This page attempts to describe to you clearly and transparently how your data is stored, what you can export, and what you can delete.
includes the sender, subject, body, and attachments
Once we receive an email at one of your Mail Masks, we process it within a few seconds and then delete it permanently from our servers. In detail, that means:
Once you verify an email address with us, we keep a record of it in our database. When you remove a Verified Email from our system, it is permanently erased. Similarly, if you choose to delete your account, we remove and erase all of your Verified Email addresses.
If you sign up for a paid plan, our payment provider, Stripe, will ask you for your name and email address. We don't have the ability to fully remove your name and email address from Stripe's system; however, upon request, we will delete as much of your data from Stripe as we can. Stripe also collects your credit card number, but we don't have access to it.
Your username can be deleted by deleting your account. However, in order to give you a way to recover your Mail Masks in the future, we assign you a random username which you can use to log in and reactivate your account and have access to your Mail Masks.
Your password is never stored in plain text, but instead, is hashed using an industry-standard algorithm called bcrypt. We have no way to read or know your password, nor does any malicious person who were to gain access to our database.
We collect anonymized usage data to help us make Mail Masker better. Specifically, we self-host a privacy-focused analytics tool called Ackee. In short: it runs on our own servers, it doesn't use cookies, and it uses a multi-step process to keep data anonymized.
Our server logs are all set to be automatically deleted after 5 days.
We rely on Google reCAPTCHA to prevent abuse of our service by bots and other automated systems.
And for completeness, here's a list of common things that we don't do:
Mail Masker is a US-based service: it is property of US-based Dewpoint Solutions, Inc. and its servers are located in the US. The reason this is important is because the US is what is known as a "Five Eyes" country with a history of mass government surveillance. For this reason, we have a Warrant Canary page that is updated monthly. More info on Warrant Canaries.
See an issue with this page, or have something you'd like to discuss? We'd love to discuss it with you at data@mailmasker.com.