OpenInbox.io

📱 OpenInbox is now on Android & iOS! Get the app today.

GET IT ONGoogle PlayDownload on theApp Store

OpenInbox on Telegram

Get a temp inbox right inside Telegram.

Open Telegram bot

Custom domains

Use your own domain on paid plans.

Learn More

Privacy Policy

Last updated: June 2, 2026

Introduction

OpenInbox ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our temporary email service.

By using OpenInbox, you agree to the collection and use of information in accordance with this policy. We designed our service with privacy as a core principle — we collect the minimum data necessary to provide our service.

Information We Collect

For Anonymous Users (No Account)

  • Temporary email address (randomly generated)
  • Email content received in your inbox (automatically deleted)
  • IP address (for security and rate limiting only)
  • Basic usage analytics (aggregated, non-personal)

For Registered Users

  • Email address (for account access)
  • Password (encrypted with bcrypt)
  • Display name (optional)
  • Subscription and billing information
  • API usage data
  • Session information

For Mobile App Users (iOS & Android)

Our mobile apps are free to use and supported by advertising for users on the free tier. To deliver ads and keep the apps reliable, the following may be collected (see the Advertising in Our Mobile Apps section below for details and your choices):

  • Advertising identifier (such as Apple's IDFA or Google's Advertising ID) — used by our advertising partner to serve ads, only with your permission
  • Advertising and interaction data (ads shown, taps) and an approximate, IP-derived location used for ad delivery
  • Diagnostics and crash reports, to detect and fix stability issues
  • If you sign in (including Sign in with Apple), your account email and a user identifier for account access

Paid (premium) subscribers do not see ads and are not subject to advertising-related data collection.

What We Do NOT Collect

  • We do not read or analyze your email content
  • We do not sell your personal data
  • We do not collect the contents of your messages, contacts, or photos for advertising

Data Retention

Our service is designed to be ephemeral. Data retention varies based on your plan:

PlanEmail RetentionAccount Data
Free1 hourN/A
7-Day Pass7 daysUntil deletion
Pro7 daysUntil deletion
Business30 daysUntil deletion
PremiumUp to 90 daysUntil deletion

After expiration, emails and associated data are permanently deleted and cannot be recovered.

Security Measures

We implement industry-standard security measures:

  • Encryption: All data is encrypted in transit using TLS 1.3
  • Password Security: Passwords are hashed using bcrypt with salt
  • Two-Factor Authentication: Available for all registered users
  • Rate Limiting: Protection against brute-force attacks
  • Regular Audits: Security assessments and penetration testing
  • Minimal Data: We only store what's absolutely necessary

Third-Party Services

We use the following third-party services:

  • Cloudflare: Email routing, DDoS protection, and CDN
  • Lemon Squeezy: Payment processing (for premium subscriptions)
  • Vercel/Railway: Application hosting
  • Google AdMob: Serves ads to free-tier users in our mobile apps (see the Advertising sections below)
  • Google Firebase: Analytics, Crashlytics (crash reporting), and Cloud Messaging (push notifications) in our mobile apps
  • Apple: Sign in with Apple for account authentication

Each service has its own privacy policy and handles data according to their terms.

Cookies & Advertising

What Are Cookies?

Cookies are small text files stored on your device when you visit websites. They help websites remember your preferences and understand how you use the site.

Cookies We Use

  • Essential Cookies: Required for basic site functionality, such as maintaining your session and remembering your theme preference.
  • Analytics Cookies: Help us understand how visitors interact with our website to improve user experience (aggregated, non-personal data).
  • Advertising Cookies: Used by our advertising partners to show relevant ads (free tier only).

Third-Party Advertising

We display advertisements on our free tier through third-party advertising networks. These partners may use cookies to serve ads based on your prior visits to this website or other websites on the internet.

Advertising Cookies: Our advertising partners may use cookies to serve ads based on your browsing history. You can opt out of personalized advertising by visiting Google's Ads Settings or www.aboutads.info.

Premium subscribers do not see advertisements and are not subject to advertising cookies from our service.

Advertising in Our Mobile Apps

Our iOS and Android apps are free and supported by advertising for users on the free tier. We use Google AdMob to display ads. Paid (premium) subscribers do not see ads, and no advertising identifiers or ad-related data are collected from them.

For free-tier users, AdMob may use your device's advertising identifier (Apple's IDFA or Google's Advertising ID), an approximate location, and information about ads you view to deliver and measure ads.

Your Choices & Consent

  • iOS (App Tracking Transparency): On first launch we ask for your permission before using your device's advertising identifier. If you choose "Ask App Not to Track," we serve only non-personalized ads and do not use the IDFA to track you. You can change this anytime in iOS Settings → Privacy & Security → Tracking.
  • Europe/UK (GDPR): Where required, we show a consent form (Google's User Messaging Platform) and serve personalized ads only if you consent. Otherwise we serve non-personalized ads.
  • Personalized ads are shown only when you have granted the relevant permission/consent above. In all other cases, ads are non-personalized.
  • You can opt out of personalized advertising at any time via Google's Ads Settings or by upgrading to a paid plan, which removes ads entirely.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored and delete them individually
  • Block third-party cookies
  • Block cookies from specific sites
  • Block all cookies
  • Delete all cookies when you close your browser

Note: Blocking essential cookies may affect site functionality.

Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of your data
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Objection: Object to certain data processing

To exercise these rights, contact us at [email protected].

GDPR & CCPA Compliance

We comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). If you are a resident of the European Union or California, you have additional rights under these regulations.

We do not sell personal information as defined under CCPA.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us: