Privacy

Zero logs, zero traces.

We cannot log what we don't store. Our no-logs policy is enforced by architecture, not just policy text.

What We Don't Log

A complete list of what we never record.

IP addresses of any visitor or user
Browser fingerprints or user agent strings
Email content of any message received
Metadata about who sent emails to your address
Timestamps of when you accessed the service
Which websites you generated addresses for
DNS lookups or browsing behaviour
Any personally identifiable information

Architecture-enforced privacy. Our servers are configured at the OS level to write no access logs. This is verified in every annual independent audit.

What we do temporarily store: Your randomly generated email address and the messages delivered to it — both encrypted at rest and automatically deleted when the address expires.

No Access Logs

Web server access logging is disabled at the nginx configuration level. Verified in every audit.

Encrypted at Rest

The temporary data that exists is encrypted with AES-256-GCM. Keys rotate every 24 hours.

Auto-Deletion

On address expiry, data is deleted — not archived. No cold storage, no recovery path.

No Analytics

No Google Analytics, no Plausible, no Matomo. Zero external analytics scripts on any page.

Nothing to give — even if asked.

We can't hand over what we don't have. That's by design, not by luck.

View warrant canary