ephemask

Privacy Policy

Last updated: April 2026

1. Introduction

Ephemask ("we", "our", "us") operates the ephemask.com website and related services. This Privacy Policy explains how we collect, use, and protect your information when you use our disposable email service.

2. Data We Collect

2.1 Inbox Data

Emails received by your temporary inbox are stored temporarily and automatically deleted when the inbox expires (10 minutes for free users, up to 60 minutes for premium users). We do not read, analyze, or share the content of emails received in your inbox.

2.2 Account Data

When you create an account, we generate an anonymous user ID. If you choose to add an email address (optional for free users, used for login recovery), we store that email address. Premium users provide payment information which is processed by Stripe — we do not store credit card details.

2.3 Analytics

We use Google Analytics 4 to collect anonymous usage statistics (page views, device type, general location). This data is aggregated and cannot identify individual users.

2.4 Local Storage

We use browser localStorage to store your session credentials (user ID, API key) and language preference. This data stays on your device and is not transmitted to third parties.

3. How We Use Your Data

  • To provide the temporary email service
  • To authenticate your account and manage subscriptions
  • To send magic link login emails (if you provide an email)
  • To improve the service through anonymous analytics
  • To display advertisements to free users (via Google AdSense)

4. Data Retention

Inbox data: Automatically deleted when the inbox expires. Raw email files are deleted from storage within 24 hours.

Account data: Retained until you delete your account or request deletion.

Payment data: Managed by Stripe and RevenueCat according to their respective privacy policies.

5. Data Sharing

We do not sell your data. We share data only with:

  • Stripe — payment processing
  • RevenueCat — subscription management
  • Amazon Web Services — infrastructure hosting
  • Google — analytics and advertising
  • Vercel — website hosting

6. Your Rights

Under applicable data protection laws (including LGPD for Brazilian users and GDPR for EU users), you have the right to:

  • Access your personal data
  • Request correction of your data
  • Request deletion of your data
  • Withdraw consent for data processing
  • Data portability

To exercise these rights, contact us at legal@ephemask.com.

7. Security

We use industry-standard security measures including encrypted connections (TLS), token-based authentication, and automatic data deletion. However, no system is 100% secure. Use our service at your own risk.

8. Children

Our service is not intended for users under 13 years of age. We do not knowingly collect data from children.

9. Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date.

10. Contact

For questions about this privacy policy, contact us at legal@ephemask.com.

Ephemask
Brazil