Atmosphere Mail

Effective April 16, 2026

Atmosphere Mail LLC operates the relay. Here is exactly what we collect, why, and for how long.

§1 · What we collect

The data we hold

Your DID and registered sending domain(s).
A salted hash of your API key — the plaintext key is only ever shown once, at enrollment.
DKIM keypairs issued to your domain. Private keys are stored encrypted at rest and never leave our servers.
Send logs: per-message sender DID, recipient address, From/To headers, timestamps, delivery status code, and bounce disposition. We do not store message bodies after handoff to the queue.
Rate-limit counters: short-window send counts per DID used to enforce hourly and daily limits.
Bounce records: inbound DSN classifications per DID so we can suspend senders with pathological bounce rates.
Suppression list: recipients who used the one-click unsubscribe header, keyed per sender DID.
IP addresses of SMTP clients, kept only in transient logs for abuse investigation and rotated out under the retention schedule below.

§2 · What we do not collect

Data we deliberately avoid

We do not retain full message bodies past delivery. We do not set web tracking cookies, fingerprint browsers, or embed third-party analytics on any of our pages. We do not sell or rent member data to anyone, under any circumstances.

§3 · Retention

How long we keep it

Terminal message logs (sent, bounced): 30 days, then purged.
Rate-limit counters: 48 hours rolling window.
Suppression entries: for the life of the member record — unsubscribes must persist.
Member record: indefinitely while active; removed on request.

§4 · Sharing

Who else sees this

We publish a small set of public atproto labels about your DID via our cooperative labeler at labeler.atmos.email. Today that's verified-mail-operator and relay-member. These are signed, network-visible, and any atproto consumer can read them — intentionally so, since the point is to let third parties verify you're a cooperative member.

Send events and bounce outcomes feed our internal Trust & Safety rules engine (Osprey), which derives operational reputation signals (e.g. highly_trusted, auto_suspended). These are internal-only — they drive throttling, warming, and SMTP-time enforcement, but they are not published as atproto labels and do not leave the relay's process boundary.

We do not share message content, recipient lists, or API keys with anyone.

§5 · Your rights

Access, correction, deletion

You can fetch your member status and current labels via the API-key-authenticated /member/status endpoint. To correct or delete your member record, write to postmaster@atmos.email from a mailbox you can prove control of (or sign the request with your DID's signing key). We respond to verified requests within 14 days.

§6 · Security

How we protect it

API keys are stored as salted hashes. DKIM private keys are encrypted at rest. Host access is restricted to the LLC's operations team and uses hardware-keyed SSH. If we discover a breach that exposes member data we will notify affected members without undue delay.

§7 · Contact

Reach us

Atmosphere Mail LLC — postmaster@atmos.email