Copyright © 1999–2016 FastMail Pty Ltd
Surveillance and law enforcement
We do not participate in, or co-operate with, any kind of blanket surveillance or monitoring. (We also point out that Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it.)
We also take technical measures where feasible to prevent surveillance of our users occurring without our co-operation, such as:
- using encrypted SMTP for sending your mail when the receiving server supports it.
- mandating encrypted access for webmail, IMAP and POP.
- using Perfect Forward Secrecy where possible for all encrypted connections.
- encrypting all email, contacts, notes and calendar entries while at rest on our servers.
- encrypting communications between our data centres.
Like any company, we can never guarantee our measures are 100% effective, as we don't know the full capabilities of any attackers. However, these measures do act to increase the difficulty and expense of any surveillance.
As an Australian company, we are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation. This means we need to see a warrant signed by an Australian judge before we will hand over any email data. Such requests must always be for specific accounts; we do not participate in or co-operate with "fishing expeditions". As a guideline, in the last year we disclosed information on fewer than 50 accounts.
We do not directly disclose any information about our users to law enforcement from outside Australia, and indeed our understanding of Australian law is that it would be illegal for us to do so.
Overseas law enforcement may apply via an appropriate mutual assistance treaty to obtain information on our users. If the request is approved, then Australian documentation will be issued for disclosure of this information.
This distinction may seem academic, but in our experience the extra administrative overhead, and the additional layers of judicial oversight mean that we receive very few valid requests that originate from overseas and they must always be targeted at specific accounts.
Unless prohibited by law, we will disclose to the account holder when we receive a warrant for their account.
We do not condone illegal activity. We deal with all law enforcement requests personally and we are satisfied that all we have seen are justified.
Australian metadata retention laws
We have reviewed the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 and have received additional legal advice confirming that the metadata retention regime does not apply to FastMail.
This means that FastMail is not obligated to retain metadata relating to email sent/received by our users, nor are we required to provide Australian law enforcement agencies with access to such metadata without a warrant.
Data mining and profiling
Incoming messages are scanned for the purpose of spam detection unless you disable spam protection for your account. We may also scan some outgoing messages with the same software to prevent people using our service to send spam. Emails you report as spam are automatically analysed to help train our spam filter. Also, if enabled, emails reported as spam are forwarded on to some external email reporting services. These services aim to help monitor and reduce overall spam on the Internet. Currently the services we report to are Return Path and LashBack. These may change in the future. If you don't want this, you can disable the reporting in the FastMail advanced settings.
To make message searching fast, we build an index of your messages (this is a table, just like you would find at the back of a reference book, in which you can look up a word to quickly find the emails in which it appears).
No information from any of these activities is used for any other purpose, or to compile any kind of profile on our users.
Employee access to data
Due to the nature of their jobs as system administrators, some of our employees have the capability to access FastMail accounts. We hold all of our employees to the highest ethical standards, and this includes not accessing anyone's account without their permission. If you ask us to look at a specific message, for example because it isn't displaying properly in our interface, we will normally request that you move it to a special folder so we can be sure we won't access anything else.
If we receive abuse reports for an account, backed up with evidence that it has been used for sending spam or fraud, we may look at the account to decide whether to lock it permanently. This is to reduce the likelihood of accidentally locking a legitimate account. In this instance, it will normally be sufficient for us to just scan the subject and preview lines in a mailbox, but not read any full emails (and we certainly have no wish to do so).
We retain backups of deleted messages for at least a week. This is for the purpose of restoring messages in case of accidental deletion. After this point, deleted messages will be purged from all our backups, although the time this takes to happen may vary due to automated load balancing.
We normally keep logs of email and server activity for up to 6 months. This is for the purposes of diagnosing and fixing problems, which are often reported to us weeks or months after they occur. Message subjects may be contained in these logs, but not message bodies. Aggregate or anonymous data, which cannot be linked to individual user accounts, may be kept for longer periods, for the purpose of improving the FastMail service.
Backups and logs may be kept longer than these limits in special circumstances. For example, if a problem is taking a long time to resolve, logs relevant to that investigation may be retained. Or if a server that contains backups or logs is temporarily offline because of a fault, then those backups or logs may not be deleted until the server is brought back up.
These situations are unusual, however, and when they do occur, they are temporary.
Should you close your account, all data will be permanently deleted 7 days after closing. It may take a further 2 weeks to purge from all our backups.