Your Data

This page attempts to describe to you clearly and transparently how your data is stored, what you can export, and what you can delete.

What we collect

Email content

includes the sender, subject, body, and attachments

Once we receive an email at one of your Mail Masks, we process it within a few seconds and then delete it permanently from our servers. In detail, that means:

  • if your Mail Mask is set up to forward to one of your Verified Emails, then we forward the email and delete the email content from our servers immediately
  • if you've stopped your Mail Mask or otherwise disabled it, we don't forward the email, and we delete the email content immediately
  • if we receive an email at a Mail Mask which hasn't been reserved by anyone, we delete the email content immediately
  • in the event that email content fails to be deleted immediately, then our backup mechanism will delete any email content older than 5 days

Your email address

Once you verify an email address with us, we keep a record of it in our database. When you remove a Verified Email from our system, it is permanently erased. Similarly, if you choose to delete your account, we remove and erase all of your Verified Email addresses.

Payment information

If you sign up for a paid plan, our payment provider, Stripe, will ask you for your name and email address. We don't have the ability to fully remove your name and email address from Stripe's system; however, upon request, we will delete as much of your data from Stripe as we can. Stripe also collects your credit card number, but we don't have access to it.

Your username and password

Your username can be deleted by deleting your account. However, in order to give you a way to recover your Mail Masks in the future, we assign you a random username which you can use to log in and reactivate your account and have access to your Mail Masks.

Your password is never stored in plain text, but instead, is hashed using an industry-standard algorithm called bcrypt. We have no way to read or know your password, nor does any malicious person who were to gain access to our database.

Usage data, analytics, and general logs

We collect anonymized usage data to help us make Mail Masker better. Specifically, we self-host a privacy-focused analytics tool called Ackee. In short: it runs on our own servers, it doesn't use cookies, and it uses a multi-step process to keep data anonymized.

Our server logs are all set to be automatically deleted after 5 days.

reCAPTCHA

We rely on Google reCAPTCHA to prevent abuse of our service by bots and other automated systems.

What we don't collect

And for completeness, here's a list of common things that we don't do:

  • We don't use Google Analytics, Facebook SDKs, or anything else that allows other companies to track you. As mentioned previously, we use Google reCAPTCHA to prevent abuse.
  • We don't set any cookies except the one that keeps you logged in here at MailMasker.com
  • We will never give or sell your information to another company. If for some reason there's a benefit to you in the future that we do so, we'll only do so with your expressed consent.

What risks should I be aware of?

Mail Masker is a US-based service: it is property of US-based Dewpoint Solutions, Inc. and its servers are located in the US. The reason this is important is because the US is what is known as a "Five Eyes" country with a history of mass government surveillance. For this reason, we have a Warrant Canary page that is updated monthly. More info on Warrant Canaries.

See an issue with this page, or have something you'd like to discuss? We'd love to discuss it with you at data@mailmasker.com.