Privacy Policy

Last updated: April 20, 2026

What we collect

When you sign up via GitHub OAuth, we store your GitHub user ID, username, and primary email address. This is used for account identification and billing.

Email data

Emails received by your inboxes are stored temporarily in Cloudflare R2 and D1. Email content is automatically deleted when the inbox TTL expires or when you manually delete an inbox. We do not read, analyze, or share your email content beyond the extraction features you explicitly request (OTP codes, verification links).

API keys

API keys are hashed (SHA-256) before storage. We cannot recover your API key after creation. The unhashed key is shown once at creation time.

Billing

Payment processing is handled by Stripe. We do not store credit card numbers. Stripe's privacy policy applies to payment data.

Analytics

We use Cloudflare Web Analytics (cookieless, privacy-focused). No third-party trackers.

Data location

Data is stored on Cloudflare's global network. We do not transfer data to third parties except as described above (Stripe for billing).

Deletion

You can delete your account and all associated data by contacting us. Inbox data is automatically deleted per TTL settings.

Contact

Questions about privacy: privacy@mailsink.dev