usage).
5. Data Sharing and Third-Party Subprocessors
We do not sell your personal data. We only disclose information to trusted third-party service providers (subprocessors) necessary to run our infrastructure and business operations, or when legally compelled.
Because of our end-to-end encryption, none of our subprocessors can read, view, or access the contents of your messages.
Authorized Third-Party Tools
| Tool Name | Purpose | Data Region | Company Country of Origin | Able to See Your Messages |
|---|---|---|---|---|
| Adyen | Payment processing | EU / Global | Netherlands | No |
| Netvisor (Visma) | Accounting and manual billing | Finland / EU | Finland | No |
| Cloudflare | DNS, static hosting, load balancing, and HTTP traffic proxying | Global (Edge Network) | United States | No |
Other Disclosures
- Legal and Law Enforcement Requests: We may preserve or disclose your metadata and account information if required by a legally binding order, subpoena, or request from a competent governmental or law enforcement authority. Note: Because we do not possess the decryption keys, we cannot provide your actual message Content in a decrypted format to anyone, including law enforcement.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, account information may be transferred as a business asset.
6. Data Retention and Deletion
- Active Accounts: We retain your account information and encrypted Content for as long as your account is active.
- Termination: Upon termination of a Customer’s Subscription Services Agreement, we will make Customer Content available for export for thirty (30) days. After this period, or upon immediate termination of a User account for EULA violations, we will delete the account and all associated Content from our active systems.
- Backups: You are solely responsible for maintaining backups of your Content. Suoja.email is a communication conduit, not a permanent archive.
7. Children’s Privacy
The Service is strictly not intended for individuals under the age of sixteen (16). We do not knowingly collect personal information from anyone under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information and terminate the account immediately.
8. Your Rights
As a company based in Finland, we operate in compliance with the General Data Protection Regulation (GDPR). You have the right to access, rectify, or request the deletion of your personal data. You may exercise these rights through your account settings or by contacting us directly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website or communicating it to you directly.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact our legal team at:
Email: legal@suoja.email
Address: Suoja.email Oy, Pori, Satakunta, Finland