Privacy Policy

Last updated: April 16, 2026

1. Introduction

MailFlusher ("we", "our", "us") is an email forwarding service operated from Sweden, within the European Union. We are committed to protecting your privacy and handling your personal data in accordance with the EU General Data Protection Regulation (GDPR).

This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding your personal data.

2. Data We Collect

Account Information

  • Username (chosen by you)
  • Email address (your real email, used as the forwarding destination)
  • Password (stored as a one-way hash, never in plain text)
  • Google account ID (if you sign in with Google)

Email Data

  • Email aliases you create
  • Aggregate statistics (number of emails forwarded, blocked, replied, sent)
  • Monthly bandwidth usage

We do not store the content of forwarded emails. Emails are processed in memory and forwarded immediately to your recipient address. The only exception is if you have enabled the "Store Failed Deliveries" option, in which case failed emails may be temporarily stored so you can retry delivery.

Encryption Keys

If you choose to add a GPG/OpenPGP public key, it is stored so we can encrypt forwarded emails before delivery. We never have access to your private key.

Server Logs

Standard server access logs (IP address, timestamp, request URL) are kept for security and debugging purposes and are automatically rotated and deleted.

3. How We Use Your Data

We use your data solely to:

  • Provide the email forwarding service
  • Authenticate you when you log in
  • Send you service-related notifications (e.g. email verification, bandwidth warnings)
  • Prevent abuse of the service (rate limiting, spam filtering)

We do not:

  • Sell your data to third parties
  • Use your data for advertising
  • Track you across websites
  • Use analytics or tracking scripts on our website
  • Share your data with third parties except as required by law

4. Data Storage & Security

All data is stored on servers located in Sweden, European Union. Your data never leaves the EU.

We use industry-standard security measures including:

  • TLS encryption for all connections
  • Encrypted database fields for sensitive data
  • DKIM, SPF, and DMARC for email authentication
  • Bcrypt password hashing

5. Third-Party Services

We use the following third-party services:

We do not use any analytics, advertising, or tracking services.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access — You can view all your data in your account settings
  • Right to rectification — You can update your email address and account details at any time
  • Right to erasure — You can delete your account and all associated data from the account settings page
  • Right to data portability — You can export your aliases from the account data settings page
  • Right to restrict processing — You can deactivate aliases to stop forwarding
  • Right to object — Contact us if you wish to object to any data processing

7. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • All recipients are permanently deleted
  • All aliases on custom domains are permanently deleted
  • Aliases on shared domains are anonymized and soft-deleted to prevent reuse
  • Your username is encrypted and stored to prevent re-registration
  • All other account data is permanently deleted

8. Cookies

We use only essential cookies required for the service to function (session cookies for authentication). We do not use any tracking cookies, advertising cookies, or third-party cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

10. Contact

If you have any questions about this Privacy Policy or your personal data, please contact us at our contact page.