Privacy Policy

We believe in data minimization. We only store what is strictly necessary to provide the email service.

1. Registration Data

When you register, we store exactly three things in our database table users:

We do not store your IP address, user agent, or personal email during registration.

2. Logs & Telemetry

3. Email Storage

Emails are stored on disk using standard Maildir format. They are yours. When you delete an email via IMAP or Webmail, it is removed from the disk.

Encryption at rest: Mail that arrives already PGP-encrypted is stored encrypted exactly as received. Mail that arrives in plaintext is stored as received — we do not currently add server-side encryption to incoming plaintext messages. For true end-to-end confidentiality, your correspondents should encrypt to your published public key. Note that PGP key pairs generated on our server are stored encrypted in our database, which means the operator technically has the ability to access them; if you require that the operator never has access to your private key, generate your key pair on your own device and import only the public key.

We do not scan your emails for advertising. We do not sell your data.

4. Cookies

We only use session cookies (PHPSESSID) required to keep you logged in to the web interface. These are ephemeral.

5. Right to Erasure

You can delete your account at any time via the Delete Account page. This action is permanent.

Last Updated: 2026-07-07

Home | Terms | Privacy | Contact | Status | Blog

TOR Main | TOR Mail | TOR Blog | I2P Main | I2P Mail | I2P Blog