Privacy Policy
- Only you read your mail. No ads, no content scanning, no selling data — and staff never see message content.
- Support sees technical metadata only (counters, dates, connection info) and only when handling your request.
- External images in letters stay blocked until you allow them.
- We keep the few records we need, for as long as stated below — then they are purged on schedule.
1. What we store
Account data: your address, password hash (never the password itself), settings, and — only if you add them — a backup email and/or a Telegram binding. Your mail: stored encrypted at rest on our servers until the mailbox is closed (retention rules in section 3). Security log: your own sign-ins and settings changes (IP address, approximate location, browser), kept 12 months, visible to you in Settings → Security. Operational audit: internal actions of our own staff systems, kept at least 24 months — this log is about our accountability and is never shown publicly.
2. What we never do
We do not read, scan or analyze the content of your mail for advertising, profiling or any other purpose. Staff members cannot open message content from the support tools — they see metadata only (for example: how many messages, when the last one arrived, from which IP you signed in). We do not sell or share your data with third parties. There are no advertising trackers on the site.
3. Retention schedule
Spam folder: purged automatically after 30 days. Messages removed by support: restorable for 90 days, then purged. Security log: 12 months. Operational audit: 24 months minimum. Web sessions: removed 90 days after they end. Closed mailboxes: the address is never re-issued; stored mail is removed after closure per the Terms.
4. Cookies
Three first-party cookies only: your session, your language choice, and your theme choice. No analytics cookies, no third-party cookies.
5. Remote content in letters
Letters often contain images hosted by the sender, which can reveal your IP address and the fact that you opened the letter. CatMail blocks them by default; they load only after you press "Show images" for that letter.
6. Security
Passwords are stored as modern salted hashes. Two-factor authentication (TOTP with one-time backup codes) is available for every mailbox. Internally, the mail server components run with least privilege — the component that answers "does this address exist" physically cannot read password hashes or mail.
7. Your controls
You can end any session ("sign out everywhere"), change your password, enable or disable two-factor and IMAP/POP access, and manage recovery options in Settings. A full mailbox export (standard .mbox format) is planned so your mail is always yours to take.
8. Contact
Privacy questions: the Help & FAQ or the support form (coming with launch). Abuse and privacy reports: abuse@ on any of the service's domains.
See also: Terms of Service · Who can read my mail — in plain words