Privacy Policy

Privacy Notice (Updated: November 17, 2025)

This notice explains how Jailhouse Mail, LLC handles information when you use our websites and applications to create and send correspondence to people in custody. This notice does not apply to legal mail; we publish a separate policy for that category.

When you use the Services, you should not expect privacy in message content. For safety, security, and compliance with correctional facility rules and applicable law, we monitor, scan, record, and disclose communications and related account activity. Review may be automated or human, and information may be provided to the applicable correctional agency and to law enforcement authorities as permitted or required by law.

We collect information that you provide such as identifiers and contact details, account credentials, payment and transaction information, message content and attachments, recipient details, and selections you make within the Services. We also collect information that arises from your use of the Services such as device and usage data, IP address, timestamps, and app or browser details. We receive information from payment partners, antifraud partners, and correctional agencies where necessary to route, deliver, approve, or deny correspondence. We use this information to operate, provide, and secure the Services; to route and process correspondence for facilities; to detect, investigate, and prevent fraud, security threats, and violations of facility rules or law; to comply with legal obligations and respond to lawful requests; to maintain audit trails, quality assurance, continuity, and backups; to support customer service; and to communicate with you about your account, deliveries or denials, and policy updates.

When physical mail is processed through our Services, we create digital images, scans, metadata, processing records, analytical outputs, and other data generated by our systems. This is called Derivative Data. Derivative Data includes digital reproductions of mail, image files, metadata, timestamps, classifications, machine generated tags, and outputs from automated or manual review processes. Jailhouse Mail retains all rights, title, and interest in Derivative Data and in any models, analytics, technologies, or systems developed from it. Ownership of Derivative Data does not include ownership of the content of the original physical mail, which remains with the sender and the receiving correctional facility. We may use Derivative Data to operate, secure, maintain, improve, train, and develop our systems, including tools and models used for safety, security, fraud detection, content screening, and operational efficiency.

We disclose information to the correctional agencies we serve and their personnel so they can deliver or deny mail, enforce their rules, investigate safety or security issues, and maintain their records. We disclose information to law enforcement authorities in line with legal requirements or for safety and security purposes. We disclose information to service providers who support hosting, security, payments, customer support, analytics, and content screening under written agreements that restrict their use to our instructions. We disclose information to professional advisors such as lawyers, auditors, and insurers, and in connection with a corporate transaction. We may preserve or disclose information when responding to subpoenas, court orders, warrants, or other legal process, or to enforce our terms, protect people, or investigate suspected unlawful or prohibited activity.

For most records we handle on behalf of a correctional agency, that agency is the controller of those records and we act as its service provider. We do not sell personal information and we do not share it for cross context behavioral advertising as defined by the California Consumer Privacy Act as amended by the CPRA. We use essential cookies and SDKs to operate the Services and limited analytics to improve reliability and security. Non essential cookies can be controlled in your browser or device settings. Essential cookies are required for core functionality. We do not respond to Do Not Track signals because we do not engage in cross context behavioral advertising. We do not use sensitive personal information to infer characteristics about you and use it only as reasonably necessary for security, fraud prevention, identity verification, or to provide the Services.

We retain information for as long as reasonably necessary to operate the Services, meet contractual and legal obligations, maintain accurate records, resolve disputes, support safety and security, and protect our rights. Message content and related processing records are retained for the term of our contract with the relevant facility and for no less than five years after that contract ends, unless a longer period is required by law, an investigation, a legal hold, or facility policy. Derivative Data may be retained indefinitely for operational, analytical, security, system improvement, and model development purposes unless prohibited by law. Payment and billing records are kept as required by tax, accounting, and fraud prevention rules. When applicable retention periods end, we delete or de identify information unless a legal hold applies.

We implement administrative, technical, and physical measures designed to protect information appropriate to the nature of the data and the risks involved, including layered controls, access limitation, and personnel screening consistent with our operations. No method of transmission or storage is completely secure. The Services may be operated in the United States and in other locations. By using the Services, you understand your information may be transferred to jurisdictions with different data protection laws than your own. This notice is governed by applicable United States law. Local facility policies may further control how certain records are handled.

Depending on where you live, you may have rights to request access to, correction of, or deletion of personal information, to opt out of sales or sharing, to limit certain uses of sensitive personal information, and to appeal our responses. Because we do not sell personal information and do not share it for cross context behavioral advertising, those opt out rights do not apply here. To exercise available rights, you or your authorized agent may contact us using the details below. If you use an authorized agent, we may require proof of authorization and may ask you to verify your identity directly with us. We verify requests in a manner commensurate with the sensitivity of the data involved. If we deny your request, you may appeal by replying to our decision notice. We will review and respond within forty five days unless a longer period is permitted by law. We will not discriminate against you for making a privacy request permitted by law. The Services are intended for adults. We do not knowingly collect personal information from children under thirteen.

We may update this notice to reflect changes in our practices or legal requirements. Changes to this notice apply on a going forward basis from the updated date unless otherwise required by law. Material changes will be posted with an updated date and, where appropriate, additional notice.