Privacy Policy
Last updated: April 15, 2026
1. What We Collect
When you use SandMail, we collect:
- Account information: Email address and hashed password when you create an account.
- API usage data: Request counts, timestamps, and endpoints called (for rate limiting and billing).
- Email content: Emails received by your temporary inboxes are stored on our servers until the inbox expires or is deleted.
- IP address: For rate limiting and abuse prevention.
2. How We Use Your Data
- To provide the SandMail API service (creating inboxes, receiving emails, extracting OTP codes).
- To enforce rate limits and prevent abuse.
- To process payments and manage subscriptions.
- To send transactional emails (account confirmation, API key delivery).
We do not sell, share, or use your email content for advertising, training, or any purpose other than delivering it to you via the API.
3. Email Content & Retention
- Temporary inbox emails are stored for the duration of the inbox TTL (default: 24 hours).
- When an inbox expires or is deleted, all associated emails are permanently removed from our servers.
- Permanent inboxes (premium) retain emails until manually deleted.
- Webhook payloads are sent to your registered URL and not stored on our servers after delivery.
4. Data Security
- All API communication is encrypted via TLS 1.2+.
- Passwords are hashed using bcrypt.
- API keys are generated using cryptographically secure random tokens.
- Webhook payloads are signed with HMAC-SHA256 for integrity verification.
- Our infrastructure runs on dedicated servers in Europe (France).
5. Third-Party Services
We use the following third-party services:
- Stripe: Payment processing. Subject to Stripe's Privacy Policy.
- Mailjet: Email forwarding relay. Subject to Mailjet's Privacy Policy.
- Cloudflare: DNS and DDoS protection.
6. Your Rights
Under GDPR and applicable privacy laws, you have the right to:
- Access your personal data.
- Request deletion of your account and all associated data.
- Export your data.
- Withdraw consent at any time.
To exercise these rights, contact us at dev@sandmail.dev.
7. Cookies
SandMail uses minimal cookies:
- Authentication cookies: To maintain your dashboard session.
- No tracking cookies. We do not use analytics, advertising, or third-party tracking cookies.
8. Changes
We may update this policy from time to time. We will notify registered users of significant changes via email.
9. Contact
For privacy-related questions, contact us at dev@sandmail.dev.