Privacy Policy

1. Information We Collect

We collect several types of information to provide and improve our temporary email services:

1.1 Account Information

• Email address: Used for account creation, authentication, and service communications
• Password: Securely hashed and stored for account security
• Profile information: Any additional information you choose to provide

1.2 Usage Information

• Temporary email addresses: Created and managed through our service
• Email content: Emails received at temporary addresses (automatically deleted after expiration)
• Service usage: Features used, frequency of access, and interaction patterns
• Technical data: IP addresses, browser type, device information, and operating system

1.3 Payment Information

• Billing details: Processed securely through Stripe (we do not store payment card information)
• Transaction history: Records of subscription purchases and billing events
• Subscription data: Plan type, billing cycle, and subscription status

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Provision

• Creating and managing temporary email addresses
• Authenticating users and maintaining account security
• Processing and delivering emails to temporary addresses
• Managing subscription plans and billing

2.2 Service Improvement

• Analyzing usage patterns to improve features
• Monitoring service performance and reliability
• Developing new features and capabilities
• Optimizing user experience

2.3 Security and Compliance

• Preventing fraud, abuse, and spam
• Enforcing our Terms of Service
• Complying with legal obligations
• Protecting user and service security

3. Data Storage and Processing

3.1 Supabase

We use Supabase for user authentication, database management, and data storage. Supabase provides enterprise-grade security and compliance:

• Data is encrypted at rest and in transit
• Servers are located in secure data centers
• Access is strictly controlled and monitored
• Regular security audits and compliance certifications

3.2 Data Retention

• Temporary emails: Automatically deleted after expiration (typically 1-24 hours)
• Account data: Retained while your account is active and for a reasonable period after deletion
• Billing records: Retained as required by law and for business purposes
• Usage logs: Retained for security and service improvement purposes

4. Third-Party Services

4.1 Stripe (Payment Processing)

For subscription billing, we use Stripe, a PCI DSS Level 1 certified payment processor:

• Stripe processes all payment information securely
• We do not store credit card numbers or payment details
• Stripe's privacy policy governs payment data handling
• Transaction data is shared with Stripe for payment processing

4.2 Supabase (Backend Services)

Supabase provides our backend infrastructure and data management:

• User authentication and account management
• Database storage and management
• API services and real-time capabilities
• Security monitoring and threat detection

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• Service providers: With Supabase and Stripe for service operation
• Legal compliance: When required by law, court order, or government request
• Business transfers: In connection with a merger, acquisition, or sale of assets
• Protection: To protect our rights, safety, or property, or that of users or others
• Consent: With your explicit consent for specific purposes

6. Your Rights and Choices

6.1 Account Control

• Access: View and update your account information
• Deletion: Delete your account and associated data
• Export: Request a copy of your data
• Correction: Update or correct inaccurate information

6.2 Communication Preferences

• Opt out of promotional emails
• Manage notification settings
• Control service communications

6.3 Data Protection Rights (GDPR)

If you are in the European Union, you have additional rights under GDPR:

• Right to be informed about data processing
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

7. Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: Data encrypted in transit and at rest
• Authentication: Secure login with password hashing
• Access control: Strict access controls and monitoring
• Regular audits: Security assessments and vulnerability testing
• Incident response: Procedures for handling security incidents

8. Cookies and Tracking

We use cookies and similar technologies for:

• User authentication and session management
• Remembering preferences and settings
• Analyzing service usage and performance
• Providing personalized experiences

You can control cookie settings through your browser preferences.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification
• Providing notice through our service

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: [Your Privacy Contact Email]
• Website: [Your Website Contact Page]
• Address: [Your Business Address]

13. Data Protection Officer

If required by applicable law, you can contact our Data Protection Officer at: [DPO Contact Information]