Skip to content

Privacy Policy

Last updated: 2026-06-02

This Privacy Policy explains what data Reeva collects when you use our services, why we collect it, and the choices you have. We aim to handle as little personal information as we need to run the service, and never to monetize it.

1. Who we are

Reeva ("we", "us") provides encrypted email, calendar and file cloud services available at reeva.me and app.reeva.me. You can reach us at [email protected] or via our contact form. For security and privacy disclosures, write to [email protected].

2. What we collect

  • Account information. The email address you sign up with, any custom domain you add, the plan you choose, and password hash. We never see your password in plain text.
  • Content you store. Email messages, calendar events, contacts and files you upload. We treat this content as private. It is encrypted in transit (TLS) and at rest.
  • Service logs. Minimal operational logs (timestamps, IP, basic request metadata) needed to deliver mail, debug issues, and stop abuse. Logs are retained no longer than necessary for those purposes and are not used to build advertising profiles.
  • Billing. If you subscribe to a paid plan, our payment processor stores the data required to process the transaction. We do not store full card numbers.

3. What we do not do

  • We do not sell, rent or share your personal data for advertising.
  • We do not scan your mail or files to target ads.
  • We do not run advertising trackers, fingerprinting, or third-party ad networks anywhere on Reeva.
  • The Reeva product (app.reeva.me and the apps) ship without third-party analytics.

4. How we use data

We use your data only to provide the service: to deliver and receive mail on your behalf, sync your calendar and files across your devices, process payments, and respond to your requests. We may also use aggregated, non-identifying signals to improve reliability and security.

5. Analytics on this website (reeva.me)

The Reeva marketing site at reeva.me uses Google Analytics 4 to understand aggregate traffic — pages visited, country, browser, referrer — so we can improve the site. We do not use it for advertising, remarketing or audience-building.

  • Default state. All ad-related signals are denied permanently under Google Consent Mode v2 (no ad_storage, no ad_user_data, no ad_personalization) and ads data redaction is enabled. Aggregate analytics measurement is enabled with IP anonymization (anonymize_ip).
  • Cookies set. _ga (client identifier, ~2 year retention) and _ga_YRF87S3FB3 (session state, ~2 year retention). No advertising cookies.
  • Opt out. Click Opt out on the cookie banner at the bottom of any reeva.me page. Your choice is stored in localStorage as reeva-consent=denied and Google Analytics is switched to consent-less mode for future visits from that browser.
  • Block entirely. Standard browser tracker-blockers (uBlock Origin, Brave Shields, Firefox ETP strict) prevent the analytics script from loading at all.

The product itself (app.reeva.me, mail, calendar, files, password vault, desktop and mobile apps) does not include Google Analytics or any third-party analytics.

6. Sharing with third parties

We share data with a small number of providers that help us operate the service (for example, our hosting and payment processors). They are bound by contract to use your data only to perform their service to us and to keep it confidential. We may disclose data when legally required (for example, in response to a valid court order), and we challenge requests that we believe are unlawful or overbroad.

7. Where data is stored

Reeva's primary infrastructure is located in the European Union. Some metadata may transit through Cloudflare for DDoS protection. We do our best to keep customer content in-region.

8. Your rights

Depending on where you live, you may have the right to access, correct, export or delete your personal data, to object to processing, or to lodge a complaint with a data-protection authority. You can export your mail and files at any time via standard protocols (IMAP, JMAP, WebDAV) and request account deletion from the dashboard or by emailing [email protected].

9. Security

We protect data with industry-standard encryption (TLS in transit, encryption at rest), bcrypt-hashed passwords, optional two-factor authentication, and ongoing monitoring. No system is perfectly secure; if you discover a vulnerability, please email [email protected].

10. Children

Reeva is not directed at children under 13 (or the equivalent local minimum age) and we do not knowingly collect personal data from them.

11. Changes to this policy

If we make material changes, we will let you know via email or an in-product notice. The "last updated" date at the top reflects the most recent revision.

Last updated: 2026-06-02. This policy is provided for transparency; consult a lawyer for legal advice specific to your situation.