Privacy policy
Written to be actually accurate, not just legally safe. Here's exactly what we collect and what we don't.
No accounts, no personal data
Mailfume does not ask for a name, an email address, a password, or any other personal identifier to use the service. There is no account to create, no profile to fill out, and nothing that links your usage of the site to your real identity. The disposable address you're given is randomly generated and has no connection to you beyond the browser session that requested it.
What we store, and for how long
When you create an inbox, we store the following, and nothing more:
- Received messages — the sender, subject, body, and any attachments of mail sent to your address, kept only until your inbox's timer runs out (60 minutes by default, longer if you use Extend).
- The raw message file — the original file the mail server received, kept on disk only until the same expiry, then deleted by an automated background sweep.
When the timer ends, the inbox, every message in it, and the corresponding raw files are permanently deleted. There are no backups of expired inboxes — once it's gone, it's gone. We designed it this way on purpose: the least risky data to hold is data that no longer exists.
How your IP address is used
Your IP address is used in two limited ways:
- Rate limiting. We track how many inboxes an IP address has created recently, held in memory, to enforce a cap (currently around 30 new inboxes per hour) and prevent automated abuse. This counter is not a persistent log of your activity — it's a rolling, in-memory limit.
- Standard web-server logs. Like essentially any website, our nginx web server records the usual access-log fields (IP address, request path, timestamp, status code) for operational purposes such as debugging and detecting abuse. These are ordinary server logs, not a feature built to track individual users, and we don't cross-reference them against inbox content.
We do not sell, rent, or share any data — message content, IP addresses, or otherwise — with third parties for marketing or any other purpose.
Cookies and local storage
The site stores a private session token in your browser's local storage so it can reopen your specific inbox — this is what keeps your inbox private to your browser tab, as described in the FAQ. It isn't a tracking cookie and isn't used to identify you across sites or sessions.
Advertising (planned, not yet active)
Mailfume is free to use and is intended to stay that way. To cover hosting costs, we plan to show ads on the site. Ads are not live yet at the time of writing. When they are enabled, the ad partner we use may set its own cookies or similar identifiers and may process visitor data (such as IP address and general browsing signals) according to its own privacy policy, independent of what Mailfume itself collects. We'll update this page with specifics once an ad partner is actually integrated, rather than describe a system that doesn't exist yet.
Security measures worth knowing about
Incoming HTML email is sanitized on the server before display and rendered inside a sandboxed frame that cannot execute scripts, load external resources for tracking, or interact with the rest of the page. This protects you from malicious content in mail sent to a disposable address, which — precisely because the address is public and guessable in structure — can attract more automated spam and malicious mail than a private personal inbox would.
Children's privacy
Mailfume is a general-purpose utility and is not directed at children. Because we don't collect any personal information from any user, there is no age-verification mechanism and none is needed to comply with this policy's intent.
Changes to this policy
If how the service collects, stores, or handles data changes — most notably, once advertising goes live — this page will be updated to reflect the actual, current behavior of the service, not a hypothetical one.
This policy describes the service as it actually operates. If you have questions about anything on this page, see the FAQ.