TempMail was built from day one with a single guiding principle: your data belongs to you — and we can't give away what we don't have.
These aren't marketing promises — they're technical and legal commitments baked into how we build and operate.
We never log IP addresses, browsing behaviour, or email contents. Our servers write no identifying access logs.
Every email is encrypted in transit with TLS 1.3 and at rest with AES-256-GCM. Keys are rotated every 24 hours.
All messages are permanently deleted when an address expires. There is no archive, backup, or cold storage.
No ad networks, analytics SDKs, tracking pixels, or data brokers. Zero external scripts touch your session.
TempMail is designed to operate without collecting personally identifiable information. When you visit our site or use our service, we do not collect your name, real email address, phone number, or any account credentials — because we require no account.
The only data that temporarily exists on our servers:
The temporary data on our servers exists for one purpose only: to deliver emails to your disposable address and display them in your browser. We do not:
All data tied to a disposable address is permanently and irreversibly deleted when the address expires. Free addresses expire after 60 minutes. Premium addresses can be configured from 10 minutes up to 30 days.
Deletion is not archival. There is no cold storage, no backup recovery path, and no legal hold mechanism that could resurrect deleted messages.
We share no data with third parties. Our infrastructure runs on servers we control. We do not use cloud CDN providers or third-party storage for email content. No analytics, no ad networks, no SaaS data processors touch your emails.
Our infrastructure is audited annually by an independent third-party security firm. All findings above low severity are patched within 72 hours. We operate a responsible disclosure programme — see our security report page for details.
Because we collect no personal data, most traditional GDPR "data subject rights" (access, portability, rectification) are moot — there is no personal data file to access or correct. However, if you believe data about you exists on our systems, contact us and we will investigate.
You have the right to delete your address and all associated emails at any time by closing your session or clicking "Regenerate" in the interface.
As of the date below, TempMail has not received any national security letters, FISA court orders, or gag orders. We have not been compelled to provide backdoor access to our systems and have not been subject to any searches or seizures of servers.
If this canary is ever removed or this statement changes, consider it a signal that something has changed.
Open source, audited, and zero-log by architecture — not policy.
Generate your address