Privacy Policy

Privacy Notice (Effective: October 3, 2025)

This notice explains how Jailhouse Mail, LLC (“Jailhouse Mail,” “we,” “us”) handles information when you use our websites and applications to create and send correspondence to people in custody (the “Services”). This notice does not apply to legal mail; we publish a separate policy for that category.

When you use the Services, you should not expect privacy in message content. For safety, security, and compliance with correctional facility rules and applicable law, we monitor, scan, record, and disclose communications and related account activity. Review may be automated or human, and information may be provided to the applicable correctional agency and to law-enforcement authorities as permitted or required by law.

We collect information that you provide (such as identifiers and contact details, account credentials, payment and transaction information, message content and attachments, recipient details, and selections you make within the Services), information that arises from your use of the Services (such as device and usage data, IP address, timestamps, and general app/browser details), and information supplied by payment and antifraud partners and by correctional agencies where necessary to route, deliver, approve, or deny correspondence. We use this information to operate, provide, and secure the Services; to route and process correspondence for facilities; to detect, investigate, and prevent fraud, security threats, and violations of facility rules or law; to comply with legal obligations and respond to lawful requests; to maintain audit trails, quality assurance, continuity, and backups; to support customer service; and to communicate with you about your account, deliveries or denials, and policy updates.

We disclose information to the correctional agencies we serve and their personnel so they can deliver or deny mail, enforce their rules, investigate safety or security issues, and maintain their records; to law-enforcement authorities in line with legal requirements or for safety and security purposes; to service providers who support hosting, security, payments, customer support, analytics, and content screening under written agreements that restrict their use to our instructions; to professional advisors (such as lawyers, auditors, and insurers); and in connection with a corporate transaction. We may also preserve or disclose information when responding to subpoenas, court orders, warrants, or other legal process, or to enforce our terms, protect people, or investigate suspected unlawful or prohibited activity.

For most records we handle on behalf of a correctional agency, that agency is the controller of those records and we act as its service provider/processor. We do not “sell” personal information and we do not “share” it for cross-context behavioral advertising, as those terms are defined by the California Consumer Privacy Act as amended by the CPRA. We use essential cookies/SDKs to operate the Services and limited analytics to improve reliability and security. Non-essential cookies can be controlled in your browser or device settings; essential cookies are required for core functionality. We do not respond to Do Not Track signals because we do not engage in cross-context behavioral advertising. We do not use sensitive personal information to infer characteristics about you and use it only as reasonably necessary for security, fraud prevention, identity verification, or to provide the Services.

We retain information for as long as reasonably necessary to operate the Services, meet contractual and legal obligations, maintain accurate records, resolve disputes, support safety and security, and protect our rights. Message content and related processing records are retained for the term of our contract with the relevant facility and for no less than five (5) years after that contract ends, unless a longer period is required by law, an investigation, a legal hold, or facility policy. Payment and billing records are kept as required by tax, accounting, and fraud-prevention rules. When applicable retention periods end, we delete or de-identify information unless a legal hold applies.

We implement administrative, technical, and physical measures designed to protect information appropriate to the nature of the data and the risks involved, including layered controls, access limitation, and personnel screening consistent with our operations. No method of transmission or storage is completely secure. The Services may be operated in the United States and in other locations; by using them, you understand your information may be transferred to jurisdictions with different data-protection laws than your own. This notice is governed by applicable United States law. Local facility policies may further control how certain records are handled.

Depending on where you live, you may have rights to request access to, correction of, or deletion of personal information, to opt out of sales or “sharing,” to limit certain uses of sensitive personal information, and to appeal our responses. Because we do not sell personal information and do not share it for cross-context behavioral advertising, those opt-out rights do not apply to such activities here. To exercise available rights, you or your authorized agent may contact us using the details below. If you use an authorized agent, we may require proof of authorization and may ask you to verify your identity directly with us. We verify requests in a manner commensurate with the sensitivity of the data involved. If we deny your request, you may appeal by replying to our decision notice; we will review and respond within 45 days unless a longer period is permitted by law. We will not discriminate against you for making a privacy request permitted by law. The Services are intended for adults; we do not knowingly collect personal information from children under 13.

We may update this notice to reflect changes in our practices or legal requirements. Changes to this notice apply on a going-forward basis from the effective date unless otherwise required by law. Material changes will be posted here with an updated effective date and, where appropriate, additional notice.