×Atomic Mail

Atomic Mail

Productivity

Get
Features
PricingDownloadBlogAboutSupportEmail for AI agents
Download app
Sign InCreate a free account

Privacy Policy: Atomic Mail for Agents


Last Updated: June 17, 2026
Effective Date: June 17, 2026

Overview

This Privacy Policy describes how AtomicMail Systems OÜ ("Atomic Mail Agents", "we", "us", or "our") collects, processes, and protects data in connection with the Atomic Mail Agents Service — an email API for AI agents operating on the @atomicmail.ai domain, accessible at atomicmail.io/agents.

This Privacy Policy applies exclusively to the Atomic Mail Agents Service. For the human-facing Atomic Mail email service at @atomicmail.io, please refer to the separate Privacy Policy at atomicmail.io/privacy-policy.

Provider: AtomicMail Systems OÜ
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Harju tn 3 // Vana-Posti tn 2, 10146, Estonia

Contact: support@atomicmail.ai

Key Principles

No personal account registration. Agent inboxes are created autonomously via a Proof-of-Work (PoW) challenge. No name, phone number, government ID, or payment information is required or collected from the agent registration process.

Operator accountability. The Atomic Mail Agents Service is used by software agents acting on behalf of human individuals or organizations ("Operators"). Operators bear responsibility for the personal data their agents process through the Service. We act as a data processor on behalf of Operators with respect to email content.

No advertising. We do not serve ads, build user profiles for marketing, or share data with third parties for advertising purposes.

Estonian jurisdiction. All legal obligations are governed by Estonian and applicable EU law, including the General Data Protection Regulation (GDPR).

1. Definitions

Agent — a software system (AI model, script, or automated process) that uses the Atomic Mail Agents Service via the JMAP API, MCP server, or AgentSkill package.

Operator — the human individual or legal entity that deploys, controls, and is legally responsible for an Agent.

Service — the Atomic Mail Agents email infrastructure, including the JMAP API, MCP server, AgentSkill package, and all associated systems available at atomicmail.ai and atomicmail.io/agents.

Agent Inbox — a provisioned email address on the @atomicmail.ai domain assigned to an Agent.

2. Data We Collect

2.1 Agent Registration

When an Agent registers a new inbox, we collect and store:

  • The chosen username / email address (e.g., myagent@atomicmail.ai)
  • Cryptographic credentials generated during registration (API tokens, hashed secrets)
  • The result and parameters of the Proof-of-Work (scrypt) challenge used to authenticate the registration request
  • Timestamp of registration
  • IP address of the registering client, retained for up to 7 days for abuse prevention

No personal identity information, payment details, phone numbers, or government-issued identifiers are requested or stored.

2.2 API Access Logs

Each API request to the Service generates a log entry containing:

  • Timestamp
  • IP address of the client
  • API method called (e.g., Email/send, Mailbox/get)
  • HTTP status code and error codes (if any)
  • Agent account identifier

Log entries are retained for 7 days, after which they are permanently deleted.

2.3 Email Content and Metadata

Emails sent to or from an Agent Inbox are stored on our servers. This includes:

  • Email headers (From, To, CC, BCC, Subject, Date, Message-ID)
  • Email body (text and/or HTML)
  • Attachments
  • SMTP envelope metadata (sender and recipient addresses of remote servers)

Email content is stored in encrypted form. We do not read, analyze, or process email content for any purpose other than delivery, storage, spam filtering, and abuse prevention.

Emails are retained for as long as the Agent Inbox exists. Upon deletion of an Agent Inbox, all associated email data is permanently deleted. Encrypted backups may persist for up to 3 days following deletion.

2.4 Reputation Score

Each Agent Inbox maintains a reputation score that is updated based on behavioral signals (e.g., delivery success rates, spam complaints, PoW challenge outcomes). The reputation score influences rate limits and delivery capabilities. It is stored as a numeric value associated with the Agent account and is not linked to any personal identity.

2.5 Website Visits

When you visit atomicmail.io/agents or related pages, we automatically process:

  • IP address (for troubleshooting and abuse prevention)
  • Browser and operating system information
  • Browser language
  • Approximate location derived from IP address
  • Referral source, visited pages, and timestamps

Web visit logs are retained for up to 7 days. Aggregated, anonymized analytics are retained indefinitely for product improvement purposes.

3. How We Use the Data

Data Purpose Legal Basis (GDPR)
Registration credentials and PoW results Authentication, account management Legitimate interest / Contract performance
API access logs and IP addresses Security, abuse prevention, debugging Legitimate interest
Email content and metadata Delivery, storage, spam filtering Contract performance
Reputation score Rate limiting, anti-spam Legitimate interest
Website analytics Product improvement Legitimate interest

We do not use any collected data for advertising, profiling, or sale to third parties.

4. Operator Responsibilities and GDPR Role

The Atomic Mail Agents Service is designed for programmatic use by AI agents acting on behalf of Operators. When an Agent processes emails containing personal data of third parties (e.g., names, contact details of people the Agent communicates with), the following GDPR roles apply:

  • The Operator is the data controller with respect to personal data processed through the Agent.
  • AtomicMail Systems OÜ is the data processor acting on the Operator's instructions.

Operators are responsible for ensuring their use of the Service complies with applicable data protection law, including obtaining any required consents, providing required notices to data subjects, and not directing Agents to process personal data in ways that violate applicable regulations.

Upon request, we can provide a Data Processing Agreement (DPA) to Operators who require one for GDPR compliance. Contact: support@atomicmail.ai

5. Data Sharing and Disclosure

We do not sell, rent, or share data with third parties except as follows:

Service providers. We may use third-party infrastructure providers (e.g., hosting, CDN) to operate the Service. Such providers access data only to the extent necessary to perform their services and are bound by confidentiality obligations.

Legal obligations. We will disclose data to authorities only when required by a valid, legally binding order from Estonian judicial authorities. We will not voluntarily comply with requests from foreign governments, intelligence agencies, or private third parties without a valid Estonian court order. We do not participate in voluntary surveillance programs.

Business transfers. If AtomicMail Systems OÜ is acquired or merges with another entity, data may be transferred as part of that transaction. We will notify Operators of any material change in data controller identity.

6. Data Retention

Category Retention Period
API and web access logs 7 days
Agent Inbox and email content Duration of inbox existence
Post-deletion encrypted backups Up to 3 days
Reputation scores Duration of inbox existence
Aggregated, anonymized analytics Indefinite

7. Security

We implement technical and organizational measures to protect data processed through the Service, including:

  • TLS encryption for all data in transit
  • Encrypted storage of email content
  • Access controls restricting system access to authorized personnel
  • Proof-of-Work challenge mechanism to limit automated abuse at registration

No security system is infallible. We commit to notifying affected Operators of any breach involving their data as required by applicable law.

8. Alpha Service Notice

The Atomic Mail Agents Service is currently in open alpha. Features, data handling practices, and infrastructure may change during this period. We will update this Privacy Policy to reflect any material changes and will post the updated version at atomicmail.io/agents.

Accounts created during the alpha will be migrated to the free tier of the paid product when the alpha concludes. No data will be lost as a result of this migration.

9. Your Rights

To the extent personal data about you is processed in connection with the Service (for example, if you are an Operator whose contact information is associated with Agent accounts), you have the following rights under the GDPR:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

To exercise these rights, contact us at: support@atomicmail.ai

10. Contact

AtomicMail Systems OÜ
 Address: Harju maakond, Tallinn, Kesklinna linnaosa, Harju tn 3 // Vana-Posti tn 2, 10146, Estonia
Email: support@atomicmail.ai

11. Changes to This Policy

We may update this Privacy Policy at any time. The current version is always available at atomicmail.io/agents. For material changes, we will make reasonable efforts to notify Operators in advance via email or a prominent notice on the website.