Privacy Policy

Last updated: May 24, 2026

1. Who we are

Telegrph (“we,” “us,” or “our”) operates the business email platform at telegrph.com. This Privacy Policy explains what information we collect, why we collect it, and how we protect it.

2. Information we collect

We collect only what we need to provide the service:

• Account information — name, email address, organization name, and a password hash when you sign up.
• Domain information — domain names you add to your organization, along with the DNS records required to send and receive email through them.
• Mailbox content — the messages you send and receive through Telegrph, including subjects, bodies, attachments, and metadata such as sender, recipient, and timestamps. We store this so you can access your mail.
• Billing information — when you subscribe, our payment processor (PayPal) collects payment details directly. We receive only a subscription ID and status. We never see your card number.
• Phone number — only if you choose to provide one for notifications, two-factor authentication, or support.
• Usage logs — IP address, browser type, and access timestamps for security and abuse prevention. Retained for 30 days.

3. How we use your information

• To operate the email service: store, send, and deliver your messages.
• To authenticate you when you sign in.
• To bill you when you have an active subscription.
• To send service-critical emails (password resets, invoice receipts, security alerts).
• To investigate and stop abuse, fraud, or violations of our Terms.
• To improve the product, in aggregate and without personally identifying you.

4. Phone numbers and SMS

Your phone number will be used exclusively to send you messages you have opted to receive based on your consent. If you provide a phone number, you may receive:

• Two-factor authentication codes (if you enable 2FA).
• Account security alerts (if you opt in).
• Support replies (only if you initiated a support request).

We will never send marketing or promotional SMS without explicit opt-in. You can withdraw consent at any time by replying STOP, by emailing privacy@telegrph.com, or by removing your number from your profile.

5. What we do not do

We do not sell or share your personal information with third parties. Ever. We do not rent, trade, or otherwise disclose your data to advertisers, data brokers, AI training providers, or any other commercial third party.

We also do not read your email content. Telegrph staff cannot access your mailboxes unless you explicitly authorize support access in writing as part of a support request.

6. Service providers we rely on

To deliver the service, we route email through a small number of carefully selected infrastructure providers. These are processors acting on our behalf under strict contractual obligations:

• Cloudflare — hosting, edge compute, database storage, attachment storage.
• Resend — outbound email delivery and inbound email ingestion.
• PayPal — subscription billing.

These providers process data on our instructions only. They are bound by their own privacy commitments and may not use your data for their own commercial purposes.

7. Data retention

• Email content is retained as long as your account is active. You may delete individual messages or mailboxes at any time.
• When you cancel your account, we delete your mailboxes, messages, and attachments within 30 days.
• Billing records may be retained for up to 7 years as required by tax and accounting regulations.
• Server logs are retained for 30 days, then automatically purged.

8. Your rights

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and associated data.
• Export your mailbox content.
• Withdraw consent to optional processing (e.g. phone notifications) at any time.

To exercise any of these rights, email privacy@telegrph.com. We will respond within 30 days.

9. Security

Data in transit is encrypted with TLS. Data at rest is encrypted by our infrastructure providers using industry-standard AES-256. Passwords are stored as PBKDF2-SHA256 hashes with per-user salts and are never recoverable in plaintext — not even by us.

10. Children

Telegrph is a business email service and is not directed at children under 16. We do not knowingly collect data from anyone under 16.

11. Changes to this policy

We will notify account owners by email at least 30 days before any material change to this Privacy Policy. Continued use of the service after that constitutes acceptance.

12. Contact

Questions, requests, or complaints? Email privacy@telegrph.com.