Privacy Policy

Last updated: May 2026

At GoneBox, privacy isn't just a feature β€” it's our entire reason for existing. This policy explains how we handle your data (spoiler: we barely touch it).

1. Data We Collect

GoneBox is designed to collect as little data as possible. We do not require registration, usernames, passwords, or any personal information to use our service. When you create a temporary inbox, we generate a random email address with no link to your identity. The only data we store is the content of emails received by your temporary inbox, and that data is automatically and permanently deleted when the inbox expires.

2. Email Content Storage

Emails sent to your temporary address are stored temporarily on our servers. Free inboxes expire after 1 hour. Paid plan inboxes expire after up to 24 hours. Once an inbox expires, all associated emails and metadata are permanently and irreversibly deleted from our systems. We do not create backups of expired inbox data. There is no way to recover deleted emails β€” by design.

3. Cookies & Analytics

We use privacy-respecting analytics (no Google Analytics) to understand aggregate usage patterns β€” such as total page views and popular languages. Analytics cookies are only set with your explicit consent via our cookie banner. We do not use tracking pixels, fingerprinting, or cross-site tracking. You can use GoneBox with all cookies disabled and the service will work perfectly.

4. Third-Party Services

We use Cloudflare for CDN, DDoS protection, and email routing. Cloudflare may process your IP address as part of standard web delivery, subject to Cloudflare's privacy policy. We do not sell, share, or transfer your data to any third party for advertising, marketing, or profiling purposes.

5. Data Retention

Free tier: emails are deleted after 1 hour. Paid tiers: emails are deleted after up to 24 hours. API logs are retained for 30 days for abuse prevention, then permanently deleted. We do not retain any personal data beyond these periods because we do not collect personal data in the first place.

6. Your Rights (LGPD & GDPR)

Under the Brazilian General Data Protection Law (LGPD) and the European General Data Protection Regulation (GDPR), you have the right to access, correct, and delete your personal data. However, since GoneBox does not collect personally identifiable information (PII), there is essentially no personal data to access, correct, or delete. If you believe we hold any data about you and wish to exercise your rights, contact us at [email protected].

7. Children's Privacy

GoneBox does not knowingly collect data from children under 13. Since we collect no personal data from any user, this applies equally to all age groups.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related inquiries, contact us at [email protected].