Live, public, verifiable

Privacy, by the numbers

What we count, what we keep, and what gets deleted on schedule. No accounts, no names, no individual data — just the totals.

Last 30 days

2
Anonymous kits generated
0
Messages received
2
Burner links created

Refreshes automatically every 30 seconds. Server-rendered initial values.

What we collect

The short version. Full details in the privacy policy.

What we keep

  • Email address + received messages — for the lifetime of the inbox (max 45 min free, longer on Premium). Auto-deleted at expiry.
  • SMS messages to public phone numbers — for 24 hours after receipt, then auto-deleted.
  • Burner message payloads — encrypted (AES-256-GCM) at rest, deleted the first time the link is opened, or at expiry (1h / 24h / 7d), whichever comes first.
  • Per-IP rate-limit counter — a binary hash of your IP, used to prevent abuse. Auto-deleted after 2 hours.

What we don't keep

  • No accounts. No email, no username, no password. You don't sign up to use PrivySuite.
  • No tracking cookies. Nothing follows you across the web. localStorage is used only to remember your active inbox across refreshes.
  • No message content logging. Mail passes through our server to be delivered to your temp inbox, but we don't index, read, or analyze it.
  • No third-party analytics. No Google Analytics, no Facebook Pixel, no Mixpanel, no Hotjar. The only thing we know about you is what you explicitly create.

Data retention

Every data type has a hard expiration. A cron job runs every 5 minutes and purges what's past its time.

Data type Lifetime Trigger for deletion
Temporary email inbox 45 min (free) / longer (Premium) expires_at column past UTC_TIMESTAMP()
SMS messages 24 hours received_at < NOW - 24h
Burner payloads (encrypted) 1h / 24h / 7d (your choice) First open OR expires_at past — whichever first
Rate-limit log 2 hours created_at < NOW - 2h

The cleanup job is in cleanup.php and runs every 5 minutes via cron. Source is open — read it yourself.

How we protect what's stored

AES-256-GCM at rest

Burner payloads are encrypted before they touch the database. A database dump is useless without the key, which lives in a separate file the web server cannot read.

Cryptographic randomness

Email local parts and burner codes use PHP's random_int, not mt_rand or Math.random. Unguessable.

Prepared statements only

Every database query uses PDO prepared statements. No SQL injection surface, no string concatenation, anywhere.

Try it. Verify it yourself.

Generate an inbox, send it a message, watch it appear. Close the tab. 45 minutes later it's gone — and so is the inbox.

Get My Anonymous Kit