Privacy Policy

Last updated: March 2026

What we collect

When you create an account, we collect your email address and store a hashed version of your API key. We do not store your API key in plain text.

Email content

Emails sent to or from OneShotMail addresses are stored temporarily in encrypted S3 storage for the duration of the address TTL. When the address expires, the email content is permanently deleted. We do not read, analyse, or share email content.

Logging

We log API request metadata (timestamps, endpoints, status codes, response times) for operational monitoring. We never log email content, subject lines, or attachment data.

Payment

Payment processing is handled entirely by Stripe. We do not store credit card numbers or payment details on our infrastructure.

Data retention

Email data is retained only for the lifetime of the address (determined by the TTL you set). Account data is retained while your account is active. You can request account deletion by contacting hello@oneshotemail.com.

Third parties

We use AWS (hosting and email infrastructure) and Stripe (payments). We do not sell or share your data with any other third parties.

Contact

Questions? Email hello@oneshotemail.com.