SandboxMail (“we”, “us”, “dev-mail”) provides temporary, anonymous mailboxes for developers and teams. This policy explains how we process data when you use our website, APIs, and Telegram bot.
1. Information We Process
SandboxMail is designed to minimize personal data. We only process:
Session identifiers. Random tokens that let you keep a temporary inbox alive. These tokens never include names, emails, or IP addresses.
Message content. Emails you instruct us to receive. Content stays encrypted at rest and is purged after the retention window closes.
Operational metadata. Non-identifying metrics (timestamp, mailbox host, delivery status) needed to troubleshoot abuse, rate limits, and deliverability.
Telegram handle. Only when you bind our bot. We store the chat ID required to push notifications and nothing else.
2. How We Use Data
Deliver transient email to the sandbox inbox you created.
Enforce abuse-prevention rules, including rate limits and filtering malicious payloads.
Provide voluntary notifications (e.g., Telegram pushes) that you explicitly enable.
We never sell, rent, or feed your traffic into advertising or analytics marketplaces.
3. Retention & Deletion
Mailbox contents. Messages are destroyed after the active testing window or immediately when you manually rotate the address.
Backups. Encrypted replicas exist only long enough to ensure service continuity (maximum 48 hours).
Tokens & logs. Session IDs and audit records rotate automatically and are decoupled from network identifiers.
You may request immediate deletion of any remaining data via [email protected]. We respond within five business days.
4. Security Controls
Inbound mail is sanitized to strip tracking pixels, remote scripts, and suspicious attachments.
All storage sits inside a private network segment with strict firewall rules and mandatory encryption.
Access is limited to a minimal operations team with hardware-based MFA and audit logging.
5. Your Choices
Use SandboxMail without revealing a personal identity.
Rotate or delete inboxes at any time via the “New Email” control.
Unbind Telegram instantly by sending /unbind to the bot.
Contact us to access, export, or erase any remaining metadata tied to your token.
6. International Data Transfers
Infrastructure currently resides in the European Union. If we add additional regions, we will keep the same safeguards: encryption, access control, and retention minimization.
7. Updates
We may revise this policy if we add new features or regulatory requirements. Material changes will appear here with a new effective date. Continued use of SandboxMail after an update constitutes acceptance.
8. Contact
Email [email protected] for any privacy request. We answer verified requests within five business days.