Privacy policy

Data controller

The Mait Team, operated by the registrant of the domain, is the data controller for personal data processed through mait.sh.

Contact email: privacy@mait.sh

What data we collect

• Email address — received from your identity provider (Google, GitHub, or Microsoft) when you sign in.
• Display name — received from your identity provider when you sign in.
• Account identifier — a unique identifier from your identity provider, used for login purposes.
• IP address — recorded in server logs.

Why we collect it (purposes and legal basis)

• Sign-in and account access — Contract performance (Art. 6(1)(b) GDPR).
• Service operation and security — Legitimate interest (Art. 6(1)(f) GDPR).
• Communication about the service — Consent (Art. 6(1)(a) GDPR, given at login).

How we store your data

• Personal data is encrypted at rest with AES-256-GCM.
• Servers are located in the EU (Hetzner Online GmbH, Germany/Finland).
• Access to systems is restricted via mutual TLS authentication.

Who we share your data with

• Google LLC — Identity provider (OAuth login). Acts as an independent controller for authentication data. Data transferred to the US under the EU-US Data Privacy Framework. Governed by Google's Privacy Policy.
• GitHub, Inc. — Identity provider (OAuth login). Acts as an independent controller for authentication data. Data transferred to the US under the EU-US Data Privacy Framework. Governed by GitHub's Privacy Statement.
• Microsoft Corporation — Identity provider (OAuth login via Microsoft Entra ID). Acts as an independent controller for authentication data. Data transferred to the US under the EU-US Data Privacy Framework. Governed by Microsoft's Privacy Statement.
• Hetzner Online GmbH — Infrastructure provider and data processor (EU, Germany/Finland). Data Processing Agreement in place per Art. 28 GDPR, available at hetzner.com/AV/DPA_en.pdf.
• We do not share your data with any other third parties.

How long we keep your data

• Account data: retained while your account is active, deleted within 30 days of account deletion.
• Server logs: retained for 90 days.
• Audit records: retained for 12 months.

Your rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — request a copy of your data.
• Right to rectification (Art. 16) — correct inaccurate data.
• Right to erasure (Art. 17) — delete your account and data. You can use the "Delete my account and data" button on this page when logged in, or contact us.
• Right to restriction (Art. 18) — restrict processing of your data.
• Right to data portability (Art. 20) — receive your data in a structured, commonly used format.
• Right to object (Art. 21) — object to processing based on legitimate interest.
• Right to withdraw consent — you can withdraw consent at any time without affecting the lawfulness of prior processing.

How to exercise your rights

• Email: privacy@mait.sh
• Use the "Delete my account and data" button on this page when logged in.

Right to complain

You have the right to lodge a complaint with the Italian Data Protection Authority: Garante per la protezione dei dati personali, www.garanteprivacy.it.

International transfers

Authentication via Google, GitHub, and Microsoft involves data transfer to the US. All three providers participate in the EU-US Data Privacy Framework, which ensures an adequate level of data protection as recognized by the European Commission. These providers act as independent controllers for the authentication data they process — no separate Data Processing Agreement is required for OAuth login.

All other data processing (storage, encryption, application logic) occurs exclusively within the EU on Hetzner infrastructure in Germany and Finland, governed by a Data Processing Agreement per Art. 28 GDPR.

Cookies

We use only strictly necessary and functional cookies. For full details, see our cookie policy.

Changes

We may update this policy from time to time. The updated version will be posted on this page with a revised effective date.

Last updated

March 2026