Privacy Policy
Last updated: May 2026. GoyMail is a privacy-focused email service for adults 18 and older. This policy explains what we collect, what we avoid collecting, and how we use the information needed to operate the service. For terms of use, see Terms of Service.
1. Privacy approach
GoyMail is designed to require less identity data than a typical webmail service. Registration does not require KYC, identity documents, legal names, phone numbers, address verification, or an existing email address. Login uses an access token instead of an email address as the login secret. The web app does not run third-party advertising trackers, does not load third-party assets, and renders mail bodies as plaintext rather than remote HTML.
Email is not end-to-end encrypted by default. Messages and metadata must pass through our systems so we can provide mailboxes, IMAP/SMTP access, spam control, abuse handling, and service security.
2. What we collect
Account data: the handle and domain needed to create your email address, password hashes or token hashes, optional security settings, plan information, and preferences needed to operate your mailbox.
Mail data: messages, attachments, headers, folders, delivery metadata, and related mailbox state stored or processed as part of sending, receiving, and displaying email.
Technical data: we minimize operational logs where practical. Routine web-app logs use route patterns instead of full request paths and are not intended to include access tokens, passwords, cookies, request bodies, message bodies, or account identifiers. Mail and security systems may still process IP addresses, timestamps, mail transaction events, rate-limit events, and error information for reliability, abuse prevention, and deliverability. We do not sell this data, use it for advertising, or build account profiles from it. We only intentionally correlate technical data to an account when needed to operate the service, investigate abuse or security incidents, protect deliverability, or respond to lawful requests.
3. How we use information
- To provide mailboxes, account access, support, and optional paid features.
- To secure the service, limit spam, investigate abuse, and protect deliverability.
- To debug outages, improve reliability, and understand aggregate service health.
- To meet legal obligations where applicable, after reviewing whether a request is valid, narrow, and compulsory.
4. Cookies and local storage
The web app uses first-party cookies and local storage for sessions, CSRF protection, and UI preferences such as theme. Clearing browser storage may sign you out or reset preferences.
5. Third parties
We do not run third-party advertising trackers on the core GoyMail web app. External links, wallet providers, mail clients, DNS providers, Telegram, or other sites you choose to use are governed by their own policies once you leave GoyMail.
6. Retention and deletion
We retain account and mail data while your account exists and as needed for backups, security, abuse handling, deliverability, and narrowly scoped legal holds. Some logs and backup remnants may persist for a limited time after deletion as part of ordinary operations.
7. Legal requests
We do not treat informal law-enforcement messages as permission to hand over user data. We require valid, binding, and specific legal process where applicable, and we review requests for jurisdiction, scope, authenticity, and necessity before responding.
We may reject, narrow, challenge, or ask for clarification on requests that are vague, overbroad, unsupported, or not directed through an official channel. Where lawful and practical, we may notify affected users. We cannot provide data we do not retain.
8. Security
We use reasonable technical measures including token hashing, password hashing, session protection, CSRF protection, rate limits, strict security headers, and plaintext mail rendering in the web app. No service is perfectly secure; protect your token, passwords, devices, and mail clients.
9. Adults only
GoyMail is for adults 18 and older. Do not register, use the service, or create an account for someone else unless the user is at least 18 and allowed to use the service under applicable law.
10. Changes to this policy
We may update this page from time to time. The "Last updated" date at the top will change when we do.
11. Contact
Privacy-related questions: use Contact & FAQ.