Last updated: July 2025

This Privacy Policy explains how [@fuck.it], operated by Paradise Circus Inc., handles your personal information. We're a Delaware corporation with a mailing address at 1178 Broadway, 3rd Floor Ste 4238, New York, NY 10001, United States. Your data lives on secure servers in Germany and is protected by EU privacy laws (GDPR).

Definitions

• Service: The [@fuck.it] email platform.
• User: Any individual using the Service.
• Personal Data: Any data that can identify you, like your email, IP address or billing info.
• We / Us: Paradise Circus Inc.
• You: The individual using [@fuck.it].

1. What We Collect

We only collect what’s needed to run the service:

• Email address & login info: To create and access your account.
• Email content: We store the messages you send and receive as part of providing the service. These are encrypted at rest and accessible only to you (unless shared, reported or legally requested).
• Files & documents: If your plan includes OX Drive or productivity tools, we store the files you upload or edit. These too are encrypted at rest and not accessed unless necessary for abuse handling or support.
• Billing info: If you subscribe, our payment processor handles this. We don’t store your credit card details.
• Logs: Basic IP and timestamp data, for security and anti-spam protection.
• Support communications: If you email us, we keep those emails.

We do not track you, scan your inbox or run ads. Period.

2. How We Use It

We use your data to:

• Operate your email account and inbox content
• Store and serve your emails, uploaded files, and documents - encrypted in transit and at rest, with optional end-to-end encryption on eligible plans.
• Secure the platform against abuse
• Process payments
• Respond to support requests
• Send you critical account emails (that’s part of the service)
• Send optional updates or features (see “User Communications & Consent” in our Terms of Service)
• Manage optional Advanced Security analyses (URL-scan for Real-time Antiphishing protection & Safe Unsubscribe) if the feature is available in your plan and enabled.

3. Legal Basis

We process your data:

• To perform our contract with you (Terms of Service, Art. 6.1(b) GDPR)
• To comply with legal obligations (Art. 6.1(c))
• For security and fraud prevention (legitimate interest, Art. 6.1(f))
• Based on your consent, when applicable - for example, when we send optional product updates or surveys. You can opt out of these at any time.

4. Subprocessors & Data Sharing

We use:

• A payment processor to handle subscriptions
• A hosting company to run the platform

Our email infrastructure is powered by Open-Xchange (OX), a trusted European provider based in Germany. They process data on our behalf under strict GDPR compliance, ISO-certified security and a legally binding data processing agreement.

These partners only get what they need. We do not sell your personal information (no shady data broker stuff here). See our Terms of Service.

5. Data Retention

• Account data is kept while your account is active.
• If you close your account (or your account is terminated), we delete your data within 30 days.
• When you delete an email, it's removed from your inbox and placed in Trash. After it's emptied from Trash, it may still be temporarily recoverable for a short period via the “Recover Deleted Items” feature provided by OX. We don’t keep hidden copies or compliance vaults and we don’t restore deleted messages on request. Once the recovery window passes, the deletion is final.
• Some metadata (like login records, abuse flags or billing logs) may be retained longer if legally required - for example, for tax compliance, security audits or abuse investigations. See also "Data After Termination" in our Terms of Service.
• While [@fuck.it] does not maintain user-accessible backups, our platform partner OX operates encrypted disaster recovery backups to ensure infrastructure resilience. These are strictly for emergency recovery and not available for user-level restores.

OX also maintains high availability standards (see “Service Availability” in our Terms of Service) to keep your mailbox up and running.

6. Cookies

We use one essential session cookie - that’s it.

It keeps you logged in and protects your account from abuse. It disappears when you close your browser. We don’t track you, profile you or sneak in ad cookies. Ever.

7. International Users

Your data is stored in Germany for maximum privacy. If you're outside the EU, you agree to this setup - and if we (as a US company) ever access or transfer your data outside the EU, we do so lawfully, using safeguards like the EU Standard Contractual Clauses to keep your data protected to EU standards. By using the service, you consent to this transfer. See also "Legal Jurisdiction" in our Terms of Service.

8. Regional Frameworks We Follow

[@fuck.it] aligns its data-handling practices with the leading privacy regimes in the places we actively market or serve users. In practical terms that means we meet (or exceed) the following frameworks:

• United States (nation-wide): relevant federal obligations and state-level rules including the California Privacy Rights Act (CPRA / CCPA)
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
• Australia: Privacy Act 1988 & Australian Privacy Principles (APPs)
• New Zealand: Privacy Act 2020
• European Union & EEA: General Data Protection Regulation (GDPR)
• United Kingdom: UK GDPR & Data Protection Act 2018
• Brazil: Lei Geral de Proteção de Dados (LGPD)
• Japan: Act on the Protection of Personal Information (APPI)
• Singapore: Personal Data Protection Act (PDPA)
• South Africa: Protection of Personal Information Act (POPIA)
• Switzerland: Federal Act on Data Protection (FADP)
• Norway: Personal Data Act (implements the GDPR)
• Mexico: Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP)
• India: Digital Personal Data Protection Act 2023 (DPDPA)
• South Korea: Personal Information Protection Act (PIPA)

Because we already apply the strictest standard - GDPR - to all users, most regional rules are satisfied automatically; the list above simply highlights the ones our policy has been cross-checked against. If a new market becomes material, we’ll update this section to reflect any additional local laws.

9. Your Rights

Depending on where you live, you may have rights to:

• Access your data
• Correct inaccurate info
• Request deletion
• Object to or restrict processing
• Withdraw consent
• Get a copy of your data (portability)
• File a complaint with a regulator
• Tell us not to sell your info - not that we do anyway.

To use these rights, email us at privacy@fuck.it. We’ll respond within a reasonable time.

10. Security

We use strong encryption, access controls and server-level protections. Still, no system is perfect. Use a strong password and stay cautious. Enable two-factor authentication (2FA) if we offer it - it’s an extra lock on your door. If we detect a breach, we’ll let you know if it affects your data. For more details, see our Threat Model.

Our infrastructure is certified under ISO 27001, hosted in GDPR-compliant environments and benefits from geo-redundant data centers within Germany. These measures ensure your data remains protected even in case of hardware failures or regional outages.

11. Law Enforcement Requests

We only comply with valid legal requests. If the law allows, we’ll notify you before sharing any data. We never provide bulk access and we push back when we can. For related handling, see our Abuse Policy

12. Do Not Track (DNT/GPC)

[@fuck.it] doesn’t track you. If your browser sends a Do Not Track (DNT) or Global Privacy Control (GPC) signal, we honor it.

13. Children’s Data

[@fuck.it] is not for children and under 18 need not apply either. We don’t knowingly collect data from anyone under 13. If you're underage, don’t use this service. See our "Eligibility" clause in the Terms of Service.

14. Non-Discrimination

Not be discriminated against for exercising these rights (California law says we can’t treat you differently just because you used your privacy rights – and we wouldn’t do that).

15. Artists Featured on [@fuck.it]

We feature digital artists because their work kicks ass and deserves a spotlight. Every piece you see on our site is shown with the artist’s explicit permission - whether through direct agreement, submission or collaboration.

Artists retain full rights to their work. We don’t own it, we don’t sell it - we just proudly feature it across our site, social channels and newsletter as agreed. If you're ever featured and want out, no hard feelings: email support@fuck.it and we’ll remove it, no drama.

16. Policy Changes

We may update this policy. If the changes are big, we’ll tell you. Otherwise, check back here. This page always has the latest version.

17. Contact

For privacy questions, email privacy@fuck.it or write to us at:

Paradise Circus Inc.
1178 Broadway, 3rd Floor Ste 4238
New York, NY 10001
United States

You can also contact us if you need any of this Privacy Policy in an alternative format due to a disability.

That’s it.
We respect your privacy.
That’s the whole point.