🔒 NexoraMail is transactional email only — cold email and bulk marketing are strictly prohibited. View Acceptable Use Policy
Home
Platform
Security & Compliance
Pricing
Dashboard
Terms of Service
Privacy Policy
Acceptable Use Policy
Anti-Spam Policy
Data Processing Agreement
Contact
🔒 SOC 2 Ready · CAN-SPAM Compliant · GDPR Compliant

Enterprise Transactional
Email Infrastructure

NexoraMail delivers mission-critical transactional emails — password resets, account notifications, order confirmations, and system alerts — with enterprise-grade reliability for SaaS applications, fintech platforms, and e-commerce systems.

TLS 1.3 Encrypted
AWS SES Infrastructure
99.9% Uptime SLA
Opt-In Only Policy
GDPR & CAN-SPAM
99.4%
Average delivery rate
<0.08%
Complaint rate maintained
850ms
Average time-to-inbox
100%
Transactional use only
Use Cases

Built for Transactional Workflows

NexoraMail handles system-triggered, user-expected email — never cold outreach, bulk marketing, or unsolicited messages.

🔑
Authentication Emails
Password resets, magic link logins, two-factor authentication codes, and account verification emails requiring immediate, reliable delivery.
🛒
Order Notifications
Order confirmations, shipping updates, delivery receipts, and return authorizations for e-commerce and marketplace platforms.
💳
Financial Alerts
Transaction receipts, payment confirmations, invoice delivery, account balance alerts, and fraud notifications for fintech applications.
🔔
System Notifications
Platform alerts, service status updates, API quota warnings, deployment notifications, and infrastructure monitoring alerts.
👤
Account Lifecycle
Welcome emails for new users who signed up, subscription renewal notices, account suspension warnings, and data export ready notifications.
📅
Scheduled Digests
Weekly usage summaries, invoice delivery on billing cycles, scheduled report delivery, and digest notifications explicitly requested by users.
🚫
What NexoraMail Does NOT Support
NexoraMail is a transactional email infrastructure platform exclusively. We do not support, permit, or enable: cold email outreach, bulk marketing campaigns, newsletters to purchased lists, promotional blasts, affiliate email programs, or any email sent to recipients who have not explicitly opted in to that specific communication. Accounts attempting to use NexoraMail for non-transactional purposes are suspended immediately without refund.
Infrastructure

Everything You Need for Reliable Delivery

A complete suite of enterprise email infrastructure tools, built on AWS best practices and designed for high-stakes transactional use cases.

📡
SMTP Relay
High-throughput SMTP relay with TLS enforcement and connection pooling.
REST API
JSON-based RESTful API with SDK support for Python, Node.js, PHP, and Go.
🔐
SPF / DKIM / DMARC
Guided domain authentication setup with automated verification checks.
📊
Real-Time Monitoring
Per-message delivery tracking with live bounce and complaint dashboards.
🚫
Suppression Lists
Automatic suppression of bounced, complained, and unsubscribed addresses.
🔗
Webhooks
Real-time event webhooks for delivery, bounce, open, and complaint events.
⚙️
Rate Limiting
Configurable sending rates with burst protection and queue management.
🤖
Abuse Detection
Automated pattern detection that flags and restricts anomalous sending behavior.
Compliance First

Designed Around Regulatory Requirements

NexoraMail adheres to major international regulations governing electronic messaging and data privacy.

🇺🇸
CAN-SPAM Act Compliance
All outbound messages comply with the U.S. Controlling the Assault of Non-Solicited Pornography And Marketing Act. We enforce sender identification, honest subject lines, and clear opt-out mechanisms on all applicable message types.
🇪🇺
GDPR Data Processing
Our Data Processing Agreement (DPA) covers all EU-originating email data. We process recipient data only as directed by the controller, maintain data minimization standards, and support your GDPR Article 28 obligations.
☁️
AWS Sending Best Practices
Built on AWS infrastructure and designed in accordance with AWS SES sending guidelines. We enforce domain verification, monitor complaint rates against AWS thresholds, and immediately action accounts that risk shared IP reputation.
Onboarding

Up and Running in Four Steps

1
Request Access
Submit your application with your company details and intended use case for compliance review.
2
Verify Your Domain
Add SPF, DKIM, and DMARC DNS records. Sending is disabled until domain authentication is confirmed.
3
Configure API or SMTP
Integrate with your application using our REST API or standard SMTP credentials.
4
Monitor & Scale
Track delivery performance in real time. Expand volume as your application grows.
Developer-First

Simple API,
Powerful Delivery

Send transactional emails with a single API call. Our SDK handles authentication, retries, and error handling. Your application focuses on logic — we handle deliverability.

Python SDK Node.js SDK PHP SDK Go SDK REST API SMTP Relay
send_email.py
import nexoramail
 
# Initialize client
client = nexoramail.Client(
  api_key="nm_live_xK9..."
)
 
# Send transactional email
response = client.send({
  "to": "user@example.com",
  "from": "noreply@yourdomain.com",
  "subject": "Your password reset link",
  "template_id": "pwd-reset-v2"
})
 
# ✓ Message queued: msg_4xK7JmNp...
>>>

Ready for Production-Grade Email?

Join companies that rely on NexoraMail for their most critical transactional communications.

Home Platform
Platform

Complete Email Infrastructure for Developers

Every component your application needs to send transactional emails reliably, securely, and at scale — from SMTP relay to advanced deliverability monitoring.

📡 SMTP Relay

High-Throughput SMTP Relay Service

Connect your application to NexoraMail via standard SMTP with TLS 1.3 enforcement. Our relay service handles connection pooling, automatic retry logic, and queue management — so your application never needs to worry about transient delivery failures.

  • TLS 1.3 enforced on all connections
  • STARTTLS support for legacy integrations
  • Port 587 (submission) and 2525 available
  • Connection pooling for high-volume apps
  • Automatic retry with exponential backoff
SMTP Configuration
# SMTP Connection Settings
SMTP_HOST=smtp.nexoramail.us
SMTP_PORT=587
SMTP_USER=apikey
SMTP_PASS=nm_live_xK9mP2...
SMTP_TLS=STARTTLS
 
# From address must match verified domain
FROM_ADDRESS=no-reply@yourdomain.com
 
✓ Domain verified
✓ DKIM signing active
✓ Sending enabled
POST /v1/messages
// Request
POST https://api.nexoramail.us/v1/messages
Authorization: Bearer nm_live_xK9...
 
{
  "to": ["alice@company.com"],
  "from": "orders@yourapp.com",
  "subject": "Order #8821 confirmed",
  "template_id": "order-confirm",
  "variables": { "order_id": "8821" }
}
 
// Response 200 OK
{ "id": "msg_4xK7JmNpRq", "status": "queued" }
⚡ RESTful API

Fully-Featured RESTful API

Our JSON REST API provides programmatic access to all NexoraMail features. Authenticate with API keys, send messages, manage templates, retrieve delivery logs, and administer suppression lists — all over HTTPS.

  • JSON request/response format
  • Bearer token authentication
  • Idempotency key support
  • Batch send endpoint (up to 1,000/request)
  • OpenAPI 3.0 specification available
All Features

Full Infrastructure Feature Set

🔐
Domain Authentication (SPF/DKIM/DMARC)
Guided setup wizard walks through DNS record configuration. Automated verification checks run every 15 minutes. Sending is blocked until SPF and DKIM are confirmed. DMARC policy enforcement strongly recommended. All authenticated domains display a verified badge in the dashboard.
📊
Real-Time Delivery Monitoring
Live dashboards track every message through the delivery pipeline: queued → submitted → accepted → delivered. Per-domain and per-campaign delivery rate graphs refresh every 60 seconds. Delivery failure reasons are categorized (DNS failure, mailbox full, policy reject, etc.) and surfaced in the event log.
🚨
Bounce & Complaint Tracking
Hard bounces are automatically added to the suppression list and will never be delivered to again. Complaint feedback loops (FBL) from major ISPs are processed in real time. If your complaint rate exceeds 0.08%, an alert is triggered. At 0.1%, sending is automatically restricted until manual review.
🚫
Suppression List Management
Centralized suppression list automatically populated from bounces, complaints, and manual unsubscribes. Import existing suppression data via CSV or API. Any send attempt to a suppressed address is silently dropped and logged. Suppressed addresses are retained indefinitely across account resets.
🔗
Webhook Event Delivery
Subscribe to real-time events: delivered, bounced, complained, opened, clicked, unsubscribed. Signed HMAC payloads verify authenticity. Retry logic with exponential backoff ensures delivery. Webhook logs show delivery history for the past 30 days with manual replay capability.
⚙️
Rate Limiting & Queue Management
Per-account and per-domain send rate limits protect your reputation. Burst allowances handle traffic spikes. Messages that exceed instantaneous rate limits are queued rather than rejected. Configurable queue depth and priority classes ensure critical emails (password resets, fraud alerts) are never delayed.
🤖
Automated Abuse Detection
Machine learning models analyze sending patterns in real time. Anomalies — sudden volume spikes, unusual recipient domains, high invalid-address rates — trigger automatic account reviews. Repeat violations result in permanent suspension. All abuse reports are investigated by our Trust & Safety team within 24 hours.
📝
Template Engine
Manage transactional email templates directly in the dashboard or via API. Support for HTML and plain-text versions. Variable substitution with safe defaults. Template versioning with rollback capability. Preview rendering across major email clients via integrated testing.
🔑
API Key Management
Create scoped API keys with granular permissions (send-only, full-access, read-only). Set expiration dates and IP allowlists per key. Rotate keys without downtime via overlap period. Full audit log of every API key action: creation, usage, rotation, and revocation.

Explore the Full Platform

Request access and see NexoraMail's dashboard with your own transactional data.

Home Security & Compliance
Security & Compliance

Built for the Strictest Compliance Requirements

Infrastructure security, regulatory compliance, and anti-abuse enforcement are not optional add-ons at NexoraMail — they are foundational requirements embedded in every layer of our platform.

🇺🇸
CAN-SPAM Compliant
Enforced at the platform level for all outbound messages.
🇪🇺
GDPR Ready
Data Processing Agreement available. EU data handling documented.
🔒
TLS 1.3 Everywhere
All API calls and SMTP connections require TLS. No plaintext allowed.

Infrastructure Security

🌐
Network Architecture
NexoraMail operates on AWS infrastructure distributed across multiple availability zones. All services run within private VPCs with no direct public internet exposure. Public endpoints are fronted by Web Application Firewalls (WAF) with DDoS mitigation. All internal service-to-service communication is encrypted. Network access control lists (NACLs) restrict traffic to necessary ports and protocols only.
🔑
Data Encryption
All data at rest is encrypted using AES-256 via AWS KMS-managed keys. All data in transit is protected with TLS 1.3 minimum. API keys and SMTP credentials are stored using PBKDF2 key derivation with unique salts per credential. Email content is stored transiently during delivery and purged within 72 hours of final delivery status. Log data is retained for 90 days and encrypted at rest.
🔐
Access Control
Multi-factor authentication (MFA) is required for all dashboard access. Role-based access control (RBAC) supports Admin, Developer, and Viewer roles. API keys are scoped by permission set and can be further restricted to specific IP ranges. All administrative actions are recorded in an immutable audit log retained for 12 months. Privileged infrastructure access requires dual authorization and is logged to a separate, read-only audit store.
🏢
Physical & Organizational Security
All compute infrastructure runs on AWS, which maintains SOC 1/2/3 certifications and ISO 27001 compliance for physical data center security. NexoraMail personnel with infrastructure access are subject to background screening and least-privilege access policies. Security incident response procedures are tested quarterly. Vulnerability scanning is conducted continuously with critical patches applied within 24 hours.

GDPR Compliance

🇪🇺
General Data Protection Regulation (GDPR) – EU 2016/679
NexoraMail acts as a data processor under GDPR when processing email-related personal data on behalf of our customers (who are data controllers). We process recipient email addresses, delivery metadata, and engagement events only as instructed by the controller and only for the purpose of email delivery. Our Data Processing Agreement (DPA) is available upon request and covers all obligations under GDPR Article 28, including sub-processor disclosure, security measures, breach notification, and data subject rights assistance.
Data Minimization
We collect only the data necessary for email delivery: recipient address, message headers, and delivery timestamps. Message body content is not indexed, analyzed for commercial purposes, or retained beyond the delivery window.
Data Subject Rights
We assist controllers in honoring data subject requests for erasure, portability, and access. Suppression list entries can be exported or deleted via API. Erasure requests for delivery logs can be submitted to support@nexoramail.us.
Data Transfers
EU-originating data is processed in AWS us-east-1 (N. Virginia) under Standard Contractual Clauses (SCCs). We do not transfer personal data to countries without adequate protection frameworks without documented controller consent.

Anti-Spam Enforcement Policy

⚠️
Zero Tolerance for Spam
NexoraMail has a strict zero-tolerance policy for spam and unsolicited email. Any account found sending unsolicited messages will be suspended immediately and permanently without refund. We actively monitor sending patterns and recipient feedback to detect and prevent abuse. Attempts to circumvent these policies using false registration information will be reported to relevant authorities.
Complaint Rate Thresholds
We enforce strict complaint rate limits aligned with industry standards and AWS SES guidelines:

0.05% — Warning Alert: Dashboard warning and email notification sent to account owner.

0.08% — Automatic Review: Account flagged for compliance review. Sending continues with monitoring.

0.10% — Automatic Restriction: Sending suspended pending manual compliance review. Account owner must remediate.

0.20%+ — Permanent Suspension: Account permanently suspended with no reinstatement.
Prohibited Sending Practices
The following practices result in immediate account suspension:

• Sending to purchased, rented, or harvested email lists
• Sending to scraped or third-party-sourced addresses
• Cold outreach of any kind
• Bulk marketing campaigns or newsletters without documented opt-in
• Sending to recipients who have not explicitly requested the communication
• Disguising the true sender identity or using deceptive subject lines
• Repeatedly mailing to known-invalid addresses
• Affiliate email marketing of any kind

Sending Requirements

Domain Verification Required Before First Send
All sending domains must complete SPF and DKIM verification before any message can be dispatched. DMARC policy is strongly recommended. Unverified domains are blocked at the API layer. Verification is automated and typically completes within 15 minutes of correct DNS record publication.
Explicit Opt-In Documentation Required
All recipient email addresses must have been explicitly collected through a confirmed opt-in process. Pre-checked consent boxes, double opt-in confirmations, and sign-up form documentation are examples of acceptable consent records. NexoraMail may request evidence of consent practices during onboarding review or compliance investigations.
Unsubscribe Mechanism Mandatory
All non-purely-transactional messages (such as scheduled digests, even those explicitly requested) must include a functioning one-click unsubscribe mechanism. Unsubscribe requests must be honored within 10 days. NexoraMail automatically processes list-unsubscribe headers and adds processed recipients to the account suppression list.
Accurate Sender Identification Required
The "From" header must accurately represent the sending organization. Display names must not impersonate other companies or brands. Return-Path domains must be domains owned by the account holder. Misleading or deceptive sender identification is grounds for immediate suspension and may constitute a CAN-SPAM violation.
List Hygiene Strongly Recommended
We recommend removing hard-bounced addresses promptly (NexoraMail does this automatically), suppressing recipients with long inactivity periods, and periodically re-confirming opt-in for recipient lists older than 12 months. Healthy sending lists correlate directly with delivery rate and inbox placement.
Home Pricing
Pricing

Simple, Transparent Pricing

Predictable monthly pricing based on email volume. All plans include full platform access, domain authentication, real-time monitoring, and compliance enforcement.

Starter
$29/mo
Up to 10,000 emails/month
+$0.80 per 1,000 additional
  • SMTP Relay & REST API access
  • Up to 3 verified sending domains
  • SPF, DKIM, DMARC setup wizard
  • Real-time delivery dashboard
  • Bounce & complaint tracking
  • Automatic suppression list
  • 5 webhook endpoints
  • 7-day event log retention
  • Email support (48hr response)
Most Popular
Growth
$129/mo
Up to 100,000 emails/month
+$0.60 per 1,000 additional
  • Everything in Starter, plus:
  • Up to 10 verified sending domains
  • Dedicated IP addresses (on request)
  • Template management engine
  • Advanced analytics & reporting
  • Batch send API (1,000 msg/request)
  • Unlimited webhook endpoints
  • 30-day event log retention
  • Priority email support (12hr response)
  • Onboarding compliance review
Enterprise
Custom
Custom volume — manual approval required
Compliance review for all high-volume accounts
  • Everything in Growth, plus:
  • Unlimited verified domains
  • Dedicated sending infrastructure
  • Custom IP warm-up plan
  • SLA guarantee (99.9% uptime)
  • 90-day event log retention
  • Dedicated account manager
  • Custom webhook integrations
  • GDPR DPA & MSA included
  • Slack/Teams shared channel support
📋
High-Volume Account Compliance Review
High-volume accounts (Growth and Enterprise) require a compliance review before activation. This review evaluates your use case, recipient list acquisition methods, opt-in documentation, and sending history. Accounts that cannot demonstrate compliant sending practices will not be approved regardless of business size. This process protects all NexoraMail customers by maintaining shared IP reputation and deliverability standards.

Plan Comparison

Feature Starter Growth Enterprise
Monthly volume10,000100,000Custom
SMTP Relay
REST API
Verified domains310Unlimited
Dedicated IPsOn requestIncluded
Webhooks5 endpointsUnlimitedUnlimited + custom
Event log retention7 days30 days90 days
Bounce/complaint alerts✅ + auto-escalation
Suppression list
Template engine
GDPR DPAOn requestOn requestIncluded
SupportEmail 48hrPriority 12hrDedicated manager
Compliance review✅ (mandatory)
SLA guarantee99.9% uptime

Frequently Asked Questions

Can I use NexoraMail to send marketing newsletters?
No. NexoraMail is exclusively a transactional email infrastructure platform. We do not support marketing newsletters, promotional campaigns, or any form of bulk commercial messaging. If you require marketing email capabilities, we recommend dedicated marketing email platforms designed for that purpose. Accounts attempting to use NexoraMail for non-transactional sending will be suspended.
What counts as a "transactional" email?
Transactional emails are messages triggered by a specific user action or system event that the recipient is expecting. Examples include: password reset emails, account verification links, order confirmation and shipping notifications, payment receipts, invoice delivery, two-factor authentication codes, account activity alerts, and application-generated reports explicitly requested by the user. If an email is initiated by your marketing team rather than a user action, it is likely not transactional.
What happens if my complaint rate exceeds your threshold?
If your complaint rate reaches 0.05%, you receive an automatic warning notification. At 0.08%, your account is flagged for compliance review. At 0.10%, sending is automatically suspended and you must complete a compliance remediation process before resuming. At 0.20% or above, the account is permanently suspended. These thresholds protect all NexoraMail customers from shared infrastructure reputation damage.
How long does the compliance review take for Growth/Enterprise accounts?
Standard compliance reviews for Growth accounts are completed within 2 business days. Enterprise accounts with complex sending requirements may require up to 5 business days for a full review, including use case assessment, list hygiene evaluation, and infrastructure sizing. We will communicate with you via email throughout the review process.
Do you offer a free trial?
We offer a limited sandbox environment for development and integration testing. The sandbox allows up to 500 test sends per month to verified test recipient addresses only. Sandbox accounts cannot be used for production sending. To send to real recipients, you must upgrade to a paid plan and complete domain verification.

Start with a Compliance Review

Tell us about your use case and we'll find the right plan for your application.

A
Acme Corp.
Growth Plan
● Active Account
Main
📊 Overview
🌐 Verified Domains
👥 Contact Lists
🚫 Suppression List
Activity
📋 Activity Logs 24
🔗 Webhooks
Account
🔑 API Keys
⚙️ Settings
← Back to Website
Dashboard Overview
Last 30 days — acmecorp.com
All systems operational. Complaint rate 0.06% — within healthy range.
Emails Sent
84,291
↑ 12.4% vs last period
Delivery Rate
98.7%
↑ 0.3% vs last period
Bounce Rate
1.3%
↓ 0.2% vs last period
Complaint Rate
0.06%
↓ 0.01% vs last period
Volume by Email Type
30 Days
Password Resets34,120
Order Confirmations21,880
Account Verification17,340
Payment Receipts8,910
System Alerts2,041
Recent Activity
View all →
msg_4xK7JmNp — Delivered
to: u***@gmail.com · 2 min ago
delivered
msg_9pR2QwXv — Delivered
to: j***@outlook.com · 5 min ago
delivered
msg_3mT8LnKw — Bounced
to: t***@domain.io · 12 min ago
hard bounce
msg_6sA1DqPm — Delivered
to: m***@yahoo.com · 18 min ago
delivered
msg_7vB4EhYc — Queued
to: b***@company.com · 22 min ago
queued
Legal

Legal Documents

Access all NexoraMail legal documents, policies, and agreements.

📄
Terms of Service
The agreement governing your use of NexoraMail platform, services, and APIs.
🔒
Privacy Policy
How NexoraMail collects, uses, and protects personal information and account data.
📋
Acceptable Use Policy
Rules governing acceptable and prohibited uses of the NexoraMail platform.
🚫
Anti-Spam Policy
Detailed enforcement policy for unsolicited email and prohibited sending practices.
🇪🇺
Data Processing Agreement
GDPR Article 28 compliant DPA covering data processing obligations and sub-processors.
✉️
Contact Legal
Send legal inquiries to support@nexoramail.us or our registered business address.
Home Legal Terms of Service

Terms of Service

Last updated: February 1, 2025  |  Effective: February 1, 2025

On This Page
1. Acceptance of Terms 2. Service Description 3. Acceptable Use 4. Account Registration 5. Compliance Requirements 6. Fees & Payment 7. Intellectual Property 8. Limitation of Liability 9. Termination 10. Governing Law

1. Acceptance of Terms

By accessing or using the NexoraMail platform, APIs, SMTP relay services, or any related service operated by NexoraMail Inc. ("NexoraMail," "we," "us," or "our"), you ("Customer," "you," or "your") agree to be bound by these Terms of Service ("Terms"). If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to these Terms. If you do not have such authority, or if you do not agree with these Terms, do not use the Service.

NexoraMail reserves the right to modify these Terms at any time. We will provide notice of material changes via email or through the dashboard. Continued use of the Service after the effective date of any changes constitutes acceptance of the revised Terms.

2. Service Description

NexoraMail provides enterprise-grade transactional email infrastructure services, including SMTP relay, a RESTful API for programmatic email delivery, domain authentication (SPF, DKIM, DMARC), real-time delivery monitoring, bounce and complaint tracking, suppression list management, and webhook event delivery.

NexoraMail is exclusively a transactional email platform. The Service is designed and intended solely for emails that are triggered by user actions or system events and are expected by the recipient. The Service is not designed for, and may not be used for, bulk marketing, promotional campaigns, cold outreach, or any form of unsolicited commercial email.

3. Acceptable Use

You agree to use the Service only for lawful transactional email purposes. You are solely responsible for all content transmitted through your account. You may not use the Service to:

  • Send unsolicited commercial email (spam) or any communication to recipients who have not explicitly opted in
  • Send to purchased, rented, scraped, harvested, or third-party email lists
  • Conduct cold email campaigns, marketing campaigns, or promotional broadcasts
  • Violate the CAN-SPAM Act, GDPR, CASL, or any other applicable anti-spam law
  • Distribute malware, phishing content, or fraudulent messages
  • Impersonate any person or entity or misrepresent your affiliation with any person or entity
  • Engage in any activity that degrades the deliverability of other NexoraMail customers
  • Circumvent rate limits, abuse detection systems, or other technical controls

Violation of this Section will result in immediate account suspension without refund and may be referred to law enforcement.

4. Account Registration

To use the Service, you must register for an account and provide accurate, complete, and current information. You are responsible for maintaining the confidentiality of your credentials and for all activity occurring under your account. Notify NexoraMail immediately at support@nexoramail.us of any unauthorized access.

NexoraMail reserves the right to verify your identity and use case at any time. Accounts may not be shared, sublicensed, or transferred to third parties without prior written consent from NexoraMail.

5. Compliance Requirements

All customers must maintain: a complaint rate below 0.1%, a hard bounce rate below 3%, verified sending domains (SPF + DKIM minimum), and documented opt-in consent for all recipient addresses. Accounts that fail to meet these thresholds will have sending automatically restricted pending compliance review.

High-volume accounts (Growth plan and above) must complete a compliance review prior to activation. NexoraMail may request evidence of opt-in practices, list acquisition methods, and example email content at any time.

6. Fees & Payment

Service fees are as published on the NexoraMail pricing page and are billed monthly in advance. You authorize NexoraMail to charge your payment method on file for all applicable fees. All fees are non-refundable except as required by law or as expressly provided in these Terms. Accounts suspended for policy violations are not eligible for refunds.

NexoraMail reserves the right to modify pricing with 30 days' notice. Continued use after a price change takes effect constitutes acceptance of the new pricing.

7. Intellectual Property

NexoraMail retains all intellectual property rights in the Service, including software, APIs, documentation, and trademarks. You retain all rights in content you transmit through the Service. You grant NexoraMail a limited license to process your content solely to provide the Service.

8. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEXORAMAIL'S TOTAL LIABILITY FOR ANY CLAIMS UNDER THESE TERMS SHALL NOT EXCEED THE FEES PAID BY YOU IN THE THREE MONTHS PRECEDING THE CLAIM. NEXORAMAIL SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR GOODWILL.

9. Termination

Either party may terminate these Terms on 30 days' written notice. NexoraMail may suspend or terminate your account immediately, without notice, if you violate the Acceptable Use Policy, Anti-Spam Policy, or any other material provision of these Terms. Upon termination, your access to the Service will be revoked and your data will be deleted within 90 days.

10. Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes shall be resolved in the courts of New Castle County, Delaware. You consent to personal jurisdiction in such courts.

For any legal notices, contact: NexoraMail Inc., 1209 Orange Street, Wilmington, DE 19801. Email: support@nexoramail.us

Home Legal Privacy Policy

Privacy Policy

Last updated: February 1, 2025

On This Page
1. Information We Collect 2. How We Use Information 3. Data Sharing 4. Data Retention 5. Security 6. Your Rights 7. Cookies 8. Contact Us

1. Information We Collect

NexoraMail collects the following categories of information in connection with operating the Service:

Account Information

When you register for an account, we collect your name, company name, email address, billing information, and information about your intended use case. This information is used to operate your account, process payments, and communicate with you about the Service.

Email Delivery Data

As part of providing the Service, we process email messages, including recipient addresses, message headers, subject lines, and delivery metadata. We do not read, index, or analyze message body content for commercial purposes. Email content is stored transiently during delivery and deleted within 72 hours of final delivery status.

Usage & Technical Data

We collect logs of API calls, SMTP connections, delivery events, bounce notifications, and complaint reports. This data is used to operate and monitor the Service, enforce compliance policies, and provide analytics to customers.

2. How We Use Information

We use information we collect to: provide and operate the NexoraMail Service; authenticate your identity and secure your account; process payments and manage billing; monitor compliance with our Acceptable Use and Anti-Spam policies; detect and prevent fraudulent or abusive sending; provide customer support; send administrative communications about the Service (not marketing); and improve the Service through aggregated, de-identified analytics.

We do not sell your personal information or recipient data to third parties. We do not use recipient email addresses for any purpose other than delivery of your authorized messages.

3. Data Sharing

We share data with third parties only as necessary to operate the Service: AWS (infrastructure and email delivery), Stripe (payment processing), and internal monitoring tools. All sub-processors are bound by data processing agreements. A full sub-processor list is available upon request at support@nexoramail.us.

We may disclose information to law enforcement or regulatory authorities when required by law, subpoena, or court order, or when we believe disclosure is necessary to prevent imminent harm or investigate policy violations.

4. Data Retention

Account information is retained for the duration of your account and for 12 months following account termination. Delivery logs and event records are retained for the period specified by your plan (7, 30, or 90 days for Starter, Growth, and Enterprise respectively). Email message content is deleted within 72 hours. Suppression list entries are retained indefinitely to prevent future delivery to opted-out or bounced addresses.

5. Security

NexoraMail implements industry-standard security measures including TLS 1.3 encryption for all data in transit, AES-256 encryption for data at rest, multi-factor authentication for administrative access, role-based access control, continuous vulnerability scanning, and immutable audit logging. No security measure is perfect; if you suspect unauthorized access to your account, contact support@nexoramail.us immediately.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port personal data we hold about you. To exercise these rights, contact support@nexoramail.us. EU residents may have additional rights under GDPR; see our Data Processing Agreement for details. California residents may have rights under the CCPA, including the right to know, delete, and opt out of sale (we do not sell personal data).

7. Cookies

Our website and dashboard use essential cookies for session management and authentication. We do not use third-party tracking cookies or behavioral advertising cookies. You may disable non-essential cookies in your browser settings without affecting core Service functionality.

8. Contact Us

For privacy-related inquiries, contact NexoraMail Inc. at support@nexoramail.us or by mail at 1209 Orange Street, Wilmington, DE 19801, United States.

Home Legal Acceptable Use Policy

Acceptable Use Policy

Last updated: February 1, 2025

On This Page
Overview Permitted Uses Prohibited Uses Content Standards Enforcement Reporting Abuse

Overview

This Acceptable Use Policy ("AUP") establishes the rules governing the use of NexoraMail's email infrastructure platform. This AUP applies to all customers, users, and any third party acting on behalf of a NexoraMail customer. By using the Service, you agree to comply with this AUP at all times.

NexoraMail is a transactional email infrastructure provider. The Service is designed to deliver expected, legitimate communications — not to facilitate unsolicited messaging of any kind. This distinction is fundamental to how the platform is designed, monitored, and enforced.

Core Principle: Opt-In Only
Every email sent through NexoraMail must be to a recipient who has explicitly opted in to receive that specific type of communication from the sending organization. There are no exceptions to this requirement.

Permitted Uses

NexoraMail may be used for the following purposes, provided all recipients have explicitly opted in:

  • Password reset and account recovery emails
  • Email address verification and account activation
  • Two-factor authentication codes and security alerts
  • Order confirmations, shipping updates, and delivery notifications (e-commerce)
  • Payment receipts, invoices, and billing notifications
  • Account activity alerts (login from new device, unusual activity)
  • Application-generated reports explicitly requested by the user
  • Service status notifications and incident alerts
  • Welcome emails to new users who have completed verified signup
  • Scheduled digest emails to users who have explicitly subscribed

Prohibited Uses

The following uses are strictly prohibited and will result in immediate account suspension:

  • Cold email outreach — any unsolicited email to a recipient with whom you have no prior relationship
  • Purchased or rented list sending — sending to addresses acquired from any third party
  • Scraped list sending — sending to addresses collected by automated means from websites, social networks, or public databases
  • Bulk marketing campaigns — promotional emails, sales campaigns, or advertising to any list
  • Newsletter sending — mass distribution of newsletters unless every recipient has individually subscribed via confirmed opt-in
  • Affiliate marketing — sending on behalf of third parties or promoting affiliate products
  • Deceptive sending — misleading subject lines, forged headers, or impersonation of other organizations
  • Malicious content — phishing, malware distribution, fraud facilitation
  • Harassment — sending to individuals who have requested no further contact

Content Standards

All email content transmitted through NexoraMail must: accurately identify the sending organization; include a valid physical mailing address for the sender; comply with applicable laws in the sender's and recipient's jurisdictions; not contain deceptive subject lines or misleading headers; include a functional unsubscribe mechanism for any recurring message type; not contain content that violates intellectual property rights; and not contain illegal content of any kind.

Enforcement

NexoraMail actively monitors sending behavior using automated systems and manual review. The following enforcement actions may be taken based on policy violations:

  • Warning: Issued for first-time minor violations or threshold approaches.
  • Temporary restriction: Sending suspended pending investigation and remediation.
  • Permanent suspension: Account closed for serious or repeat violations. No refund.
  • Legal referral: Significant violations (large-scale spam, phishing, fraud) may be referred to the FTC, state attorneys general, or other authorities.

Reporting Abuse

To report suspected abuse of the NexoraMail platform, including spam originating from NexoraMail infrastructure, contact support@nexoramail.us with full email headers and a description of the issue. We investigate all reports within 24 hours and take enforcement action as appropriate.

Home Legal Anti-Spam Policy

Anti-Spam Policy

Last updated: February 1, 2025

On This Page
Policy Statement CAN-SPAM Compliance GDPR & International Technical Enforcement Complaint Thresholds Violations & Consequences

Policy Statement

NexoraMail maintains a zero-tolerance policy toward spam and unsolicited email of any kind. As an infrastructure provider, we have both a legal obligation and a fundamental business interest in ensuring our platform is never used to send spam. Every email sent through NexoraMail must comply with this policy, and we enforce it aggressively through automated systems, manual review, and immediate account suspension when necessary.

🚨
Zero Tolerance
Any account found sending unsolicited email will be suspended immediately and permanently. This policy has no exceptions, regardless of the perceived legitimacy of the sender or the nature of the content.

CAN-SPAM Act Compliance

All email sent through NexoraMail must comply with the U.S. CAN-SPAM Act of 2003 (15 U.S.C. § 7701 et seq.). Required compliance elements include:

  • The "From," "To," "Reply-To," and routing information must accurately identify the sending organization
  • Subject lines must not contain deceptive or misleading information
  • All commercial messages must be identified as advertising (where applicable)
  • All commercial messages must include a valid physical postal address of the sender
  • All commercial messages must include a clear and conspicuous unsubscribe mechanism
  • Opt-out requests must be honored within 10 business days
  • Third-party email senders are monitored; customers are responsible for compliance of agents sending on their behalf

GDPR & International Anti-Spam Requirements

For customers sending to recipients in the European Union or European Economic Area, GDPR applies to the processing of recipient personal data. Additionally, Directive 2002/58/EC (ePrivacy Directive) requires prior consent for electronic direct marketing communications. NexoraMail's opt-in requirements meet or exceed these standards.

For recipients in Canada, the Canadian Anti-Spam Law (CASL) requires express consent for commercial electronic messages. For recipients in Australia, the Spam Act 2003 applies. Customers are responsible for ensuring compliance with all applicable jurisdictional laws for their specific recipient populations.

Technical Enforcement

NexoraMail implements the following technical measures to prevent spam originating from our infrastructure:

  • Domain verification requirement: No email can be sent from unverified domains. All sending domains must complete SPF and DKIM verification.
  • Complaint feedback loop (FBL) processing: We receive complaint notifications from major ISPs (Gmail, Yahoo, Outlook) and process them in real time, automatically suppressing complaining recipients.
  • Automated complaint rate monitoring: We calculate complaint rates continuously and apply automatic restrictions at defined thresholds.
  • Anomaly detection: Machine learning models flag unusual sending patterns including sudden volume increases, high invalid-address rates, and atypical recipient domain distributions.
  • Content scanning: Outbound messages are scanned for known spam indicators, phishing patterns, and malicious URLs. Messages flagged by content filters are queued for manual review.
  • IP reputation monitoring: We monitor the reputation of our sending IPs and domains against major blocklists (Spamhaus, SORBS, Barracuda). Accounts contributing to blocklisting are suspended immediately.

Complaint Rate Thresholds

0.00–0.04%
Healthy
0.05–0.07%
Warning
0.08–0.09%
Under Review
0.10%+
Suspended
0.20%+
Terminated

Violations & Consequences

Violations of this Anti-Spam Policy will be handled as follows, depending on severity and whether the violation is intentional:

  • First-time minor violations (e.g., complaint rate approaching threshold): Written warning with compliance guidance. Sending continues with enhanced monitoring.
  • Policy violations under investigation: Sending suspended pending review. Customer must provide documentation of opt-in practices and remediation plan.
  • Confirmed spam sending: Immediate and permanent account suspension. No refund. Negative account history retained.
  • Large-scale spam operations, phishing, or fraud: Immediate suspension plus referral to the FTC, relevant state authorities, and notification to major ISPs and blocklist operators.

Customers whose accounts are suspended for spam violations may not re-register under a different account, company name, or payment method. Circumventing a suspension is a material breach of the Terms of Service.

Home Legal Data Processing Agreement

Data Processing Agreement

Last updated: February 1, 2025  |  GDPR Article 28 Compliant

On This Page
Scope & Definitions Roles & Responsibilities Processing Instructions Security Measures Sub-Processors Data Subject Rights Breach Notification International Transfers Termination & Deletion

Scope & Definitions

This Data Processing Agreement ("DPA") forms part of the NexoraMail Terms of Service and governs the processing of personal data by NexoraMail Inc. ("Processor") on behalf of the Customer ("Controller") in connection with the NexoraMail email infrastructure services. This DPA applies where the Customer transmits personal data of EU/EEA individuals to NexoraMail for processing in the performance of the Service.

"Personal Data" means any information relating to an identified or identifiable natural person as defined in Article 4(1) GDPR. In the context of this DPA, Personal Data primarily consists of recipient email addresses, names embedded in message metadata, and delivery event data linked to identifiable individuals.

Roles & Responsibilities

The Customer acts as the Data Controller and is responsible for: ensuring a lawful basis for the processing of recipient personal data; collecting and maintaining valid consent or other lawful grounds for sending communications; providing data subjects with required privacy notices; and instructing NexoraMail only to process personal data in accordance with applicable law.

NexoraMail acts as the Data Processor and processes personal data only on documented instructions from the Controller, for the purpose of email delivery and related infrastructure services.

Processing Instructions

NexoraMail shall process personal data only as instructed by the Controller and only for the purposes described in the Terms of Service and this DPA. NexoraMail shall not process personal data for its own commercial purposes, share personal data with third parties for advertising, or process personal data in any way inconsistent with the Controller's documented instructions.

If NexoraMail is required by EU or member state law to process personal data in a manner not authorized by the Controller's instructions, NexoraMail shall notify the Controller of this requirement before processing, unless such law prohibits notification.

Security Measures

NexoraMail implements the following technical and organizational measures to protect personal data in accordance with Article 32 GDPR: AES-256 encryption for data at rest; TLS 1.3 for data in transit; access controls restricting personal data access to personnel with a need-to-know; pseudonymization of log data where technically feasible; regular security assessments and penetration testing; employee training on data protection obligations; and documented incident response procedures.

Sub-Processors

NexoraMail uses the following approved sub-processors for the delivery of its services:

  • Amazon Web Services, Inc. (USA) — Cloud infrastructure, compute, storage, and email delivery via AWS SES
  • Stripe, Inc. (USA) — Payment processing (billing data only; no email content)
  • Datadog, Inc. (USA) — Infrastructure monitoring and log analytics

NexoraMail will notify the Controller at least 30 days before adding or replacing sub-processors. The Controller may object to changes within 10 business days by notifying support@nexoramail.us.

Data Subject Rights

NexoraMail shall assist the Controller in fulfilling its obligations under GDPR Chapter III (Data Subject Rights), including access, rectification, erasure, restriction, portability, and objection, to the extent technically feasible and within the scope of the data processed by NexoraMail. Requests should be submitted to support@nexoramail.us. NexoraMail will respond within 72 hours.

Breach Notification

In the event of a personal data breach affecting Controller data, NexoraMail will notify the Controller without undue delay and within 72 hours of becoming aware of the breach. Notification will include: a description of the nature of the breach; the categories and approximate number of data subjects affected; the categories and approximate number of records affected; likely consequences of the breach; and measures taken or proposed to address the breach.

International Transfers

NexoraMail processes EU/EEA personal data on AWS infrastructure located in us-east-1 (Northern Virginia, USA). Such transfers are covered by Standard Contractual Clauses (SCCs) as adopted by the European Commission in Decision 2021/914 (Controller-to-Processor). A copy of the executed SCCs is available upon request at support@nexoramail.us.

Termination & Deletion

Upon termination of the Terms of Service, NexoraMail shall, at the Controller's election, either delete or return all personal data processed under this DPA within 90 days of account closure, and shall delete existing copies unless EU or member state law requires continued storage. NexoraMail will provide written confirmation of deletion upon request.

To execute a signed copy of this DPA for your GDPR compliance documentation, contact support@nexoramail.us.

Home Contact
Contact & Access Request

Get in Touch

Request platform access, ask compliance questions, or reach our support team. All accounts undergo a use-case review before activation.

Request Platform Access

Access to NexoraMail requires a use-case compliance review. Please describe your transactional email use case in detail below.
✉️
Email Support
For all inquiries including technical support, compliance questions, billing, and abuse reports:
support@nexoramail.us
Response time: Within 48 hours (12 hours for Growth/Enterprise)
🏢
Registered Business Address
NexoraMail Inc.
1209 Orange Street
Wilmington, DE 19801
United States
📋
Abuse Reports
To report spam or abuse originating from NexoraMail infrastructure, send full email headers to:
support@nexoramail.us
Subject: Abuse Report — [brief description]
⚖️
Legal & Compliance
For legal notices, GDPR inquiries, data subject requests, and DPA execution:
support@nexoramail.us
Subject: Legal — [brief description]