Privacy & data retention
What we store, why, and for how long. This page is generated from the same configuration the running system enforces — it can't drift from reality.
What we never store
- Message contents (for normal aliases). Mail is processed and forwarded; we don't keep the body or subject after delivery. The one exception is aliases you explicitly switch to inbox mode, whose messages you asked us to store — those are kept for a limited time and you can delete them any time.
- An identity. Signing up needs no email, name, or password. Your account is a number.
- Content scans. Anti-abuse — and our anti-phishing warnings — work on rate, reputation, and message authentication (SPF/DKIM/ DMARC results our mail server computes), never by reading your mail. At no point does alias scan the body or subject of your emails.
Anti-phishing, without reading your mail
We warn you when a forwarded message fails its sender domain's DMARC — the clearest sign it's a spoofed/phishing email. That check looks only at the authentication result (did the message legitimately come from the domain it claims?), which our own mail server derives from the sender's public SPF/DKIM/DMARC records. We do not, and technically need not, look at what the email says. It's on by default and you can turn it off account-wide or per alias.
What we keep, and for how long
| Data | Why | Retention |
|---|---|---|
| Delivery metadata (which alias, delivered/bounced) | Your activity feed; bounce and rate limits | 3 days, then deleted |
| Bounce records | Auto-disable an alias forwarding to a dead mailbox | 3 days, then deleted |
| Login sessions | Keep you logged in | 30 days, or until you log out |
| Inbox-mode stored messages (opt-in per alias) | So you can read mail for aliases with no forwarding mailbox | 30 days, or until you delete them |
| Aliases, mailboxes, contacts | The service itself | Until you delete them or your account |