Privacy

Privacy Policy

How LiteMX collects, uses, stores, and protects account, domain, mailbox, message, audit, and agent-access data.

Last updated
June 29, 2026
Support contact
support@litemx.com
Abuse contact
abuse@litemx.com

Scope

This policy applies to LiteMX websites, APIs, command-line tools, hosted mailbox infrastructure, MCP endpoints, support channels, and private beta onboarding. LiteMX provides email infrastructure for custom-domain role inboxes. That means some customer content is email content, including message headers, bodies, attachments, drafts, replies, and routing metadata.

Customer administrators are responsible for deciding what mailboxes, aliases, domains, tokens, agents, and retention settings they configure inside LiteMX.

Data We Process

LiteMX may process the following categories of data:

  • Account and contact data, such as name, email address, organization, billing status, and support messages.
  • Domain setup data, such as domain names, DNS verification records, provider readiness, DKIM, SPF, DMARC, and MAIL FROM status.
  • Mailbox data, such as mailbox addresses, aliases, catchall routes, message metadata, thread identifiers, retention settings, and audit logs.
  • Email content, such as raw MIME, parsed text and HTML bodies, attachments, drafts, outbound replies, bounce events, and complaint events.
  • Agent and API access data, such as scoped token metadata, MCP/API/CLI requests, IP address, user agent, action names, mailbox grants, and send decisions.
  • Operational data, such as logs, error reports, abuse reports, security events, and provider delivery telemetry.

How We Use Data

LiteMX uses data to provide and protect the service. This includes:

  • Receiving, storing, searching, drafting, sending, replying to, and retaining mailbox messages.
  • Generating DNS setup instructions and checking inbound/outbound provider readiness.
  • Enforcing scoped API, CLI, and MCP token permissions.
  • Maintaining audit logs for reads, searches, drafts, sends, blocked sends, token actions, retention cleanup, and abuse response.
  • Detecting spam, phishing, malware, credential theft, unsolicited bulk mail, and other prohibited use.
  • Handling bounces, complaints, unsubscribe or opt-out signals, deliverability issues, and provider reviews.
  • Providing support, debugging incidents, improving reliability, and satisfying legal or security obligations.

Retention

LiteMX is designed with short retention as a product and liability boundary. Lower-cost plans may delete message bodies and attachments before metadata. Current public documentation describes default content and audit retention in the security docs.

Deletion can be delayed when retention is needed for security, abuse handling, billing, fraud prevention, legal compliance, backups, or provider deliverability reviews.

Sharing

LiteMX does not sell mailbox content. We may share data with infrastructure and operational providers that help run the service, including cloud hosting, storage, email delivery and receiving providers, authentication, billing, logging, analytics, support, and security vendors.

We may also disclose data when required by law, to protect LiteMX, our customers, recipients, providers, or the public, or to investigate spam, abuse, security incidents, fraud, or policy violations.

Security

LiteMX uses scoped tokens, mailbox-level authorization, audit logs, provider verification, send limits, and retention controls to reduce risk. Customers are responsible for protecting their own admin credentials, API tokens, MCP client configurations, DNS accounts, and devices.

Report suspected security issues or unauthorized mailbox access to abuse@litemx.com.

Privacy Requests

To request access, correction, export, deletion, or restriction of personal data, contact support@litemx.com. If your data is inside a mailbox controlled by a LiteMX customer, we may direct you to that customer as the mailbox administrator.

Policy index