We do not participate in, or co-operate with, any kind of blanket surveillance or monitoring. (We also point out that Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it.)
We also take technical measures where feasible to prevent surveillance of our users occurring without our co-operation, such as:
- using encrypted SMTP for sending your mail when the receiving server supports it.
- mandating encrypted access for webmail, IMAP and POP.
- using Perfect Forward Secrecy where possible for all encrypted connections.
- encrypting communications between our data centres.
Like any company, we can never guarantee our measures are 100% effective, as we don't know the full capabilities of any attackers. However, these measures do act to increase the difficulty and expense of any surveillance.
As an Australian company, we are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation. This means we need to see a warrant signed by an Australian judge before we will hand over any email data. Such requests must always be for specific accounts; we do not participate in or co-operate with "fishing expeditions". As a guideline, in the last year we disclosed information on fewer than 50 accounts.
We do not directly disclose any information about our users to law enforcement from outside Australia, and indeed our understanding of Australian law is that it would be illegal for us to do so.
Overseas law enforcement may apply via an appropriate mutual assistance treaty to obtain information on our users. If the request is approved, then Australian documentation will be issued for disclosure of this information.
This distinction may seem academic, but in our experience the extra administrative overhead, and the additional layers of judicial oversight mean that we receive very few valid requests that originate from overseas and they must always be targeted at specific accounts.
We do not condone illegal activity. We deal with all law enforcement requests personally and we are satisfied that all we have seen are justified.
Incoming messages are scanned for the purpose of spam detection unless you disable spam protection for your account. We may also scan some outgoing messages with the same software to prevent people using our service to send spam. Emails you report as spam are automatically analysed to help train our spam filter. Also, if enabled, emails reported as spam are forwarded on to some external email reporting services. These services aim to help monitor and reduce overall spam on the Internet. Currently the services we report to are Return Path and LashBack. These may change in the future. If you don't want this, you can disable the reporting in the FastMail advanced settings.
To make message searching fast, we build an index of your messages (this is a table, just like you would find at the back of a reference book, in which you can look up a word to quickly find the emails in which it appears).
No information from any of these activities is used for any other purpose, or to compile any kind of profile on our users.
We retain backups of deleted messages for at least a week. This is for the purpose of restoring messages in case of accidental deletion. After this point, deleted messages will be purged from all our backups, although the time this takes to happen may vary due to automated load balancing.
We normally keep logs of email and server activity for up to 6 months. This is for the purposes of diagnosing and fixing problems, which are often reported to us weeks or months after they occur. Message subjects may be contained in these logs, but not message bodies. Aggregate or anonymous data, which cannot be linked to individual user accounts, may be kept for longer periods, for the purpose of improving the FastMail service.
Backups and logs may be kept longer than these limits in special circumstances. For example, if a problem is taking a long time to resolve, logs relevant to that investigation may be retained. Or if a server that contains backups or logs is temporarily offline because of a fault, then those backups or logs may not be deleted until the server is brought back up.
These situations are unusual, however, and when they do occur, they are temporary.