← Back to BlurMail
Privacy Policy
Last updated: February 27, 2026
BlurMail is designed to protect your privacy. We collect the minimum data necessary to provide the service and never sell, share, or monetize your data.
1. What We Collect
- Device Identifier: A randomly generated UUID stored on your device. This is not linked to your Apple ID, Google account, or personal identity.
- Email Content: Emails received at your generated addresses are stored temporarily in memory (Redis) and automatically deleted when the address expires. We do not persist email content to disk or databases.
- Push Tokens: If you enable notifications, we store your device push token to deliver email arrival alerts. Tokens are deleted when you unregister.
- Purchase Data: Subscription status is managed by RevenueCat, which receives your anonymous app user ID. We do not process or store payment information directly.
- Analytics: We use Firebase Analytics to collect aggregated, anonymized usage data (screen views, feature usage). No personally identifiable information is collected.
- Crash Reports: Firebase Crashlytics collects crash logs to help us fix bugs. These contain device model, OS version, and stack traces — no personal data.
2. What We Don't Collect
- Your real email address
- Your name, phone number, or physical address
- Your location data
- Your contacts or calendar
- Your browsing history
- Credit card or payment details (handled entirely by Apple/Google)
3. Data Retention
Email content is stored only for the duration of your address's time-to-live (TTL):
- Free tier: 30 minutes
- Pro tier: 24 hours
- Pro+ tier: 7 days
After the TTL expires, all email content is permanently and irrecoverably deleted. We cannot recover expired data, even if requested.
4. Data Sharing
We do not sell, rent, or share your data with third parties. Data is only shared with service providers essential to operating BlurMail:
- Firebase (Google): Analytics and crash reporting
- RevenueCat: Subscription management
- Apple/Google: Push notification delivery (APNs/FCM)
- Cloudflare: DDoS protection and DNS
5. Your Rights (GDPR/CCPA)
You have the right to:
- Access: Request what data we hold about your device ID
- Deletion: Request deletion of your device record and associated data
- Portability: Email content is ephemeral and auto-deletes — there is no long-term data to export
To exercise these rights, contact us at [email protected].
6. Security
All data in transit is encrypted via TLS. Email content is stored in memory (not on disk) and protected by server-level access controls. We use Cloudflare for DDoS protection and rate limiting.
7. Children
BlurMail is not intended for children under 13. We do not knowingly collect data from children.
8. Changes
We may update this policy from time to time. Material changes will be communicated through the app. Continued use after changes constitutes acceptance.
9. Contact
Questions about this policy? Email us at [email protected].
Sinbad Labs · BlurMail