Privacy Policy

This document describes what information we collect and what it’s used for. It applies to all interactions with, except for our new “black” services which are covered by a different privacy policy. Your use of services will constitute your agreement to our Privacy Policy. Please also review our Terms of Service.


You have a reasonable expectation of privacy regarding any communication or data transiting or stored on this information system. We collect very little personal information, and none of the information we do collect is ever shared.

Information we collect and retain

Registration information

When you create an account, we retain the date you registered. Account request information is removed after four months, and invite status is removed after one month. Unless you delete it from your user account, we retain the alternate email addresses that you specify. You may choose to delete your alternate email address, but if you do so, we will not be able to restore access to your account if you lose the password.

Help tickets

The content of any help ticket you create or comment on while authenticated will be associated with your user account. You can choose to fill out a help ticket anonymously by creating a ticket while not logged in. We periodically delete old help tickets that are closed.

Session identifiers

While currently logged in, we keep a temporary session identifier on your computer that your software uses to prove your authentication state. This is erased immediately after you log out or the session expires. We do not use any third party cookies or tracking of any kind.

Email transit logs

In order to detect when our servers are under attack from a “spam bomb” or when a spammer is using our system, we keep a log of the “from” or “to” information for every message relayed. These logs are purged on a daily basis.

Month of last log in

We keep a record of the current calendar month and year of your last successful authentication (in order to be able to disable and delete dormant accounts). We do not record the time or day of the last log in.

Information we choose to not retain

IP addresses

No IP addresses of any user for any service are retained.

Browser fingerprint

Your web browser communicates uniquely identifying information to all web servers it visits by allowing the site to know details about your operating system, browser information, plugins installed, fonts installed, screen resolution, and much more. We do not retain any of this information.

Message metadata

Even when using end-to-end OpenPGP encryption for email messages, the email “subject” and routing information regarding the message “from” and “to” are seen by our servers in the clear when the email initially arrives. This is due to inherent limitations in the email protocol and in OpenPGP.

How we store and share collected information


All of your data is stored in an encrypted format, and only Riseup has the keys to decrypt the data.

Cleartext messages

Some messages that you send or receive will not be end-to-end-encrypted (for example, when the other party does not support email encryption). Once we receive these clear-text messages, they are stored on an encrypted disk drive. If they are sent from or to our system without encryption, we cannot ensure that the contents of the mail have not been intercepted in transit.

We do not share user information

We retain only the bare minimum of information about each user that is required to make the service work. We do not sell or share any of it.

Academic research

Anonymous, aggregated information that cannot be linked back to an individual user may be made available to experienced researchers for the sole purpose of developing better systems for anonymous and secure communication. For example, we may aggregate information on how many messages a typical user sends and receives, and with what frequency.

We will not read, search, or process any of your incoming or outgoing mail other than to protect you from viruses and spam or when directed to do so by you when troubleshooting.

Account deletion

You may choose to delete your account at any time. Doing so will destroy all the data we retain that is associated with your account. The usernames associated with deleted accounts remain unavailable for others to use for one year.

Changes to this policy

We reserve the right to change this policy. If we make major changes, we will notify our users in a clear and prominent manner (like our Newsletters). Minor changes may only be highlighted in the footer of our website.