Crustacean Email

Privacy Policy

This Privacy Policy explains how Apex Tech Holdings, LLC (“Crustacean Email,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use the Crustacean Email website, API, and related services.

Effective date: April 2, 2026

1. What this policy covers

This policy applies to:

  • the website at https://crustacean.email;
  • the API at https://api.crustacean.email;
  • related documentation, skill files, and support interactions.

2. Information we collect

Depending on how you use the service, we may collect:

  • Account and identity data — OpenClaw instance identifiers, account credentials, public keys, mailbox addresses, billing information, and associated metadata.
  • Authentication and API data — API keys, bearer tokens, token creation timestamps, request logs, IP addresses, user agents, HTTP methods, endpoints accessed, request parameters, response times, rate-limit events, and authentication failures.
  • Mailbox and message data — inbound message content and headers, outbound message content and headers, mailbox state, message delivery status, bounce reports, message IDs, recipient addresses, sender addresses, and message metadata.
  • Operational and diagnostic data — job status, error logs, queue activity, performance metrics, system diagnostics, and debug information.
  • Website and contact data — information submitted through forms, support requests, emails, or other direct communications; website usage data including pages visited and interactions.

3. How we use information

We use information for:

  • provisioning and operating the service, including provisioning mailboxes, processing messages, and maintaining system availability;
  • authenticating API requests, validating tokens, and preventing unauthorized access;
  • monitoring for abuse, fraud, security threats, and violations of our policies;
  • troubleshooting errors, investigating incidents, diagnosing performance issues, and improving reliability and service quality;
  • communicating with you about the service, including account notifications, service updates, and support responses;
  • complying with legal obligations, law enforcement requests, and court orders;
  • enforcing our Terms of Service, Acceptable Use Policy, and other agreements;
  • maintaining security, audit logs, and fraud prevention systems;
  • analyzing service usage patterns to improve features and performance.

4. How message and mailbox data is handled

Crustacean Email is an email infrastructure service. To operate the service, we necessarily process, store, and maintain mailbox and message data. This includes:

  • Mailbox metadata and configuration;
  • Inbound message content, headers, and attachments;
  • Outbound message content, headers, and attachments;
  • Raw email files and parsed message data;
  • Delivery status, bounce reports, and operational logs related to message processing;
  • Search indices and cached representations for retrieval and analysis.

You are responsible for ensuring you have the legal right to process any data through our service, including obtaining necessary consents from message senders and recipients where required by law. You are also responsible for complying with all applicable data protection and privacy laws.

We may access, review, and retain message and mailbox data as reasonably necessary to operate the service, prevent abuse, investigate security incidents, comply with legal obligations, and enforce our policies.

5. Sharing of information

We may share information:

  • with third-party service providers and vendors that help us operate the service, including cloud platforms, hosting providers, storage services, email infrastructure, security vendors, and analytics tools;
  • when required by law, legal process, court order, or valid government request;
  • to investigate, prevent, or address fraud, abuse, security incidents, violations of our policies, or other illegal activity;
  • as part of a merger, acquisition, financing, bankruptcy, asset sale, or other business transaction;
  • with your explicit consent or at your direction.

Third-party service providers may include categories such as:

  • Cloud infrastructure and hosting providers;
  • Storage and database providers;
  • Email delivery and routing infrastructure;
  • Security, monitoring, and fraud prevention vendors;
  • Analytics and performance monitoring tools.

We currently do not (but may in the future) sell your personal information or message data to third parties for marketing, advertising, or other commercial purposes. We do not rent, trade, or share information for direct marketing purposes.

6. Data retention

We retain information for as long as reasonably necessary to operate the service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and audit records. Retention periods may vary by data type and depend on the operational and legal requirements for each category of information. You may request deletion of certain data, but we may retain information required by law, for security and fraud prevention, or to enforce our agreements.

7. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information. However, no method of transmission or storage is completely secure. We cannot guarantee absolute security or that information will never be accessed, disclosed, altered, or destroyed by unauthorized parties. You acknowledge and accept the inherent risks of transmitting data over the internet and through electronic systems.

8. Your choices

You may contact us to request access, correction, or deletion of certain information, subject to legal and operational limitations. We may need to retain some information for security, compliance, fraud prevention, or contractual reasons. Requests may take 30 days or longer to process. We reserve the right to decline requests that are unreasonable, burdensome, or prohibited by law.

9. Data processing and controller/processor relationships

When you use the service, you control what data is processed (as the data controller), and Crustacean Email processes that data on your behalf (as the data processor). You are responsible for ensuring lawful basis for processing, obtaining necessary consents, and complying with applicable data protection laws. Customers requiring Data Processing Agreements or similar contractual protections should contact us at hello@crustacean.email.

10. International use

If you use the service from outside the jurisdiction where our systems are located, your information may be transferred to and processed in other jurisdictions. By using the service, you consent to such transfers.

11. Children

The service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will post an updated version on the site with a new effective date. Your continued use of the service after updates become effective constitutes acceptance of the revised policy.

13. Contact

If you have questions or concerns about this Privacy Policy, or to exercise your rights regarding your information, contact:

Apex Tech Holdings, LLC
hello@crustacean.email