Privacy Policy

Your inbox is yours.

Plain-English version up top, the detail below. We sell hosting, not you. We store your mail so you can read it on any device — but we do not read it, scan it, profile you from it, or sell anything about you to anyone. This policy explains exactly what we collect, why, and what we never do, in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Last updated · 7 June 2026

§Who we are

Anfon is operated by The IT Dept Pty Ltd (ABN 12 665 405 505), based on the NSW Central Coast, Australia. When this page says "we", "us" or "our", that's who we mean.

This policy covers Anfon and everything you do through it — the webmail app, the API, and your domains and mailboxes.

§What we collect

Account & identity

When you sign up we collect your name, your email address, and a securely hashed version of your password — we never store passwords in plain text and we can't read them back.

Billing

Payments are handled by our payment provider. We see enough to manage your subscription (plan, status, the last few digits of a card, invoice history) but we never see or store full card numbers — those go straight to the payment provider's secure systems.

Domains

To register or manage a domain on your behalf we collect the registration details the registry requires (registrant name and contact details). Some of this may appear in public WHOIS records depending on the domain and any privacy options that apply.

Technical logs

To run the service securely and fight abuse we keep technical logs — things like IP addresses, timestamps, and mail delivery logs (who a message came from and where it went, not its contents). These help us stop spam, block attacks, and diagnose problems.

The contents of your mailboxes

We store your messages, attachments, folders and contacts so you can get to them from any device. We do not read them, scan them, index them for advertising, run them through profiling models, or sell them. Staff access to mailbox content is locked down and only ever happens for a genuine support or safety reason you've asked for or the law requires — never to browse.

§What we don't do

§How we use it

• To provide the service — deliver, send and store your mail, run your domains and mailboxes, and show you the app.
• Billing — to charge your subscription, send invoices, and handle cancellations and refunds.
• Security & anti-abuse — to detect spam, fraud and attacks, and to keep the platform and your account safe.
• Legal obligations — to meet our obligations under Australian law.

We don't use your information for anything outside these purposes without your consent, unless the law allows or requires it.

§Where it lives

Your account data and mailbox content are hosted in Australia. We don't replicate your mailbox content offshore.

A small number of sub-processors handle specific tasks and may process limited data: our payment provider processes billing details, and domain registries/registrars process the registration details a domain requires. Where any of this involves an overseas recipient, we take reasonable steps consistent with APP 8 to make sure your information is handled appropriately.

§Who we share with

We only share personal information with these categories, and only as much as needed:

• Payment processor — to take payments and manage your subscription.
• Domain registrar / registry — to register and renew your domains.
• Infrastructure & hosting — the Australian providers who run the servers our service sits on, under confidentiality obligations.
• Lawful requests — only in response to valid Australian legal process. We read every request carefully, push back on anything overbroad or improper, and disclose only what we're legally required to.

We do not share your information with advertisers or data brokers. Ever.

§Security

We protect your data with encryption in transit (TLS) and encryption at rest, securely hashed passwords, and least-privilege access so staff can only reach what their job genuinely needs. No system is perfectly secure, but we take security seriously and review it regularly.

§Retention

We keep your data while your account is active. After you close your account, we delete your account data and mailbox content within 30 days — except anything we're legally required to keep for longer (for example, certain billing and tax records). Backups cycle out shortly after.

§Your rights under the APPs

Under the Australian Privacy Principles you have the right to:

• Access the personal information we hold about you.
• Correct anything that's wrong or out of date.
• Complain if you think we've mishandled your information.

To exercise any of these, email us at hello@theitdept.au. We'll verify it's really you and respond within a reasonable time.

§Cookies

We use only essential session cookies to keep you signed in to the webmail app and keep it working. There are no third-party advertising or tracking cookies — we don't run ad networks or analytics that follow you around the web.

§Children

Anfon isn't aimed at children under 15. A parent or guardian can of course set up mailboxes for their family, but the account holder must be an adult responsible for it.

§Changes to this policy

If we change this policy we'll update the date at the top, and we'll tell you about anything significant before it takes effect. The current version always lives at this page.

§How to complain

Please contact us first at hello@theitdept.au — we'd much rather sort it out directly. If you're not happy with how we've handled it, you can take your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Want the bigger picture on how we think about this? Read our privacy promise, our terms, and our acceptable use policy.