Legal
Effective .
We aim to collect as little as we need to run the Service and to bill for paid plans. This page is a plain-English summary of what we collect, why, and how long we keep it.
What we collect from API users
- Received email messages. Whatever is sent to an address at
mailfade.dev(or at a customer-verified custom domain) is stored in our database and object storage. Bodies, attachments, and raw RFC822 are stored. - Inbox addresses. The full address (local-part + domain) of every received message is indexed so the API can return it.
- Ephemeral request metadata. IP address and timestamp of each API request are used for rate-limiting on the free tier. These are written into short-lived rate-limit buckets that expire within ~25 hours and are then deleted by a scheduled job.
We do not log full request bodies, do not track sessions
across requests, and do not issue any cookies on mailfade.dev or
api.mailfade.dev.
What we collect from paying customers
When you start a checkout session, we collect only what is required to process payment:
- Card payments (Stripe): Stripe collects your card details directly; we never see them. We store the Stripe customer/session ID associated with your invoice so we can fulfill the order.
- Lightning payments (BTCPay): We store the BTCPay invoice ID and payment status. We do not collect or store your Lightning node ID, IP, or wallet address.
If you contact us at [email protected] we will see your email
address and whatever you write in the message.
What we do not do
- We do not sell, share, or rent your data.
- We do not use received email contents to train models.
- We do not run third-party analytics, advertising trackers, session recorders, or chat widgets on this site.
- We do not embed pixels or third-party fonts that phone home.
Retention
| Data | How long |
|---|---|
| Free-tier messages | 1 hour, then deleted |
| Dev-tier messages | 7 days, then deleted |
| Team-tier messages | 30 days, then deleted |
| Scale-tier messages | 90 days, then deleted |
| Rate-limit buckets | up to ~25 hours |
| Invoices (paid) | 7 years (legal requirement for sales records) |
| API key rows | until revoked or expired; then archived |
Deleted messages are removed from D1 and from R2 by our scheduled cleanup worker, which runs every 15 minutes.
Your rights
If you believe MailFade is storing personal data about you (for
example, a third party signed you up to a service using an
@mailfade.dev address), please email [email protected] and we
will investigate and delete on request. Because of the short
retention windows above, the relevant data has often already been
deleted by the time we read your message.
Security
All data in transit is TLS-encrypted. D1 and R2 are encrypted at rest by Cloudflare. API keys are stored as keyed HMAC-SHA256 hashes — the plaintext key is shown only once at checkout and cannot be recovered.
Contact
Privacy questions: [email protected].