Privacy Policy

Effective Date: March 15, 2026 · Last Updated: March 15, 2026

This Privacy Policy describes how Xquare Labs LLC ("Xquare Labs," "icemail," "we," "us," or "our") collects, uses, discloses, and safeguards information when you visit https://icemail.ai (the "Site") or use the icemail platform, mailbox provisioning services, APIs, and related tools (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

1. Who We Are

The Services are operated by:

Xquare Labs LLC 166 Geary St, San Francisco, California 94108, United States Email: hello@icemail.ai

For the purposes of the EU General Data Protection Regulation ("GDPR") and the UK GDPR, Xquare Labs LLC acts as a data controller with respect to account, billing, and usage data, and as a data processor with respect to information you submit when configuring and operating email infrastructure on behalf of your own recipients.

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide Directly

  • Account Information. Name, email address, company name, job title, username, password, and authentication credentials when you register for an account.
  • Billing and Payment Information. Billing name, billing address, country, tax identification details, and the last four digits and expiration of your payment card. Full card numbers are processed and stored by our third-party payment processor and are not retained on our servers.
  • Service Configuration Data. Domain names, DNS records, mailbox names, sender identities, display names, forwarding rules, and other parameters you provide to provision and configure email infrastructure.
  • Communications. The content of messages, support tickets, emails, chat transcripts, and survey responses you send to us.

2.2 Information We Collect Automatically

  • Usage Data. Pages viewed, features used, API calls made, mailbox counts, provisioning events, timestamps, and actions taken within the platform.
  • Device and Connection Data. IP address, browser type and version, operating system, device identifiers, referring URLs, and language settings.
  • Cookies and Similar Technologies. Session identifiers, authentication tokens, and analytics identifiers placed via cookies, local storage, and pixels. See Section 9.

2.3 Information We Process on Your Behalf

When you use the Services to provision and operate email infrastructure, we may process data relating to the mailboxes and domains you configure, including sender and recipient metadata, deliverability and authentication records (SPF, DKIM, DMARC), and message routing logs necessary to provide the Services. You are responsible for ensuring you have a lawful basis to process such data.

2.4 Information From Third Parties

  • Identity and Infrastructure Providers. When you connect Google Workspace, Microsoft 365, Azure, or SMTP accounts, we receive configuration and status information from those providers as required to deliver the Services.
  • Payment Processors. Transaction status, authorization results, and fraud signals from our payment processor.
  • Analytics and Enrichment Providers. Aggregated or pseudonymized usage and firmographic data.

3. How We Use Your Information

We use the information we collect to:

  • Create, maintain, and secure your account;
  • Provision, configure, and maintain mailboxes, domains, and DNS authentication;
  • Process payments, manage subscriptions, and send billing notices;
  • Monitor deliverability, prevent abuse, and maintain the integrity and reputation of our infrastructure;
  • Provide customer support and respond to your requests;
  • Send transactional communications, service announcements, and security alerts;
  • Send marketing communications where permitted by law (you may opt out at any time);
  • Detect, prevent, and investigate fraud, spam, abuse, and violations of our Terms;
  • Comply with legal obligations and enforce our agreements;
  • Analyze, improve, and develop the Services.

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to provide the Services you have requested and manage your account.
  • Legitimate interests — to secure our infrastructure, prevent abuse, analyze and improve the Services, and conduct direct marketing, provided such interests are not overridden by your rights.
  • Legal obligation — to comply with applicable laws, tax requirements, and lawful requests.
  • Consent — for certain cookies and marketing communications, where required. You may withdraw consent at any time.

5. How We Share Your Information

We do not sell your personal information. We share information only as described below:

  • Service Providers and Subprocessors. With vendors who perform services on our behalf, including cloud hosting, infrastructure providers (including Google, Microsoft, and Cloudflare), payment processing, email delivery, analytics, and customer support. These parties are contractually bound to process information only on our instructions and to protect it.
  • Identity and Email Infrastructure Providers. With Google Workspace, Microsoft 365, Azure, and SMTP providers as necessary to provision and operate the mailboxes and domains you configure.
  • Payment Processors. With Stripe or other payment processors to complete transactions.
  • Legal and Compliance. When required to comply with applicable law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Xquare Labs, our users, or others.
  • Business Transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this Privacy Policy or a successor policy.
  • With Your Direction. When you instruct us to share information or use integrations you have enabled.

A current list of subprocessors is available on request by emailing hello@icemail.ai.

6. Data Retention

We retain personal information for as long as your account is active and as needed to provide the Services. After account termination, we retain information as required to:

  • Comply with legal, tax, and accounting obligations;
  • Resolve disputes and enforce agreements;
  • Maintain security and prevent fraud and abuse.

Provisioning logs, deliverability records, and billing records may be retained for up to seven (7) years where required by law. When information is no longer needed, we delete or anonymize it.

7. Data Security

We implement administrative, technical, and organizational measures designed to protect your information, including encryption in transit, access controls, network segmentation, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for activity that occurs under your account.

8. International Data Transfers

We are based in the United States, and our service providers may be located in various jurisdictions. Where we transfer personal information out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or applicable adequacy decisions. You may request a copy of the relevant safeguard by emailing hello@icemail.ai.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Authenticate users and maintain sessions (strictly necessary);
  • Remember preferences;
  • Measure and analyze usage and performance.

You can control cookies through your browser settings. Disabling certain cookies may impair functionality. Where required, we will request your consent before placing non-essential cookies.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your personal information;
  • Restrict or object to certain processing;
  • Port your data to another provider;
  • Withdraw consent where processing is based on consent;
  • Opt out of marketing communications;
  • Lodge a complaint with a supervisory authority.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion or correction, to opt out of the "sale" or "sharing" of personal information (we do not sell personal information), and to non-discrimination for exercising your rights.

To exercise any of these rights, email hello@icemail.ai. We will verify your identity before fulfilling a request and will respond within the timeframe required by applicable law. You may use an authorized agent to submit a request on your behalf.

The Services integrate with and link to third-party services, including Google, Microsoft, Cloudflare, and payment processors. Your use of those services is governed by their own terms and privacy policies. We are not responsible for the privacy practices of third parties.

12. Children's Privacy

The Services are intended for business use and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where appropriate, notify you by email or through the Services. Your continued use of the Services after the effective date constitutes acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Xquare Labs LLC 166 Geary St, San Francisco, California 94108, United States Email: hello@icemail.ai