TmpMail Privacy Policy

Last Updated: 01/07/2025

Welcome to TmpMail, a temporary email service designed to protect your privacy. This Privacy Policy explains how we collect, use, store, and protect your data when you use our service. By using TmpMail, you agree to the terms outlined in this policy.

1. Introduction

TmpMail provides temporary email addresses that automatically expire after a set period. Our service is designed to help you maintain your privacy by avoiding the need to use your personal email address for short-term purposes. We prioritize your privacy and do not collect or store any personal identification information.

2. Data We Collect

• Session Data: We use session cookies to manage your temporary email address and session state. This data includes your temporary email address, session expiration time, and CSRF tokens. Session data is stored in Redis and automatically deleted after 10 minutes.
• Email Data: Emails received by your temporary email address are stored temporarily in Redis and automatically deleted after 10 minutes. We do not store any email content beyond this period.
• Usage Data: We use Google Analytics to collect anonymous usage data, such as page views and interactions, to improve our service. This data does not identify you personally.
• Advertisements: We use Google AdSense to display ads. Google may collect data as described in their Privacy Policy.

3. How We Use Your Data

• Session Management: Session data is used to maintain your temporary email address and ensure the security of your session.
• Email Delivery: Email data is temporarily stored to allow you to view received emails within the session period.
• Service Improvement: Anonymous usage data helps us understand how our service is used and make improvements.
• Advertisements: Ad data is used to display relevant ads through Google AdSense.

4. Data Storage and Protection

• Storage: All session and email data is stored in Redis with a strict expiration time of 10 minutes. After this period, the data is automatically deleted.
• Security Measures:
  • HTTPS: All data transmission is encrypted using HTTPS.
  • HSTS: We enforce HTTPS with Strict-Transport-Security to prevent downgrade attacks.
  • CSRF Protection: We use CSRF tokens to protect against cross-site request forgery.
  • Content Security Policy (CSP): We restrict the sources of scripts and resources to trusted domains.
  • Attachment Restrictions: Only image attachments (PNG, JPEG, GIF) are allowed to prevent malicious content.
• No Personal Data: We do not collect or store any personal identification information, such as your name, address, or IP address.

5. Third-Party Services

• Google Analytics: We use Google Analytics to collect anonymous usage data. Learn more in their Privacy Policy.
• Google AdSense: We use Google AdSense to display ads. Google may collect data as described in their Privacy Policy.
• Redis: We use Redis to store temporary session and email data. Redis is configured to automatically delete data after 10 minutes.

6. Your Rights

• Data Access: You can view your temporary email address and received emails during the session period.
• Data Deletion: All session and email data is automatically deleted after 10 minutes. You can also manually delete your session by closing the browser or changing your email address.
• Opt-Out: You can opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

8. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at [email protected].