NL
Log in

Privacy Policy

1. Introduction

At Silvabird, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our services. Our approach is grounded in transparency, and we operate fully in accordance with the General Data Protection Regulation (GDPR).

This Privacy Policy applies to all users of Silvabird’s services. While we do not use tracking technologies, please note that our web server logs may record basic technical information, such as IP addresses, for operational and security purposes. These logs are not used to track or profile visitors.

This Privacy Policy complements our Terms of Service, which outline the general rules and conditions for using our services.

By using Silvabird’s services, you acknowledge that you have read and understood this Privacy Policy.

2. Data We Collect

Silvabird collects only the data necessary to provide, maintain, and secure our email, contacts, and calendar hosting services. All data collection is essential for the operation of our services and is never used for tracking, marketing, or profiling purposes.

2.1 Account Information

We collect the information required to create and manage your account, including:

  • Email address and username
  • Securely hashed passwords
  • Billing details (such as company name, billing address, and VAT ID, where applicable)

2.2 Service Data

To provide core services, we store and process:

  • Email data: Full email content, including message bodies, attachments, and related metadata necessary for email delivery.
  • Contacts data: Address book entries and associated information.
  • Calendar data: Calendar events, schedules, and related details.

2.3 Usage and Technical Data

We collect technical data generated during your use of the service to ensure functionality and security:

  • Login records and authentication logs (including timestamps, IP addresses, and user-agent information)
  • Connection data from IMAP, POP3, and SMTP usage
  • Inbound and outbound email logs, including delivery statuses and processing times
  • Spam filter logs, capturing filtering decisions and reasons to ensure email security
  • Storage usage information to enforce quotas and ensure performance
  • Web server access logs, including IP addresses, user-agent strings, and timestamps, maintained solely for operational and security purposes

2.4 Support Data

If you contact support@silvabird.com, we collect the information you voluntarily provide, such as the content of your support requests and any additional data shared to help resolve issues.

3. How We Use Personal Data

Silvabird processes personal data solely to provide, maintain, and secure our email, contacts, and calendar hosting services. All processing activities are based on one or more of the following legal bases under the GDPR:

  • Contractual necessity: To deliver and manage the services you have requested.
  • Legal obligations: To comply with applicable laws, including tax regulations and lawful requests.
  • Legitimate interests: To ensure the security, stability, and proper functioning of our services, provided these interests do not override your fundamental rights.

3.1 Service Provision and Operation

Personal data is processed to:

  • Deliver core services, including email, contacts, and calendar hosting.
  • Authenticate users and manage account access.
  • Ensure proper delivery and receipt of emails, including processing relevant metadata.
  • Enforce storage quotas and daily sending limits.

3.2 Security and Abuse Prevention

We process data to:

  • Detect and prevent unauthorized access, fraud, and abuse.
  • Review emails marked as spam to determine appropriate actions.
  • Monitor service usage for security and operational integrity, including managing email traffic and connection logs.

3.3 Service Maintenance and Improvement

Data is processed to:

  • Maintain and optimize system performance and reliability.
  • Analyze aggregated technical data to resolve issues and improve service functionality, without profiling individual users.

3.4 Support and Communication

We use personal data to:

  • Provide user support and respond to inquiries sent to support@silvabird.com.
  • Communicate critical service updates and security notifications.

3.5 Compliance with Legal Obligations

We may process and retain data where required to:

  • Comply with applicable legal and regulatory obligations.
  • Respond to lawful requests from government authorities when legally obligated.

3.6 No Secondary Uses

Silvabird does not process personal data for secondary purposes such as marketing, advertising, or user profiling. All data processing activities are essential for service provision, security, and compliance.

4. Data Sharing and Disclosure

Silvabird values your privacy and limits data sharing to what is strictly necessary for the operation and security of our services. We do not sell, trade, or rent personal data to third parties under any circumstances.

4.1 Processors

Silvabird relies on carefully selected processors for essential service operations. A processor is a company we work with to help provide our services, i.e cloud providers where we host our servers. These processors act solely on Silvabird’s instructions and must meet stringent privacy and security standards in compliance with the General Data Protection Regulation (GDPR).

ProcessorCompany
Location		Datacenter
Location(s)		Energy sourcePurpose
HetznerGermanyGermany100% HydropowerCloud hosting for services, databases, and encrypted backups.
ScalewayFranceNetherlands, France, Poland100% Wind/HydropowerOff-site storage of encrypted backups.
MollieNetherlandsNetherlands (Google Cloud)80% Wind/SunPayment storage and processing.

4.2 Data Location and Transfers

All personal data processed by Silvabird remains exclusively within the European Union. We exclusively engage with companies that are legally based in the European Union, ensuring that your data is never transferred to or accessed by entities outside the EU. This includes a strict policy of not relying on non-EU companies, even if they operate data centers within the EU. As a result, your data benefits from the robust privacy protections provided by EU law at all times.

4.3 Legal Disclosures

Silvabird is a company based in the Netherlands and complies with all applicable Dutch and EU laws. We may disclose personal data only when legally required to do so, such as in response to lawful requests from government authorities or court orders. Each request is carefully reviewed to ensure it is valid, lawful, and limited to the data strictly required.

5. Data Storage and Security

Silvabird takes data security seriously and implements robust measures to ensure that your personal data is protected at all times.

5.1 Data Storage

All personal data is stored securely within the European Union, using infrastructure that meets high security and privacy standards.

To safeguard against data loss, Silvabird performs hourly encrypted backups, which are stored offsite in at least two geographically diverse locations. These backups are retained for 60 days, ensuring continuity and recovery options in the event of major incidents.

5.2 Security Measures

Silvabird employs industry-standard security practices to protect personal data, including:

  • Encryption in transit and at rest: All data is encrypted when stored and during transmission. We do not expose plaintext ports for client use.
  • Strict access controls: Access to data is limited to authorized personnel, following best practices for authentication and authorization.
  • Secure infrastructure management: Systems are regularly updated, and security measures such as firewalls and monitoring are in place to prevent unauthorized access.

While Silvabird follows best practices to secure your data, users are responsible for keeping their account credentials safe and using strong, unique passwords.

5.3 Secure Communications

Silvabird prioritizes secure communication. Client access is only possible via encrypted connections, ensuring that no data is exposed via unsecured channels.

Note: While communications between clients and Silvabird’s servers are always encrypted, SMTP transmission between mail servers may occur without encryption if the receiving server does not support it. This is an industry-standard aspect of email delivery beyond Silvabird’s control.

6. Data Retention

Silvabird retains personal data only for as long as necessary to provide our services, fulfill legal obligations, and maintain operational integrity.

6.1 Retention After Account Termination

When an account is closed or terminated, associated user data is retained for 14 days, after which it is permanently deleted from active systems. Following this period, the data remains solely in encrypted backups for an additional 60 days. These backups are maintained for disaster recovery purposes only and will not be restored or intentionally accessed in any circumstance.

6.2 Retention of Billing and Legal Records

In accordance with Dutch tax regulations, Silvabird retains billing and invoicing records for a period of 7 years. This retention period ensures compliance with tax and financial reporting obligations in the Netherlands. These records are securely stored and protected from unauthorized access.

6.3 No Early Deletion Option

Silvabird does not support user-initiated early deletion of data prior to the end of the standard retention period, due to technical and operational constraints.

7. User Rights

Under the General Data Protection Regulation (GDPR), users of Silvabird’s services have specific rights regarding their personal data. Silvabird respects these rights and provides clear ways to exercise them.

7.1 Overview of Rights

Users have the following rights under GDPR:

  • Right of Access: You can request confirmation of whether we process your personal data and, if so, access to that data.
  • Right to Rectification: You can request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request the deletion of your personal data, subject to legal and operational retention requirements.
  • Right to Restriction of Processing: You can request a temporary halt to the processing of your personal data under certain conditions.
  • Right to Data Portability: You can request your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
  • Right to Object: You can object to the processing of your personal data in specific cases, including processing based on legitimate interests.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, such as the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), if you believe your data protection rights have been violated.

7.2 Exercising Your Rights

To exercise any of these rights, please contact us at support@silvabird.com. We will respond to all valid requests within the timeframe required by GDPR, typically within one month.

Requests are subject to appropriate verification of identity to protect your privacy and security.

8. Cookies and Local Storage

Silvabird is committed to providing a privacy-focused experience and therefore does not use tracking technologies of any kind.

8.1 Essential Use Only

Silvabird uses cookies and local storage exclusively for essential purposes, such as:

  • Managing user sessions to keep you logged in between visits.
  • Supporting security features to protect your account.
  • Ensuring the proper functioning of the webmail interface and related services.

These technologies are necessary for the operation of our services and cannot be disabled without affecting core functionality.

8.2 No Tracking or Analytics

Silvabird does not use:

  • Third-party tracking cookies
  • Analytics services
  • Advertising technologies

Your activity is not tracked or analyzed for marketing, profiling, or advertising purposes.

8.3 Managing Cookies and Local Storage

Because Silvabird only uses essential cookies and local storage, there are no settings or preferences to manage. These elements are required for the service to function securely and correctly.

9. Changes to This Privacy Policy

Silvabird may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices.

9.1 Notification of Changes

We will notify users of any significant changes by email, providing at least 30 days' notice before the updated Privacy Policy takes effect. This notice period allows users to review the changes and decide whether to continue using the service.

9.2 Acceptance of Updated Policy

By continuing to use Silvabird’s services after the effective date of the updated Privacy Policy, you agree to be bound by the revised terms. If you do not agree with the updated Privacy Policy, you have the right to discontinue use of the services at any time.

Silvabird remains committed to transparency and will ensure that changes to this Privacy Policy are clearly communicated.

10. Contact Information

For any questions or concerns regarding this Privacy Policy or your personal data, you can contact us at:

Email: support@silvabird.com

We are committed to addressing privacy-related inquiries in a timely and transparent manner.