Privacy Policy

Please defer to our Terms as it applies sitewide.

With the exception of errors, outbound SMTP emails, and/or when spam or malicious activity is detected (e.g. for rate limiting):

  • We do not store any forwarded emails to disk storage nor databases.
  • We do not store any metadata about emails to disk storage nor databases.
  • We do not store any logs or IP addresses to disk storage nor databases.

For transparency, at any time you can view our source code to see how the information below is collected and used:

Strictly for functionality and to improve our service, we collect and store securely the following information:

  • We store emails and calendar information in your encrypted SQLite database strictly for your IMAP/POP3/CalDAV access and mailbox functionality.
    • Note that if you are using our email forwarding services only, then no emails are stored to disk or database store as described in Information Not Collected.
    • Our email forwarding services operate in-memory only (no writing to disk storage nor databases).
    • IMAP/POP3/CalDAV storage is encrypted-at-rest, encrypted-in-transit, and stored on a LUKS encrypted disk.
    • Backups for your IMAP/POP3/CalDAV storage is encrypted-at-rest, encrypted-in-transit, and stored on Cloudflare R2.
  • We store a cookie in a session for your website traffic.
  • We store your email address that you provide us with.
  • We store your domain names, aliases, and configurations that you provide us with.
  • We store 4xx and 5xx SMTP response code error logs for 7 days.
  • We store outbound SMTP emails for ~30 days.
    • This length varies based off the "Date" header; since we allow emails to be sent in the future if a future "Date" header exists.
    • Note that once an email is successfully delivered or permanently errors, then we will redact and purge the message body.
    • If you would like to configure your outbound SMTP email message body to be retained longer than the default of 0 days (after successfully delivery or permanent error), then go to Advanced Settings for your domain and enter a value between 0 and 30.
    • Some users enjoy using the My Account > Emails preview feature to see how their emails are rendered, therefore we support a configurable retention period.
    • Note that we also support OpenPGP/E2EE.
  • Any additional information you voluntarily provide us, such as comments or questions submitted to us by email or on our help page.

We do not share your information with any third parties. We also do not use any third-party analytics nor telemetry software services.

We may need to and will comply with court ordered legal requests (but keep in mind we do not collect information mentioned above under "Information Not Collected", so we will not be able to provide it to begin with).

If at any time if you wish to remove information that you have provided us with, then go to My Account > Security and click "Delete Account".

Due to abuse prevention and mitigation, your account may require manual deletion review by our admins if you delete it within 5 days of your first payment.

This process usually takes less than 24 hours and was implemented due to users were spamming with our service, and then quickly deleting their accounts – which prevented us from blocking their payment method fingerprint(s) in Stripe.

This site is protected by Cloudflare and its Privacy Policy and Terms of Service apply.