Privacy Policy

Summary

This policy explains how 3drake operates as a neutral email relay and API middleware. We follow strict data minimization principles: 3drake does not read, analyze, or store email content, and only processes the technical metadata required for authentication, routing, billing, operational logging, and abuse prevention.

Users have full autonomy over how they use the API. 3drake does not monitor, evaluate, or restrict user intent, and users are solely responsible for all activities performed through their accounts. To the maximum extent permitted by law, 3drake does not sell, share, or disclose user information to third parties, including government authorities.

1. Overview

How 3drake works and what this policy covers.

3drake (“we”, “us”) provides an email gateway / relay API that securely sends email on your behalf through third-party providers such as Gmail (via app password), Outlook (via app password), or custom SMTP servers. You bring your own sender credentials and configuration.

Our role is to authenticate requests, apply safety controls, relay messages to the chosen provider, and keep operational logs for reliability and abuse prevention. We do not read or analyze the body content of your emails.

This Privacy Policy describes what information we collect, how we use it, and the choices you have. It applies to the 3drake Console, API, and related support interactions.

2. What data we collect

We collect limited data needed to run a secure relay service.

2.1 Account information

Email address (required) for account creation and communication.
Name (optional) to personalize the Console experience.
Billing and plan details (if applicable), such as subscription tier and invoices.

2.2 Connected sender configuration metadata

When you connect a sender, we store configuration data needed to route email through your chosen provider:

Provider type (e.g., Gmail, Outlook, custom SMTP).
Sender address (the “From” email you intend to send as).
SMTP host/port, security mode (TLS/STARTTLS), and other connection settings (for custom SMTP).

Credentials note

To relay email through your provider, you may provide an app password or SMTP secret. We store secrets encrypted at rest and restrict access using least-privilege controls. We recommend using provider-issued app passwords rather than primary account passwords.

2.3 API usage metadata

To operate, secure, and support the API, we collect metadata about requests and responses, such as:

Timestamps of API calls.
Endpoints accessed (e.g., /v1/send).
Response codes and error categories (success/failed, rate-limited, auth failure).
Approximate request size (to protect reliability and enforce limits).
IP address and user-agent (for security and abuse prevention).

2.4 Email relay metadata (minimized)

When we relay an email, we retain limited metadata to provide delivery logs, troubleshooting, and abuse detection. We may store:

From and To addresses.
Subject in a minimized form, such as length, a hash, or a redacted preview (implementation may vary by plan and region).
Delivery status (queued/sent/failed) and provider response codes.
Message identifiers (e.g., internal log ID, provider message ID when available).

We do not inspect message content

3drake does not read, analyze, or “understand” the body of the email. We relay payloads as directed by your application to your provider. Any body processing you perform happens in your systems.

3. What we do NOT collect

Clear boundaries: no email body analytics, no content resale.

No reading or analyzing email body content. We do not parse message text, attachments, or embedded links for meaning or profiling.
No selling email content or sharing it for advertising or data brokerage.
No behavioral advertising profiling based on your email sending activity.
No access to your provider inbox. 3drake is designed for sending/relaying, not mailbox scanning.

Practical implication: delivery troubleshooting focuses on provider responses and transport signals—not message content.

4. How we use data

Purpose-limited usage aligned with a secure relay.

We use collected information to:

Provide and operate the Console and API (authenticate, route, relay).
Secure the service (detect abuse, prevent credential stuffing, rate-limit, investigate suspicious usage).
Troubleshoot delivery problems and improve reliability (retry logic, provider errors, transport signals).
Support you when you contact us (respond to tickets, verify account, resolve issues).
Billing and compliance (manage plans, invoices, enforce limits, maintain audit trails).

Data minimization principle: We aim to store the least amount of information required to provide an operationally reliable, supportable, and secure relay.

5. Legal bases

If applicable (e.g., GDPR), we process data under recognized legal bases.

Depending on your location and how you use 3drake, we may rely on:

Contract necessity — to provide the service you request.
Legitimate interests — to keep the platform secure, prevent abuse, and improve reliability.
Legal obligations — to meet applicable laws (e.g., tax, accounting, security requirements).
Consent — where required (e.g., non-essential cookies, marketing communications if offered).

6. Data retention

Retention is limited and purpose-driven.

We retain information only as long as necessary to operate 3drake, comply with obligations, resolve disputes, and enforce agreements. Typical retention practices include:

Account data: retained while your account is active; deleted or anonymized after account closure subject to legal obligations.
Credentials/secrets: retained while a sender configuration remains connected; removed when you disconnect or delete the configuration.
Operational logs: retained for a limited period to diagnose issues and detect abuse, then rotated or aggregated.
Billing records: retained as required for accounting and tax compliance.

Note: specific retention durations may vary depending on plan, region, or operational needs. When possible, we prefer aggregation and anonymization over long-term raw log retention.

7. Security measures

Controls designed for sensitive credentials and reliable delivery.

We implement technical and organizational measures appropriate to the sensitivity of the data processed by 3drake. These measures include:

Encryption at rest for stored secrets and sensitive configuration data.
TLS in transit for data exchanged between your applications, 3drake, and providers where supported.
Least-privilege access with role-based controls and audit trails for administrative access.
Rate limiting, anomaly detection, and abuse prevention controls to protect accounts and infrastructure.
Secure software practices including patching, monitoring, and incident response procedures.

Important: no system is 100% secure. If we become aware of a security incident that materially affects your data, we will notify you in accordance with applicable law and our contractual commitments.

8. Subprocessors / third parties

Limited sharing to run the service (providers, hosting, logging).

We use third parties (“subprocessors”) to provide infrastructure and integrate with email providers. Depending on your configuration, data may be processed by:

Category	Examples	Purpose
Email providers	Gmail, Outlook, your SMTP host	Deliver email using your credentials
Hosting & infrastructure	Cloud compute, databases, storage	Run the API and store necessary data
Monitoring & logging	Error/trace collection, metrics	Reliability, debugging, security monitoring

We choose subprocessors that provide appropriate security controls and we require them to protect data consistent with this policy.

9. International transfers

Data may be processed in multiple countries depending on infrastructure and providers.

3drake may process data in regions where we or our subprocessors operate. Your email delivery also involves your selected provider, which may process data in additional locations.

Where required, we use appropriate safeguards for international transfers (such as contractual commitments and security controls).

10. User rights

Control and transparency for your account and data.

Depending on your location, you may have rights to:

Access information we hold about you.
Correct inaccurate or incomplete information.
Delete your account and associated data, subject to legal requirements.
Export certain account data (e.g., sender configuration metadata, API keys, and logs where available).
Object or restrict certain processing, where applicable.

To exercise rights, contact us using the details in the Contact information section. For security, we may need to verify your identity before fulfilling requests.

11. Cookies / localStorage

Minimal client-side storage for preferences.

3drake uses minimal client-side storage to improve your experience. In particular:

We store your theme preference (light/dark) using localStorage.
We may use essential cookies for authentication and security in the Console (where applicable).

We do not use client-side identifiers for cross-site advertising. If we introduce non-essential cookies in the future, we will update this policy and provide appropriate controls.

12. Children’s privacy

3drake is not intended for children.

3drake is intended for use by businesses and developers. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to delete it.

13. Contact information

Reach us for privacy questions or requests.

For privacy-related questions, security reports, or to exercise your rights, contact us:

Email: longnguyen175lit@gmail.com
Security: longnguyen175lit@gmail.com
Mailing address: 3drake, Inc. Ha Noi, Viet Nam

Changes to this policy: We may update this Privacy Policy from time to time. We will update the “Last updated” date and, where appropriate, provide additional notice in the Console.