Legal

Privacy Policy

Last updated: May 30, 2026

This Privacy Policy describes what data the UrusMail service collects and processes, for what purposes, and how it is protected. We follow the principle of data minimization: if data is not necessary for the Service to function, we don't collect it.

1. Data Controller

The data controller is UrusMail (urusmail.pro). For privacy inquiries: admin@urusmail.pro

2. Data We Collect

We do not collect personal user data in the traditional sense. During Service operation, the following is temporarily stored: • The created mailbox name (local part) and selected domain — only for the inbox's active period (5 minutes) • A hash of the access token — a technically necessary key to link messages to the inbox • Incoming emails — exclusively during the inbox's active period • Standard web server access logs — without linking to user identity, retained for no more than 24 hours We do not collect: user IP addresses in the database, tracking cookies, geolocation data, behavioral analytics.

3. Security Tools — Data Processing

UrusMail provides several additional security tools. Here is how each one handles data: • Password Generator — passwords are generated entirely in the user's browser. No data is transmitted to our servers or stored. • Data Breach Checker — to perform a check, the entered email address is sent to a public third-party API (proxynova.com). We do not store entered addresses. Use this tool mindfully. • Photo EXIF Cleaner — uploaded images are processed exclusively in the user's browser. Files are not transmitted to our servers and are not stored. • Secret Notes — the note text is encrypted and stored in our database until first read or until expiration (maximum 24 hours). After reading, the note is permanently destroyed. We cannot read the content of an encrypted note. • URL Scanner — the entered URL is sent to an external API to check for phishing and malicious content. We do not store checked URLs.

4. How We Use Data

All data is used exclusively for the technical operation of the Service: • Routing incoming messages to the created inbox • Displaying messages to the authorized user (token holder) • Automatic data destruction upon expiration We do not use data for marketing purposes or share it with third parties for profiling.

5. Data Retention

All mailbox data (address, token, messages) is stored in a secure database with automatic TTL (Time To Live). After 5 minutes, data is irreversibly deleted. Secret notes are deleted immediately after the first read or after 24 hours — whichever comes first. Technical logs are retained for no more than 24 hours in aggregated form.

6. Third-Party Data Sharing

We do not sell or share user data with third parties. Exceptions: • Upon request from authorized government agencies in accordance with applicable law • Infrastructure providers (hosting, CDN) as data processors enabling the Service — with appropriate data processing agreements • The breach checker tool uses the public proxynova.com API — only the checked email is transmitted • The URL scanner tool uses an external API to analyze URLs for malicious content Advertising blocks on the site are served by advertising networks (e.g., Google AdSense). These networks may use cookies for contextual advertising per their own privacy policies. We do not share mailbox data with them.

7. Cookies and Trackers

UrusMail does not set analytical cookies and does not use user behavior trackers. The access token and language preferences are stored in the browser's localStorage — this is not a cookie and is not automatically sent to the server with each request. Advertising networks embedded in the Service may set their own cookies per their privacy policies. Users can manage them through browser settings or ad-blocking extensions.

8. User Rights

Under GDPR and applicable privacy laws, you have the right to: • Access information about data related to you • Request deletion of your data (in our case, data is deleted automatically) • Withdraw consent for data processing • File a complaint with a supervisory authority Since we don't identify users, most rights are exercised automatically: your data is destroyed in 5 minutes without any action on your part.

9. Data Security

All connections to the Service are encrypted with TLS 1.3. The database is located in isolated infrastructure with restricted access. Access tokens are generated using a cryptographically secure random number generator. Secret notes are encrypted before storage.

10. Children

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If you become aware that a minor is using the Service, please inform us at admin@urusmail.pro.

11. Policy Changes

We may update this Policy. The current version is always available at urusmail.pro/privacy. For material changes, we will post a notice on the main page.

12. Contact

For privacy inquiries: admin@urusmail.pro