We value your privacy

We value your privacy and recognize the importance of privacy to you. This Privacy Policy describes our practices in connection with personal data (defined below) that we or our service providers may collect, use or disclose when you visit our website, third-parties sites, software and applications to use the services that we offer thereon in relation to generating unique email aliases for third-party services and email forwarding service (collectively, the “Services”).

This Keep Mail platform is operated and controlled by us, VNN Labs Ltd, a company incorporated under the laws of the Republic of Cyprus with its registered address at 84 Spyrou Kyprianou, 4004 Limassol, Cyprus (the “Company” or “we”). You are advised to read this Privacy Policy with our Terms and Conditions at

By using the Services, you (“you” or “your” shall mean the party disclosing personal data or user) are deemed to have read, understood and accepted our practices in this Privacy Policy. We are not responsible for the privacy practices of any third-party websites or third-party wallet providers that may be linked to our Services. It is your responsibility to check this webpage periodically to see if any terms have been changed or modified and your continued use of the Services constitutes your acceptance of any updates to this Privacy Policy.

This Privacy Policy is governed by the European General Data Protection Regulation (“GDPR”) and is intended for use in European Economic Area (“EEA”) and if we offer goods or services to individuals in the EEA (“EU Individuals”) and, where applicable, other countries or regions which provide the same level of protection for personal data that is comparable to the standards of the GDPR.

We understand that we may lawfully process personal data if consent is provided by the EU Individual for the processing for specific purposes, if it is necessary for the performance of a contract or if it is necessary for our compliance with a legal obligation.

We understand that personal data must be processed lawfully, fairly and transparently, be collected and applied only for specified, explicit and legitimate purposes, must be limited to only what is required, must be accurate, not be kept in personally identifiable form for longer than is necessary and must be secured and protected pursuant to the GDPR.

We acknowledge and agree that the GDPR affords EU Individuals with rights such as:

  1. Right to access and obtain a copy of the EU Individuals’ personal data, including the purposes of processing and who the personal data has been disclosed to;
  2. Right to rectify inaccurate personal data concerning the EU Individual;
  3. Right to erasure of personal data concerning the EU Individual in certain circumstances;
  4. Right to restriction of processing of personal data in certain circumstances, such as where the accuracy of the personal data is contested, or the processing is unlawful;
  5. Right to data portability by receiving personal data concerning the EU Individual or data which has been provided to us, in a structured, commonly used and machine-readable format, and the right to transmit that data to another organization;
  6. Right to object to the processing of personal data in certain circumstances, including for the purposes of direct marketing; and
  7. Right not to be subject to automated decision-making (including profiling) where this has a legal effect on the EU Individual or significantly affects him.

We agree that we will act on a request from an EU Individual without undue delay (within one month). We will maintain records of how we process personal data, acknowledge the need to conduct data protection impact assessments and the need to apply careful consideration in the adoption and engagement of our data processors.

Please read this Privacy Policy and our Terms and Conditions carefully before disclosing any personal data to us or using the Services.

The information we collect

We collect personal data when you create an account to use the Services. However, we strive to minimise the scope and the retention period of such information.

“personal data” or “personal information” means data, whether true or not, about an individual who can be identified –

  1. from that data; or
  2. from that data and other information to which the organization has or is likely to have access.

If you choose not to provide us with the information requested, you may not benefit from certain features of the Services and your use of the Services may be limited.

The personal information we collect from you may include but is not limited to the following:

  1. Wallet blockchain address and email when you use the Services;
  2. General information such as your preferences like how your content is displayed and notification settings on the Services; or
  3. Geolocation data such as the location of your device (e.g. IP address);
  4. Email address and other profile information (Google, WalletConnect, MetaMask and so on) provided by you to us during your login;
  5. Your device information.

We will only collect information that is reasonably necessary for us to provide you with the Services. We collect such information only when we ask you for it and you provide it, and through technology that collects information automatically, such as cookies or other similar technologies. We will not be responsible for relying on inaccurate or incomplete data arising from your failure to notify us of any changes or inaccuracies in your personal data that was provided to us.

We do not keep personal information for longer than it is required, and we destroy or permanently anonymize personal information that we no longer need, where permitted. We strive to minimise both the scope and the retention period of the collected information.

We collect information in several ways, such as:

  1. From our website: you may have an opportunity to send us information about yourself (e.g. when you create an account to use the Services). You may choose to personalize your user-experience on the Services in which case we may collect information about your visits to our website, including the URL clickstream, length of visits to certain pages and page interaction which may be collected automatically through the use of cookies.
  2. We may collect information when you contact us for information, applications and Services, provide feedback or complaints or otherwise in the course of providing technical assistance or responding to queries.

Sensitive information

We do not collect audio, visual or similar information such as photographs, videos or voice recordings. Unless specifically requested for, we ask that you do not send us or disclose to us any sensitive personal information such as passport/national identification card numbers, social security numbers, credit card numbers, information related to racial or ethnic origin, political opinions, sexual orientation, criminal background on or through the Services or otherwise to us.

Automatic information collection

We may collect certain information automatically through the use of cookies when you use the Services, and the information may be collected in the following ways:

  1. Through your browser

This may include but is not limited to your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version, mobile device ID, blockchain address, wallet type, and date/time stamps.

  1. IP address

Your IP address, along with the time of the visit and pages visited, is identified and logged automatically in our server log files whenever you visit the Services. We use this information to analyze trends, administer the Services and customize the Services to your needs.

  1. Mobile device

If you access the Service through a mobile device, we may collect information on it such as smartphone device brand and type to understand how you use the Service.

  1. Cookies

We use cookies to collect information to analyze how users interact with our Services and provide users with a more personalized experience.

  1. Through third-party companies

We may receive personal information about you from companies who offer their products and/or services for use with our Services. For example, third-party wallet providers may provide us with your blockchain address and other information that you share with such wallet providers. We use Google services and Amplitude as a provider of clients’ data.

  1. Public information from blockchains

You understand that data from your activity is publicly visible and/or accessible on blockchains including but not limited to blockchain addresses and information regarding purchases, sales, or transfers, which may be associated with other data you have provided to us.

How we use your information

We may use your personal information only for purposes permitted by applicable laws and for the purpose for which it is collected, which generally includes the following:

  1. To assist you in setting up an account to use the Services;
  2. To identify and verify your identity when you access and use the Services or engage with us. For the avoidance of doubt, we do not identify physical persons, only the credentials to access the account;
  3. To provide the Services to you, including helping you to view, explore and use our tools;
  4. To conduct trials (with your consent) to enhance, improve and optimize your experience when you use the Services; or
  5. To comply with regulatory requirements, where applicable.

By using the Services, you expressly authorize and consent to us gathering, reviewing, retaining and where reasonably required, transmitting your personal information to our intermediary companies and entities for the proper and reasonable purpose of them storing and using the data responsibly and in accordance with the GDPR. When you provide personal information on or through the Services, the information may be sent to servers located outside of the European Economic Area. In such an event, we will take appropriate steps to ascertain that the foreign recipient organization of the personal data is bound by legally enforceable obligations that are in-line with the requirements under the GDPR.

We may also use your personal information to:

  1. Ensure that the content on the Services is presented in the most effective manner for you and understand your interests;
  2. Provide the Services to you and contact you on the same;
  3. Improve the functionality and usage of the Services;
  4. Resolve or track status of issues on our Services and to guide the development of new products and services;
  5. Allow you to participate in features of the Services;
  6. Identify the types of devices you use so that we can optimize our systems in the future;
  7. Communicate with you by email or other chosen means to send relevant notifications about our activities, developments and services that may be of interest to you;
  8. Contact you and notify you about changes to the Services that we offer (except where you have expressly requested for us not to do so);
  9. Ensure that you comply with our terms and conditions and the applicable law; and
  10. Send you important notifications that you will require to use device and the Services.

By using the Services, you expressly authorize and consent to us gathering, reviewing, retaining and where reasonably required, transmitting your personal information to our intermediary companies and entities for the proper and reasonable purpose of them storing and using the data responsibly and in accordance with the GDPR. When you provide personal information on or through the Services, the information may be sent to servers located outside of the European Economic Area. In such an event, we will take appropriate steps to ascertain that the foreign recipient organization of the personal data is bound by legally enforceable obligations that are in-line with the requirements under the GDPR.

Protection of Personal Data Collected

Personal data collected by the Company are stored in information systems adopted by the Company, which include, but are not limited to cloud storage systems. We adopt commercially reasonable security measures to safeguard personal data collected. Some of the security measures adopted include, but are not limited to:

  1. Engaging reputable third-party cloud system service providers to host our cloud storage systems and ensuring integration is properly done;
  2. Employing an in-house Information Technology team to ensure security of our storage systems and information communication systems;
  3. Checking that the third-party cloud system service providers that we engage adopt robust security measures that include configuring their cloud services to only allow access by whitelist IP addresses, periodically auditing configurations and security controls to ensure that servers or programs that host their cloud storage systems remain secure despite the increasing sophistication of data breach threats;
  4. Adopting processes within the Company’s information communication systems, and checking with our cloud system service providers, to ensure that the organization has security measures against malware and phishing attempts. For example, the Company uses advanced protection services such as Microsoft 365 advanced protection and Google Protection service for cloud-based email server to protect incoming mail, and the Company uses Multi-Factor Authentication to secure administrator accounts against phishing attempts and malware that may compromise administrator credentials; and
  5. Protecting cloud access keys or other database access keys by limiting user access based on the roles and functions within the organization, periodically rotating, resetting or reconfiguring critical keys, storing access keys in private folders.

The Company adopts measures and procedures that are aligned with guidance from the Personal Data Protection Commission. However, we do not guarantee that data breaches will not occur despite the adoption of commercially reasonable security measures that include the measures set out above.

With whom we share your information

We do not share your personal information with others except as indicated in this Privacy Policy or when we inform you and give you an opportunity to opt out of having your personal information shared. We may share personal information with:

  1. Service providers: We may share information, including personal information, with third parties that perform certain services on our behalf. These services may include, without limitation, storage of personal information on a cloud service (such as Firebase), server hosting and supporting our notification service functionality. These service providers may have access to personal information needed to perform their functions but are not permitted to disclose or use such information for any other purposes.
  2. We do not provide any non-anonymized personal information to third parties. We will adhere strictly to the provisions in the GDPR in relation to any disclosure and dissemination of information to any third parties.

We may disclose your information, including personal information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights, to defend against legal claims, or as otherwise required by law.

Cross-border transfer

Your personal information may be transferred, stored or processed in any country where we have facilities or service providers. By using our Service or by providing consent to us (where required by law), your information may be transferred to countries or territories outside the European Economic Area, which may provide for different data protection rules than in the European Economic Area. We will ensure that the use and disclosure of personal information transferred offshore is dealt with in accordance with this Privacy Policy, and we will not transfer your personal data to a country or territory outside the European Economic Area that does not provide protection of personal data that is comparable to the protection under the GDPR.

Retention of information

We retain different types of information for different periods of time for as long as needed or permitted for the purpose(s) for which it was obtained. Generally, we determine retention periods by the length of time for which we have an ongoing relationship with you and provide the Service to you; whether there is a legal obligation to which we are subject; or whether retention is advisable having regard to legal considerations (such as applicable statutes of limitations or regulatory investigations).

Third-party sites

There are a number of places on our Services where users may click on a link to access other websites that do not operate under this Privacy Policy. These third-party websites may independently solicit and collect information, including personal information, from the users and, in some instances, provide us with information about the users’ activities on those websites. You are advised to consult the privacy statements of all third-party websites that you visit. The availability of, or inclusion of a link to, any such site or property on the Service does not imply endorsement of it by us or by our affiliates.

Third-party wallets

In order to use the Services, you may be required to use a third-party wallet which allows you to engage in transactions on public blockchains. You agree that your interactions with any third-party wallet provider is governed by the applicable terms of use and privacy policy thereof which we are not responsible for.

How we protect personal information

We use reasonable physical, administrative and technical measures to help safeguard and secure your personal information from unauthorized access, collection, use, copying, modification, disposal and disclosure. However, no system can be completely secure. Therefore, we cannot guarantee that your personal information, activities while you use the Services, or other communications will always remain secure. If you have a reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately contact us below.

We do not keep personal information for longer than it is required, and we destroy or permanently anonymize personal information that we no longer need, where permitted. We strive to minimise both the scope and the retention period of the collected information.

Use by minors

Although our Services are for a general audience, we restrict the use of the Services to individuals aged 16 and above. By proceeding with the use of the Services, you warrant that you are either aged 16 or above, or you are the legal guardians of individuals below 16. It is your sole responsibility to provide your correct birth date. Where you are setting up your account to use or access the Services as a parent or legal guardian, you are required to provide your personal data and the personal data of your charges and we shall be entitled to assume that all personal data provided is true and accurate. We will take appropriate steps to delete any personal data of persons less than 16 years of age that has been collected on or through the Services without verified parental consent, or consent from a legal guardian, upon learning of the existence of such personal data.

No Third-party Rights

This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the Services.

Contact us

If at any time you would like to access, review, correct, update, restrict, or delete your personal data, or if you would like to enquire about our privacy practices, please contact us by:

  • Email us:
  • Post to: 84 Spyrou Kyprianou, 4004 Limassol, Cyprus.

We will endeavour to respond to your request as soon as reasonably practicable and no later than one (1) month after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response. Your withdrawal of consent to our collection, use and disclosure of personal information may mean that we will not be able to continue with the existing relationship with you and the contract that you have with us may be terminated.

Please note that while you may have a right to access your personal data, there are some circumstances where we are not permitted to give you access to it under the GDPR (for example, we will not accommodate a request to access, change or delete personal data if we believe that doing so would violate any law or legal requirement).

In addition, please note that we are not able to edit or delete any information that is stored on a blockchain, as we do not have control over any blockchains. The information stored on the blockchain may include a choice of cryptocurrency held at that address.

Google Analytics/ Cookies

We use cookies in the operation of the Platform in order to ensure its proper functioning. Cookies are small text files that are stored on a user’s computer, tablet or smartphone by an online portal when you visit it. Cookies are used to provide a better user experience when using the Platform and for record keeping, analyzing trends, administering the Platform, tracking users’ movements on the Platform, and gathering demographic information about the users. We may receive reports based on the use of cookies on an aggregated basis. This is in order for us to track and target the interests of the users using Google analytics and improve the Platform.

It is not mandatory for users to enable the Platform’s cookies and users may delete or block these cookies. However, the users’ browsing experience may be negatively affected as some features of the Platform may not work as intended. The session ID cookie will be stored on a user’s computer for the period of one (1) month.

By using the Platform, you consent to our use of the cookies in the abovementioned ways and for the abovementioned purposes.

The types of cookies used on this Platform are as follows: [to amend as applicable]

  1. Mandatory cookies: The cookies which are essential for enabling users to access and use the Platform and their services.
  2. Preference cookies: The cookies which collect information about how users use the Platform in order for us to improve the Platform’s design and accessibility.
  3. Statistics cookies: The cookies which provide statistics and reporting on the performance of the Platform, through Google Analytics. No personally identifiable data will be collected through these cookies.
  4. Marketing cookies: The cookies which track users’ behavior on the Platform and potentially across other websites, in order to target content that are relevant for the users. Users would not be personally identified through this information.

The Company gathers certain information and stores them in log files automatically in order to improve the Platform’s services. This information includes operating system, internet protocol addresses, internet service provider, referring/exit pages, files viewed on the Platform, date/time stamp, clickstream data and/or browser type. This information may be combined with other information the Company collects about users.

The Company and/or its service providers may use local storage to store content information and preferences

Updates to this Privacy Policy

As part of our efforts to ensure that we properly manage, protect and process your personal data, we will review our policies, procedures and processes from time to time. We reserve the right to amend the terms under this Privacy Policy at our absolute discretion. We will notify you of any changes to this Privacy Policy by way of email or by a pop-up notification when you access the website, app or Services to help ensure that you are always aware of the information that we collect, how we use it, and in what circumstances, if any, that we share it with other parties.

You are encouraged to visit the Services from time to time to ensure that you are well informed of our latest policies in relation to personal data protection. Your use of the Service following any changes means that you accept the revised Privacy Policy. This Privacy Policy was last updated on 17 July, 2023.