Privacy Policy

Last updated: February 22, 2026

Introduction

MinuteMail ("we," "our," or "us") is a privacy-first temporary email service. This policy explains how we handle your information when you use minutemail.co and our API.

Our service is built on privacy-by-default: we do not store IP addresses, we do not track users across sessions, and all mailbox data is automatically and permanently deleted on expiration.

What We Do NOT Collect

  • IP Addresses: Not stored in our databases
  • Personal Information (anonymous users): No name, permanent email, phone number, or address required
  • Device Fingerprints or Location Data
  • Behavioral or Marketing Data: No tracking, profiling, or cross-site analytics

What We Collect

Anonymous Users

  • A temporary, randomly-generated session ID (client-side only, expires after 5 minutes of inactivity)
  • Temporary mailbox data (alias, domain, expiration time) — deleted on expiration
  • Received emails and attachments — deleted when the mailbox expires

Registered Users

  • Email address and hashed password
  • API keys (stored as hashed values), custom domains, and team membership data
  • Subscription plan and billing status (payment details are stored by Stripe, not us)
  • Usage metrics (mailbox counts, API call quotas)

How We Use Your Information

We use your information only to provide and operate the Service: delivering emails, managing accounts and subscriptions, validating API keys, verifying custom domains, and preventing abuse. We do not use your data for advertising, marketing, or selling to third parties.

Data Retention

  • Temporary mailboxes and messages: Permanently deleted on expiration (1–60 minutes)
  • Archived mailboxes: Only the email address is kept — no messages. Can be reactivated to create a fresh empty mailbox
  • Account data: Retained until you delete your account
  • Billing records: Retained for 7 years for tax compliance (Canadian law)

Third-Party Services

  • Stripe: Handles payment processing. We share your email and plan info; Stripe stores your card details. See stripe.com/privacy
  • Keycloak (self-hosted): User authentication on our own infrastructure — no data shared externally
  • CDN: Delivers static assets; no personal data or tracking involved
  • Affiliate links (e.g. NordVPN): Clicking may share referral info with the partner. Clearly disclosed and unrelated to MinuteMail's data practices

Your Privacy Rights

Anonymous users have no stored personal data to request. Registered users have the right to access, correct, delete, or export their data, and to object to or restrict processing. To exercise any of these rights, contact us at support@minutemail.co. We will respond within 30 days.

You may also file a complaint with your local data protection authority (e.g. the CAI in Quebec, OPC in Canada, your EU supervisory authority, or the ICO in the UK).

Data Security

We use HTTPS/TLS encryption in transit, database encryption at rest, bcrypt password hashing, hashed API keys, and row-level security for tenant isolation. No system is completely secure — use MinuteMail for temporary, non-sensitive communications.

Cookies and Local Storage

We use authentication cookies for logged-in users, and local storage for theme preferences and anonymous mailbox state. No tracking or advertising cookies are used. You can clear these at any time through your browser settings.

Children's Privacy

MinuteMail is not intended for children under 13 (or 16 in the EU). If you believe a child has provided us with personal information, contact us at support@minutemail.co and we will delete it promptly.

Changes to This Policy

We may update this policy periodically. Material changes will be posted on our website for at least 30 days and emailed to registered users. Continued use of the Service after changes take effect constitutes acceptance.

Contact

Questions or requests? Contact us at support@minutemail.co.

Privacy Policy Terms of Service

Copyright © 2026 Minutemail - All rights reserved.