LEGAL
Privacy Policy
Last updated: 5 May 2026
1. Who We Are
LocalMail.dev is a product of Varsuite Media Group Ltd, a company registered in England and Wales (Companies House No. 14243978), VAT No. GB448879915 ("Company", "we", "us", "our"). We are the data controller for personal data you provide when purchasing or using the Service.
This Privacy Policy explains how we collect, use, and store information when you visit localmail.dev and when you purchase LocalMail.dev ("Software"). For questions, contact us at [email protected].
LocalMail.dev the application runs entirely on your local machine. It captures no email data, usage telemetry, or analytics from the app itself. Nothing leaves your computer.
2. Data We Collect and Why
2.1 Website Visitors
This website uses GhostlyX Analytics, a cookieless, privacy-first analytics tool also built by Varsuite Media Group Ltd. We collect: page URL, referrer domain, browser name and version, operating system, device type, and approximate country. We do not store IP addresses. No cookies are set on read-only marketing pages. No cross-site tracking. See our Cookie Policy for full details.
Lawful basis: Legitimate interests (Article 6(1)(f)) in understanding aggregate usage patterns to improve the website. No personal data is retained.
2.2 Account Registration
When you create an account we collect your name and email address. Providing this information is necessary to enter into and perform the contract (your licence purchase). Without it we cannot create your account or deliver the Software. You may register directly with your email and password, or via GitHub or Google OAuth. Where you use OAuth, we receive only the profile data your provider shares (typically name and email). We do not receive your GitHub or Google passwords.
Lawful basis: Performance of a contract (Article 6(1)(b)).
2.3 Purchase Data
When you purchase LocalMail.dev, the transaction is processed by Stripe (Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Dublin 2, Ireland). We receive your name, email address, country, and a payment reference. We never handle or store your card details. Payment instrument data is handled entirely by Stripe. Stripe's privacy policy is available at stripe.com/gb/privacy.
Lawful basis: Performance of a contract (Article 6(1)(b)).
2.4 Licence Data
We store your email address, the licence key issued to you, your purchase date, and your active update period dates. This is used solely to activate your licence and manage update entitlements.
Lawful basis: Performance of a contract (Article 6(1)(b)).
2.5 Transactional Emails
We send transactional emails relating to your account and licence, including a welcome email on registration, your licence details on purchase, and update renewal reminders. These emails are sent via Resend (Resend Inc., 2261 Market Street STE 5901, San Francisco, CA 94114, USA). Resend's privacy policy is available at resend.com/legal/privacy-policy.
Lawful basis: Performance of a contract (Article 6(1)(b)) for licence and purchase emails. Legitimate interests (Article 6(1)(f)) for renewal reminders, which are directly related to your existing relationship with us.
2.6 Contact and Support
When you contact us via the contact form or email, we collect your name, email address, and message content. This is used only to respond to your enquiry. Contact submissions are automatically deleted after 12 months.
Lawful basis: Legitimate interests (Article 6(1)(f)) in responding to your enquiry.
2.7 Technical and Log Data
Our web servers log standard HTTP request metadata (timestamp, status code, response size) for security and operational purposes. We do not log request bodies or personal information in these logs. Server logs are deleted after a maximum of 30 days.
Lawful basis: Legitimate interests (Article 6(1)(f)) in maintaining site security and operational integrity.
3. The Application (LocalMail.dev Desktop App)
The LocalMail.dev desktop application operates entirely offline. It captures emails locally to your machine's file system or a local database. We do not collect, transmit, or have any access to:
- Emails captured by the SMTP server
- Email content, headers, or attachments
- Usage data, feature usage, or crash reports
- Any data about how you use the application
Your email test data never leaves your machine.
4. Social Login (GitHub and Google OAuth)
If you choose to register or sign in using GitHub or Google, you will be redirected to the relevant provider to authenticate. That provider will share limited profile data with us (typically name and email address) upon your authorisation. By using social login you are also subject to that provider's privacy policy:
- GitHub: GitHub Privacy Statement
- Google: Google Privacy Policy
We do not receive your password from either provider. We store only the name and email address returned by the provider, used to create and manage your account in the same way as a direct email registration.
5. Sub-Processors and Data Sharing
We do not sell your data. We share data only with the sub-processors listed below, each bound by a data processing agreement:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Stripe (Stripe Payments Europe Ltd) | Payment processing | Ireland (EEA) |
| Resend (Resend Inc.) | Transactional email delivery | USA |
| Laravel Cloud (Laravel LLC) | Website and application hosting | USA |
| GhostlyX (Varsuite Media Group Ltd) | Cookieless website analytics | United Kingdom |
We do not share data with advertisers or data brokers.
6. International Transfers
Resend and Laravel Cloud are based in the United States. Where personal data is transferred from the UK to these processors, we rely on the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) as the appropriate transfer safeguard. Stripe processes data within the EEA and is subject to EU GDPR adequacy standards. GhostlyX is based in the United Kingdom and no international transfer occurs.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Licence and purchase records | Duration of licence plus 7 years (UK tax law) |
| Account data (name, email) | Until you request deletion, or 2 years after last login if no active licence |
| Contact and support submissions | 12 months from submission |
| Website analytics | Aggregate only, no personal data retained |
| Server logs | 30 days |
8. Your Rights (UK GDPR)
Under UK GDPR you have the following rights:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate data.
- Erasure: request deletion of your data where there is no overriding legal obligation to retain it.
- Restriction: request that we limit processing of your data in certain circumstances.
- Portability: receive your data in a structured, machine-readable format.
- Object: object to processing based on legitimate interests (Article 21). We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise any right, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk or by calling 0303 123 1113.
9. Obligation to Provide Data
Providing your name and email address at registration is a contractual requirement. Without this information we cannot create your account or deliver the Software. You are not legally obliged to provide this data, but if you do not, we will be unable to enter into the contract with you.
Providing data via the contact form is voluntary. You are not obliged to contact us.
10. Data Protection Officer
Varsuite Media Group Ltd does not meet the threshold requiring the appointment of a Data Protection Officer under Article 37 UK GDPR. We are a small company that does not carry out large-scale processing of special category data or systematic monitoring of individuals. For data protection enquiries, contact [email protected].
11. Data Storage and Security
Personal data is stored on servers provided by Laravel Cloud. All data is transmitted over TLS. Passwords are stored using one-way cryptographic hashing. We implement access controls and conduct regular security reviews. In the event of a data breach likely to affect your rights, we will notify the ICO within 72 hours and affected users without undue delay.
12. Children's Privacy
LocalMail.dev is not intended for use by anyone under 16. We do not knowingly collect personal data from children. Contact us at [email protected] if you believe a child has provided us with personal data.
13. Changes to This Policy
We will notify you of material changes at least 14 days before they take effect. The "last updated" date at the top of this page always reflects the current version.
14. Contact
Varsuite Media Group Ltd
Companies House No. 14243978
VAT No. GB448879915
Mentor House, Ainsworth Street
Blackburn, BB1 6AY
United Kingdom
[email protected]