GhostmailsGhostmails

Legal

Privacy Policy

Last updated: April 2026

1. Introduction

Ghostmails is a free temporary email service operated from France. We are committed to protecting the privacy of our users. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the GDPR and other applicable laws.

2. Data controller

The data controller for the purposes of the GDPR is:

Ghostmails

Location: France

Contact: privacy@ghostmails.cc

3. What data we collect

Ghostmails is designed with privacy at its core. We do not collect names, phone numbers, permanent email addresses, passwords, or payment information.

Data collected automatically:

DataPurposeRetention
IP addressAbuse prevention, rate limiting48 hours max
Session cookieLinking browser to inbox30 days
Temporary addressCore serviceUntil expiration
Received emailsCore serviceUntil address expiration

Our advertising partners (Adsterra, PropellerAds) may collect IP address, browser info, and device identifiers. This is governed by their own privacy policies and requires your consent via our cookie banner.

4. How we use your data

  • Providing the Service — generating and managing temporary email addresses.
  • Abuse prevention — rate limiting and spam protection.
  • Service improvement — aggregated, anonymized usage patterns only.
  • Advertising — third-party ads (with your consent for tracking cookies).
  • Legal compliance — responding to lawful requests when required by law.

We do not sell or share your personal data for third-party marketing.

5. Cookies

One essential cookie is used:

CookiePurposeDuration
gm_sessionLinks browser to inbox30 days

Advertising cookies are only placed after you give consent via our cookie banner. You can withdraw consent at any time from the cookie settings in the footer. Analytics, if used, are privacy-friendly (no cookies, no personal data).

6. Data retention

DataRetention
Temporary email address & emailsUntil expiration, then permanently deleted
IP address logsMaximum 48 hours
Session cookies30 days

7. Data sharing

  • Cloudflare — infrastructure, CDN, email routing (data processor on our behalf).
  • Advertising partners — only with your consent (see section 3).
  • Law enforcement — only when required by a valid legal order under French or EU law.

Data is not transferred outside the EEA without adequate safeguards (SCCs).

8. Your rights under the GDPR

As an EU/EEA user, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion (note: data is auto-deleted on expiration).
  • Restriction — request limited processing.
  • Portability — request data in a machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — for advertising cookies, via cookie settings.
  • Lodge a complaint — with the CNIL (cnil.fr).

To exercise your rights: privacy@ghostmails.cc. We respond within 30 days.

9. Security

We implement TLS/HTTPS encryption, automatic expiry deletion, rate limiting, minimal data collection by design, and Cloudflare-backed DDoS protection. However, no system is 100% secure.

10. Children's privacy

Ghostmails is not directed at children under 16. If we become aware of data collected from a child under 16 without parental consent, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced through the Service before taking effect.

12. Contact

Questions or requests: privacy@ghostmails.cc

Supervisory authority: CNILcnil.fr

← Back to inboxTerms of Service