Legal

Acceptable use policy

Last updated: 2 July 2026 - This policy forms part of our Terms of Service.

Scroogle Mail exists so that ordinary people can have genuinely private email. That privacy is a shared resource: one spammer operating from our servers damages deliverability, and trust, for the other 12,000+ mailboxes. So the deal is simple. We defend your privacy without compromise, and you don't use that privacy as cover to harm other people. This page sets out what that means in practice, in plain English.

1. No spam or unsolicited bulk mail

You must not use Scroogle Mail to send unsolicited bulk email of any kind: marketing blasts to purchased or scraped lists, chain letters, "just checking in" cold outreach at scale, or anything else the recipients did not ask for. Sending to people who have genuinely opted in is fine; a mailing list for your club or your customers is fine. Buying a list of ten thousand addresses is not, no matter how "targeted" the seller claimed it was.

If you need to send transactional or high-volume mail from an application, use Scroogle Send, which is built for it and has its own sending rules - don't push it through a personal mailbox.

2. No malware, phishing or credential theft

You must not use the service to distribute malware, host or link to phishing pages, harvest credentials, or impersonate login pages, invoices or delivery notices. We run an anti-abuse desk precisely because our own users are on the receiving end of this rubbish every day - we are not going to be a launchpad for it. Accounts caught doing this are suspended immediately, without the usual warning step.

3. No illegal content or activity

You must not use Scroogle Mail for anything that is illegal under Swiss law or the law that applies to you: child sexual abuse material, terrorism, trafficking, fraud, extortion, threats of violence, or dealing in stolen data. Privacy is for people, not for crimes. Where we are legally required to act on such material through proper Swiss legal process, we do, and we count every such case in our annual transparency report.

4. No impersonation

You must not send mail that impersonates another person, company or institution - forged sender names, look-alike addresses, spoofed display names, or aliases created to pass yourself off as someone you are not. Aliases exist to protect your identity, not to let you assume somebody else's. Parody is fine where it is obviously parody; a message designed to make the recipient believe it came from their bank is not.

5. Fair use of "unlimited" features

Where a plan says "unlimited" - aliases on Plus, for instance - it means unlimited for the ordinary use of one person or team, not unlimited for a script. Creating thousands of aliases programmatically, using your mailbox as a file dump or backup target, relaying mail for third parties, or reselling parts of your account all fall outside fair use. If your usage pattern starts to look like infrastructure rather than a mailbox, we will get in touch before we act - unless it is actively harming the service, in which case we act first and explain straight after.

6. What happens if you break these rules

Enforcement is proportionate. For most violations we follow this ladder:

  1. Warning. We tell you what we saw, which rule it breaks, and what needs to change. Most cases end here - a compromised password, a misjudged mail-out, a script gone feral.
  2. Suspension. If it continues, or the harm is ongoing, we suspend sending (and in serious cases the whole account) while we sort it out with you. Your mailbox contents remain encrypted and intact during a suspension.
  3. Termination. For repeated or serious violations we close the account. Where the terms allow a refund of unused time, we honour it - except in cases of deliberate, serious abuse.

For the immediate-suspension cases - phishing, malware, illegal content - we skip the ladder, as noted above. If you believe we have acted in error, reply to the enforcement notice; a human reviews every appeal.

7. How we handle abuse reports

Anyone - customer or not - can report abuse originating from a Scroogle Mail address via our Report abuse page or by emailing abuse@scrooglemail.com. Reports are read by a person, not a machine, and we aim to acknowledge within one working day. We act on the evidence in the report (message headers, URLs, timestamps) together with our own delivery metadata. We do not share the reporter's identity with the reported account.

8. An honest note about enforcement and zero-access

We cannot read your mail, and that shapes how enforcement works. Zero-access encryption means we have no ability to proactively scan message content for rule-breaking - and we would not want that ability. Enforcement therefore relies on what we can see: reports from recipients and other providers, and metadata signals such as sending volume, bounce rates, recipient complaints and authentication failures. In practice this works well - spam looks like spam from the outside. But it does mean enforcement is reactive by design. That is the trade we have chosen, and we think it is the right one.

9. Changes to this policy

We may update this policy as the service and the abuse landscape evolve. Material changes are announced by email to account holders at least 30 days before they take effect, as described in the Terms of Service. The "last updated" date at the top always tells you when this page last changed.