Privacy Policy

Last updated: February 14, 2026 · Effective immediately

Plain English summary: We collect the minimum data needed to run the service. We store your emails temporarily so you can read them via API. We don't read your emails for any other purpose. We don't sell your data. We don't track you across the web. When your data's retention period expires, it's gone.

1. Who We Are

AI Email Service ("we," "us," "our") operates the receive-only email service at aiemailservice.com. We are the data controller responsible for your personal data.

Contact: privacy@aiemailservice.com

2. What Data We Collect

We collect different categories of data, each for a specific purpose:

2.1 Account Data

Data	Purpose	Retention
API Key	Authentication	Until account deletion
IP address (at signup)	Trial abuse prevention (1 per IP)	90 days
Wallet address (if provided)	Account recovery, payment association	Until account deletion
Payment metadata (Stripe customer ID, transaction ID)	Payment processing, refunds	As required by tax law (typically 7 years for financial records)

2.2 Email Data

Data	Purpose	Retention
Incoming email content (text, HTML, headers)	Deliver messages to you via API	Trial: 24 hours. Paid: 30 days.
Sender address, subject line	Message listing and filtering	Same as email content
Extracted OTP codes	Automatic code extraction feature	Same as email content
Email attachments	Not stored. Attachments are stripped on receipt.	N/A

2.3 Technical Data

Data	Purpose	Retention
API request logs (endpoint, timestamp, API key hash, response code)	Rate limiting, abuse detection, debugging	30 days
SMTP connection logs (sender IP, envelope info)	Deliverability debugging, abuse prevention	7 days
Error logs	Service reliability	30 days

2.4 What We Do NOT Collect

We do not use cookies or web tracking on our marketing site
We do not use analytics tools (Google Analytics, Mixpanel, etc.)
We do not collect browser fingerprints
We do not store email attachments
We do not collect or store your name, physical address, or phone number
We do not build profiles or behavioral models of our users

3. How We Use Your Data

We use your data only for the following purposes:

3.1 Service Delivery

Receiving and storing incoming emails for your mailboxes
Extracting OTP codes and verification tokens from emails
Delivering messages to you via the API
Processing payments and managing subscriptions

3.2 Service Operations

Enforcing rate limits and preventing abuse
Preventing trial system circumvention
Debugging and resolving technical issues
Maintaining service security and integrity

3.3 What We Do NOT Do With Your Data

We do not:

Read, scan, or analyze your email content for advertising purposes
Train AI models on your email content
Sell, rent, or share your data with third parties for their marketing purposes
Use your data to build profiles or target advertising
Share your email content with any third party, except as required by law
Mine your emails for keywords, trends, or market intelligence

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:

Processing Activity	Legal Basis
Email storage and delivery	Contract performance (providing the service you paid for)
Payment processing	Contract performance
IP logging for trial limits	Legitimate interest (preventing abuse)
API request logging	Legitimate interest (rate limiting, security)
Responding to legal requests	Legal obligation

5. Data Sharing

5.1 Third-Party Service Providers

We share limited data with the following service providers who assist in operating the Service:

Stripe — Payment processing. Stripe receives payment card details directly (we never see your full card number). See Stripe's Privacy Policy.
Hosting provider — Our servers are hosted on infrastructure provided by our hosting partner. They have physical access to servers but not logical access to your data (encrypted at rest).

5.2 We Do Not Sell Data

We do not sell, trade, or otherwise transfer your personal data to third parties for commercial purposes. Period.

5.3 Legal Requirements

We may disclose data if required by law, court order, or government request. We will:

Comply only with legally valid requests
Narrow the scope of disclosure to the minimum required
Notify you of the request where legally permitted
Challenge overbroad requests where appropriate

6. Data Security

We take data security seriously and implement the following measures:

Encryption at rest — Email content is encrypted in our database
Encryption in transit — All API traffic uses TLS. SMTP supports STARTTLS.
Access controls — API key authentication required for all data access
Mailbox isolation — Each API key can only access its own mailboxes
Automatic deletion — Data is automatically purged after retention periods expire
No unnecessary retention — We don't keep data "just in case." When retention expires, it's deleted.
Infrastructure hardening — Firewalls, intrusion detection, regular security updates

No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. In the event of a data breach, we will notify affected users within 72 hours as required by applicable law.

7. Data Retention

We follow a strict data minimization approach:

Data Type	Trial Retention	Paid Retention
Email messages	24 hours	30 days
Extracted codes	24 hours	30 days
API request logs	30 days	30 days
SMTP connection logs	7 days	7 days
IP trial records	90 days	N/A
Account/API key data	Until expiry + 30 days	Until deletion + 30 days
Payment records	N/A	As required by law (up to 7 years)

When a mailbox expires or is deleted, all associated messages are permanently and irreversibly deleted. We do not keep backups of deleted mailbox data.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

8.1 For All Users

Access — You can access all your data via the API at any time (messages, mailbox status, etc.)
Deletion — You can delete any mailbox and all its messages via the API (DELETE /v1/mailbox/{id})
Data portability — You can export all your messages via the API in JSON format at any time

8.2 For EEA/UK Users (GDPR)

In addition to the above, you have the right to:

Rectification — Request correction of inaccurate personal data
Restriction — Request we limit processing of your data in certain circumstances
Object — Object to processing based on legitimate interest
Withdraw consent — Where processing is based on consent, withdraw at any time
Lodge a complaint — File a complaint with your local data protection authority (in the UK, this is the Information Commissioner's Office)

To exercise any of these rights, contact privacy@aiemailservice.com. We will respond within 30 days.

8.3 For California Users (CCPA)

California residents have additional rights under the CCPA:

Right to know — What data we collect and how we use it (this policy)
Right to delete — Request deletion of your personal data
Right to opt-out of sale — We do not sell personal data, so this right is already fulfilled
Non-discrimination — We will not discriminate against you for exercising your rights

9. International Data Transfers

Our servers are located in the European Union. If you access the Service from outside the EU, your data will be transferred to and processed in the EU. The EU provides strong data protection under the GDPR.

For transfers of personal data outside the EEA (e.g., to payment processors), we rely on Standard Contractual Clauses (SCCs) or the service provider's adequacy certifications.

10. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

11. AI-Specific Considerations

Given that our primary users are AI agents:

The human or organization that controls an AI agent is the data subject and rights holder — not the AI itself
AI agents acting on behalf of a human inherit that human's data protection rights
We do not use the content of received emails to train, fine-tune, or improve any AI models — ours or anyone else's
Automated OTP extraction is performed solely for the purpose of delivering the extraction feature to you, not for data mining

12. Cookies & Tracking

Our marketing website (aiemailservice.com) does not use cookies, tracking pixels, or third-party analytics. We don't need to track you to sell you an API key.

Our documentation pages may use a minimal session cookie for navigation state. This cookie:

Contains no personal data
Is not shared with third parties
Expires when you close your browser

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last updated" date at the top
We will post a notice on our website
For significant changes, we will attempt to notify users via API response headers

We encourage you to review this policy periodically.

14. Data Protection Officer

For any questions about this policy or your data, contact our Data Protection Officer:

Email: privacy@aiemailservice.com
Response time: Within 30 days

15. Contact

For privacy-related inquiries: