Thunderbird Thunderbird Pro

Privacy Policy

MZLA Privacy Statement

Effective date: Februrary 10, 2026

Welcome to the MZLA Privacy Statement, which applies to all MZLA websites and online services, including Thunderbird Pro Services. This is where we describe how we handle your “Personal Data,” which is information that is directly linked or can be linked to you. It applies to the Personal Data that MZLA Technologies Corporation and its affiliates (Mozilla Foundation and Mozilla Corporation) process as the “Data Controller” when you use our online services, interact with MZLA’s websites, or participate in events or activities such as user surveys and focus groups (collectively, the “Services”).

Personal Data We Collect

Depending on how you use the Services, we may collect Personal Data from you directly, automatically from your device, and/or from third parties. The Personal Data MZLA processes when you use the Services depends on variables like how you interact with our Services (such as through web interfaces, desktop or mobile applications), the Services you use (such as Thundermail, Send, or Appointment), and the features of each Service that you use. Below, we describe the categories of information we may collect through these channels depending upon how you use them:

From You

  • Thunderbird Account Data: We collect certain information when you open a Thunderbird account such as your handle, name, email address, password, payment information and transaction information.
  • User Content and Files: When you use our Services, we collect Personal Data included as part of the information you provide such as email messages, files, calendar and address book entries, inputs, text, documents, images, or feedback.
  • Demographic Information: In some cases, such as when you choose to participate in surveys or focus groups, you may optionally provide us with ethnicity, gender, or similar demographic details.
  • Feedback Data: This consists of information you submit through surveys, reviews, or interactive features.
  • Payment Information: For paid subscriptions and financial contributions, we collect details like name, billing address, and transaction specifics. Payments are processed by a third-party processor and MZLA does not collect or store your payment card or account details.
  • Profile Information: We collect information to enable you create a user profile for your Thunderbird account, which may include a photo, additional email addresses, job title, or biography.
  • Sales and Marketing Data: This includes information provided voluntarily by you for promotional communications, such as name, email address, and company name.
  • Support Data: When you seek customer support, we collect details like code, text, or multimedia files.

Automatically

  • Buttons, Tools, and Content from Other Companies: Our website may contain links or buttons that lead to social media sites like Mastodon and Bluesky and other third-party services like FundraiseUp. Our Services may also contain links or buttons that lead to third-party services like Zoom that may be integrated with the Services. Use of these features may result in data collection. Engaging with these buttons, tools, or content may automatically send certain browser information to these companies. Please review the privacy statements of these companies for more information.
  • Essential Cookies and Similar Tracking Technologies: We use cookies and similar technologies to provide essential functionality like storing settings and recognizing you while using our Services.
  • Non-essential Cookies: Depending on your jurisdiction, we may use online analytics products that use cookies to help us analyze how de-identified users use our Services and to enhance your experience when you use the Services. In some jurisdictions, we only use non-essential cookies after obtaining your consent. See this section for more details and control options.
  • Email Marketing Interactions: Our emails may have web beacons that offer information on your device type, email client, email reception, opens, and link clicks.
  • Geolocation Information: Depending on the Service’s functionality, we collect regional geolocation data in order to improve our Services, such as by troubleshooting and improving email deliverability in certain areas.
  • Service Usage Information: We collect data about your interactions with the Services, such as IP address, device information, session details, date and time of requests, device type and ID, operating system and application version, and performance of specific features or Services.
  • Website Usage Data: We automatically log data about your Website interactions, including the referring site, date and time of visit, pages viewed, and links clicked.

From Third Parties

  • Information from Other Users of the Services: Other users may include information about you through their use of the services, such as in email messages, files, address book contacts, and calendar entries.
  • Services You Linked to Your Thunderbird Account: When you integrate third-party apps or services with our Services, we receive information based on your settings with those services. This can include details like your name and email from services like Zoom when it is integrated with Appointment. The information we receive depends on the third-party’s settings and privacy policies. Always review these to understand what data is shared with our Services.
  • Vendors, Partners, and Affiliates: We may receive information about you from third parties, like vendors, resellers, partners, or affiliates for the purposes outlined in this statement.

Processing Purposes: How We Use Your Personal Data

The Personal Data we process depends on your interaction and access methods with our Services, including the interfaces (web, desktop, mobile apps), services used (e.g. Thundermail, Send, and Appointment), and the features of each service that you choose to use. This section details all the potential ways MZLA may process your Personal Data.

When carrying out these activities, MZLA practices data minimization and uses the minimum amount of Personal Information required.

  • Business Operations: We use Personal Data for activities like billing and accounting. This includes creating aggregated statistical data for internal reporting, financial reporting, revenue planning, capacity planning, and forecast modeling (including product strategy).
  • Thunderbird Account Communication: We use Personal Data to send confirmations, invoices, technical notices, updates, security alerts, and administrative messages.
  • Marketing Communications: When you opt in to receive marketing communications from us, we use Personal Data to inform you about new Services, features, offers, promotions, and other pertinent information.
  • Inference: We generate new information from other data we collect to derive likely preferences or other characteristics. For instance, we infer your general geographic location based on your IP address.
  • Personalization: We use Personal Data to customize the Service to your preferences and to provide a tailored and consistent user experience.
  • Safety and Security: To promote safety, integrity, and security across our Services, we process Personal Data, using both automated and, at times, manual techniques for abuse detection, prevention, and violations of terms of service.
  • Service Provision: We use Personal Data to deliver and update our Services as configured and used by You.
  • Troubleshooting: We use Personal Data to identify and resolve technical issues.
  • Ongoing Service Development and Performance: Personal Data helps us continually develop the Services and meet user needs for reliability, quality, and accessibility. Examples include analyzing deliverability issues based on users’ general geographic region, and using real user data to test new features internally.
  • Complying with and Resolving Legal Obligations: including responding to Data Subject Requests for Personal Data processed by MZLA as Controller (for example website data), tax requirements, agreements, and disputes.
  • Delivering User Support: We use Personal Data to deliver technical support to users and to enhance delivery, efficacy, quality, and security of our product(s) based on issues identified when providing user support.

Sharing of Personal Data

We may share Personal Data with the following recipients:

  • Abuse and Fraud Prevention Entities: We may disclose Personal Data based on a good faith belief it is needed to prevent fraud, abuse, or attacks on our Services, or to protect the safety of MZLA and our users.
  • Affiliates: Personal Data may be shared with MZLA affiliates, including Mozilla Foundation and Mozilla Corporation, to facilitate customer service, marketing, order fulfillment, billing, technical support, and legal and compliance obligations. Our affiliates may only use the Personal Data in a manner consistent with this Privacy Statement.
  • Competent Authorities: We may disclose Personal Data to authorized law enforcement, regulators, courts, or other public authorities in response to lawful requests or to protect our rights and safety.
  • Subprocessors and Service Providers: We may use vendors to provide services on our behalf, including hosting, marketing, social, analytics, support ticketing, credit card processing, or security services. They are bound by contractual obligations to ensure the security, privacy, and confidentiality of your information. Please visit this page to see our list of Subprocessors.
  • Other Third-party Applications: Upon your instruction, we may share Personal Data with third-party service providers (such as Zoom, Google) when you integrate their services with ours. You are responsible for the data you instruct us to share with these applications.
  • Other Users and the Public: Depending on your Thunderbird account settings, we may share Personal Data with other users of the Services and the public (such as when you make a Send file or Appointment calendar publicly accessible). You control what information is made public. To adjust your settings, visit your profile settings and dashboard. Please be aware that any information you share in a collaborative context may become publicly accessible.

Private information: MZLA Access

You control the access to any private information associated with your Thunderbird account, such as emails. MZLA personnel does not access private information without your consent except as provided in this Privacy Statement and for:

  • security purposes
  • automated scanning or manual review for known vulnerabilities, active malware, or other content known to violate our Terms of Service
  • to assist the account owner with a support matter, including when the account owner specifically consents to allow MZLA support staff to log into their account;
  • to maintain the integrity of the Services, or
  • to comply with our legal obligations if we have reason to believe the contents are in violation of the law.

Files shared using Send are end-to-end encrypted with keys accessible only to the account owner. MZLA cannot access the contents of a Send file unless you (or someone with whom you have shared the file) provides the key to us.

Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)

MZLA processes Personal Data in compliance with the GDPR, ensuring a lawful basis for each processing activity. The basis varies depending on the data type and the context, including how you access the services. Our processing activities typically fall under these lawful bases:

  • Contractual Necessity: Processing is required to fulfill our contractual duties to you, in accordance with the MZLA Terms of Service.
  • Legal Obligation: We process data when it’s necessary to comply with applicable laws or to protect the rights, safety, and property of MZLA, our affiliates, users, or third parties.
  • Legitimate Interests: We process data for purposes that are in our legitimate interests, such as securing our Services, communicating with you, and improving our Services. This is done only when these interests are not overridden by your data protection rights or your fundamental rights and freedoms.
  • Consent: We process data when you have explicitly consented to such processing. When we rely on consent as the legal basis, you have the right to withdraw your consent for data processing at any time. The procedures for withdrawal are detailed in this Statement and available on our website.

Your Privacy Rights

Depending on where you reside, you may have specific legal rights regarding your Personal Data:

  • The right to access the data collected about you
  • The right to request detailed information about the specific types of Personal Data we’ve collected over the past 12 months, including data disclosed for business purposes
  • The right to rectify or update inaccurate or incomplete Personal Data under certain circumstances
  • The right to erase or limit the processing of your Personal Data under specific conditions
  • The right to object to the processing of your Personal Data, as allowed by applicable law
  • The right to withdraw consent, where processing is based on your consent
  • The right to receive your collected Personal Data in a structured, commonly used, and machine-readable format to facilitate its transfer to another company, where technically feasible

To exercise these rights, please submit a request here. To verify your identity for security, we may request extra information before addressing your data-related request. Please contact us with any feedback or concerns. Depending on your region, you have the right to complain to your local Data Protection Authority. European users can find authority contacts on the European Data Protection Board website, and UK users on the Information Commissioner’s Office website.

We aim to promptly respond to requests in compliance with legal requirements. Please note that we may retain certain data as necessary for legal obligations or for establishing, exercising, or defending legal claims.

International data transfers

MZLA stores and processes Personal Data in a variety of locations, including your local region, the United States, and other countries where MZLA, its affiliates, subsidiaries, or subprocessors have operations. We transfer Personal Data from the European Union, the United Kingdom, and Switzerland to countries that the European Commission has not recognized as having an adequate level of data protection. When we engage in such transfers, we generally rely on the standard contractual clauses published by the European Commission under Commission Implementing Decision 2021/914, to help protect your rights and enable these protections to travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where MZLA processes personal data, see this article on the European Commission website.

Security and Retention

MZLA uses appropriate administrative, technical, and physical security controls to protect your Personal Data. We’ll retain Personal Data associated with your Thunderbird account as long as your account is active and as needed to fulfill contractual obligations, comply with legal requirements, resolve disputes, and enforce agreements. The retention duration depends on the purpose of data collection and any legal obligations.

Security

MZLA uses administrative, technical, and physical security controls where appropriate to protect your Personal Data.

Contact Us

Contact us via our contact form or by mail to:

MZLA Technologies Corporation
Attn: Mozilla - Privacy
149 New Montgomery St, 4th Floor
San Francisco, CA 94105
USA

If you’re in the UK or EEA, you can also contact our Data Protection Officer at [email protected], or by mail at:

Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels
Belgium

Please specify in your message that your request or inquiry relates to Thunderbird.

Information for Minors

Our Services are not intended for individuals under the age of 13. We do not intentionally gather Personal Data from such individuals. If you become aware that a minor has provided us with Personal Data, please notify us.

Changes to Our Privacy Statement

MZLA may periodically revise this Privacy Statement. If there are material changes to the statement, we will provide at least 30 days prior notice by updating our website or sending an email to your primary email address associated with your Thunderbird account.

Our use of cookies and tracking technologies

Cookies and tracking technologies

MZLA uses cookies to provide, secure and improve our Services or to develop new features and functionality of our Service. For example, we use them to (i) keep you logged in, (ii) remember your preferences, (iii) identify your device for security and fraud purposes, including as needed to maintain the integrity of our Service, (iv) compile statistical reports, and (v) provide information and insight for future development of MZLA products and services. We provide more information below about cookies on MZLA websites, including the cookies we set, the needs we have for those cookies, and the expiration of such cookies.

Our emails to users may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and in what region you are located. We use this pixel tag to make our email communications more effective and to make sure we are not sending you unwanted email.

The length of time a cookie will stay on your browser or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire or are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. You may be able to delete cookie data. For more information, see below.

What are cookies and similar technologies?

We use cookies and similar technologies, such as local storage, and mobile analytics, to operate and provide our Services. Our marketing communications may also contain web beacons set by our vendors.

Cookies are small text files stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

Web beacons are electronic images (also called “single-pixel” or “clear GIFs”) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content.

How do we and our partners use cookies and similar technologies?

The MZLA Services use cookies and similar technologies for a variety of purposes, including to store your preferences and settings, enable you to sign-in, analyze how our Services perform, track your interaction with the Services, develop inferences, combat fraud, and fulfill other legitimate purposes. Some of these cookies and technologies may be provided by third parties, including service providers. For example, our analytics partners may use these technologies in our Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) related to your online activities over time and across Services for various purposes. MZLA may place non-essential cookies on pages where we market products and services to customers.

We and/or our partners also share the information we collect or infer with third parties for these purposes.

The table below provides additional information about how we use different types of cookies:

Purpose Description
Required Cookies MZLA uses required cookies to perform essential website functions and to provide the services. For example, cookies are used to log you in, save your language preferences, improve performance, route traffic between web servers, detect the size of your screen, determine page load times, improve user experience, and for audience measurement. These cookies are necessary for our websites to work.
Analytics We allow third parties to use analytics cookies to understand how visitors use our websites so we can make them better. For example, cookies are used to gather information about the pages our users visit most often and how many clicks it takes for a user to accomplish a task.

What are your cookie choices and controls?

You can control the cookies you encounter on the web using a variety of widely-available tools. For example:

  • If your browser sends a Do Not Track (DNT) signal, MZLA will not set non-essential cookies and will not load third party resources which set non-essential cookies.
  • Many browsers provide cookie controls which may limit the types of cookies you encounter online. Check out the documentation for your browser to learn more.
  • If you enable a browser extension designed to block tracking, such as Privacy Badger, non-essential cookies set by a website or third parties may be disabled.
  • If you enable a browser extension designed to block unwanted content, such as uBlock Origin, non-essential cookies will be disabled to the extent that content that sets non-essential cookies will be blocked.
  • You may use the Global Privacy Control (GPC) to communicate your privacy preferences. If MZLA detects the GPC signal from your device, MZLA will not share your data (we do not sell your data). To learn more, visit Global Privacy Control — Take Control Of Your Privacy

These choices are specific to the browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.

US State Specific Information

This section provides extra information specifically for residents of certain US states that have distinct data privacy laws and regulations. These laws may grant specific rights to residents of these states when the laws come into effect. This section uses the term “personal information” as an equivalent to the term “Personal Data.”

Privacy Rights

These rights are common to the US State privacy laws:

  • Right to Knowledge and Correction: You have the right to request details on the specific personal information we’ve collected about you and the right to correct inaccurate information. You can exercise this right by contacting us. You can also access and edit basic Thunderbird account information in your settings.
  • Right to Know Data Recipients: We share your information with service providers for legitimate business operations, such as data storage and hosting. For more details, please see “Sharing Your Information” below.
  • Right to request Deletion: You reserve the right to request the deletion of your data, barring a few exceptions. Such exceptions include circumstances where we are required to retain data to comply with legal obligations, detect fraudulent activity, investigate reports of abuse or other violations of our Terms of Service, or rectify security issues. Upon receiving your verified request, we will promptly delete your personal information (unless an exception applies), and instruct our service providers to do the same. We employ brief retention terms by design.
  • Right to a Timely Response: You are allowed to make two free requests in any 12-month period. We commit to responding to your request within 45 days. In complex cases, we may extend our response time by an additional 45 days.
  • Non-Discrimination: We will not hold it against you when you exercise any of your rights. On the contrary, we encourage you to review your privacy settings closely and contact us with any questions.

Notice of Collection of Personal Information

We may collect various categories of personal information about our website visitors and users of “Services” which includes MZLA applications, software, products, or services. That information includes identifiers/contact information, demographic information, payment information, commercial information, internet or electronic network activity information, geolocation data, audio, electronic, visual, or similar information, and inferences drawn from such information.

We collect this information for various purposes. This includes identifying accessibility gaps and offering targeted support, fostering diversity and representation, providing services, troubleshooting, conducting business operations such as billing and security, improving products and supporting research, communicating important information, ensuring personalized experiences, and promoting safety and security.

California

Mandatory Disclosures

We also make the following disclosures for purposes of compliance with California privacy law:

  • We collected the following categories of personal information in the last 12 months: identifiers/contact information, demographic information (such as rough geographic location), payment card information associated with you, commercial information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above.
  • The sources of personal information from whom we collected are: directly from you, automatically or from third parties.
  • The business or commercial purposes of collecting personal information are as summarized above under Processing Purposes.
  • We disclosed the following categories of personal information for a business purpose in the last 12 months: identifiers/contact information, demographic information (such as rough geographic location), payment information, commercial information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above. We disclosed each category to third-party business partners and service providers, third-party sites or platforms such as social networking sites, and other third parties as described in the Sharing of Personal Data section of our Privacy Statement.
  • As defined by applicable law, we “shared” the following categories of personal information in the last 12 months: identifiers/contact information, Internet or other electronic network activity information, and inferences drawn from the above. We shared each category to or with data analytics providers and social networks (via “share” buttons and similar embedded links on our website).
  • The business or commercial purposes of sharing personal information are summarized above under Sharing of Personal Data.
  • We do not “sell” or “share” the personal information of known minors under 16 years of age.

Shine the Light Act

Under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers may request further information about our compliance with this law by emailing ([TBD]). Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address.

Removal of Content

California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code Section 22581 to remove, or request and obtain removal of, content or information they have publicly posted. To remove content or information you have publicly posted,, please submit a detailed description of the specific content or information you wish to have removed via our privacy request form. . Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

We value the trust you place in us and are committed to handling your personal information with care and respect. If you have any questions or concerns about our privacy practices, please contact us.

Colorado/Connecticut/Virginia

If you live in Colorado, Connecticut, or Virginia you have some additional rights:

  • If we deny your rights request, you have the right to appeal that decision. We will provide you with the necessary information to submit an appeal at that time.
  • You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. MZLA does not engage in such profiling as defined by Colorado law, so there’s no need to opt out.

Nevada

We do not sell your covered information, as defined under Chapter 603A of the Nevada Revised Statutes. If you still have questions about your covered information or anything else in our Privacy Statement, please reach out to us.