The Swaddle Pro is based in the U.S.A company and as such is subject to U.S.A law. U.S.A has strong privacy laws in relation to email, specified in the Telecommunications (Interception and Access) Act 1979.
We do not participate in, or co-operate with, any kind of blanket surveillance or monitoring.
We also take technical measures where feasible to prevent surveillance of our users occurring without our co-operation, such as:
Like any company, we can never guarantee our measures are 100% effective, as we don't know the full capabilities of any attackers. However, these measures do act to increase the difficulty and expense of any surveillance.
As a U.S.A. company, we are required to disclose information about specific individual accounts to properly authorised U.S. law enforcement with the appropriate supporting documentation. This means we need to see a warrant signed by a U.S. federal judge before we will hand over any email data. Such requests must always be for specific accounts; we do not participate in or co-operate with "fishing expeditions". As a guideline, in the last year we disclosed information on fewer than 50 accounts.
We do not directly disclose any information about our users to law enforcement from outside U.S.A, and indeed our understanding of US law is that it would be illegal for us to do so.
Overseas law enforcement may apply via an appropriate mutual assistance treaty to obtain information on our users. If the request is approved, then United States documentation will be issued for disclosure of this information.
This distinction may seem academic, but in our experience the extra administrative overhead, and the additional layers of judicial oversight mean that we receive very few valid requests that originate from overseas and they must always be targeted at specific accounts.
Unless prohibited by law, we will disclose to the account holder when we receive a warrant for their account.
We do not condone illegal activity. We deal with all law enforcement requests personally and we are satisfied that all we have seen are justified.
Incoming messages are scanned for the purpose of spam detection unless you disable spam protection for your account. We may also scan some outgoing messages with the same software to prevent people using our service to send spam. Emails you report as spam are automatically analysed to help train our spam filter. Also, if enabled, emails reported as spam are forwarded on to some external email reporting services. These services aim to help monitor and reduce overall spam on the Internet.
Due to the nature of their jobs as system administrators, some of our employees have the capability to access YCE accounts. We hold all of our employees to the highest ethical standards, and this includes not accessing anyone's account without their permission. If you ask us to look at a specific message, for example because it isn't displaying properly in our interface, we will normally request that you move it to a special folder so we can be sure we won't access anything else.
If we receive abuse reports for an account, backed up with evidence that it has been used for sending spam or fraud, we may look at the account to decide whether to lock it permanently. This is to reduce the likelihood of accidentally locking a legitimate account. In this instance, it will normally be sufficient for us to just scan the subject and preview lines in a mailbox, but not read any full emails (and we certainly have no wish to do so).
We retain backups of deleted messages for at least a week. This is for the purpose of restoring messages in case of accidental deletion. After this point, deleted messages will be purged from all our backups, although the time this takes to happen may vary due to automated load balancing.
We normally keep logs of email and server activity for up to 6 months. This is for the purposes of diagnosing and fixing problems, which are often reported to us weeks or months after they occur. Message subjects may be contained in these logs, but not message bodies. Aggregate or anonymous data, which cannot be linked to individual user accounts, may be kept for longer periods, for the purpose of improving the YCE service.
Backups and logs may be kept longer than these limits in special circumstances. For example, if a problem is taking a long time to resolve, logs relevant to that investigation may be retained. Or if a server that contains backups or logs is temporarily offline because of a fault, then those backups or logs may not be deleted until the server is brought back up.
These situations are unusual, however, and when they do occur, they are temporary.
Should you close your account, all data will be permanently deleted 7 days after closing. It may take a further 2 weeks to purge from all our backups.