Privacy Policy | Last update: 25/03/2024

Please note all users who login via this website agree and concent to all of the data listed below to be stored.

Data Collection and Storage

We keep as little logs as possible. This means that mostly only the data required for our service to operate is stored.

  • Timestamps are normally hardset by default to a static date, but some services/changes may attach a real stamp to a user
  • Invite codes are stored for old users, this helps with password resets

Measures to Ensure Privacy

The following changes have been put in place to ensure as much privacy as possible:

  • Enabled support for PGP encryption on webmail for less educated users
  • Backend operates on open-source and in-house made software
  • Hosted in Sweden by a privacy oriented hosting company - Privex.io
  • Server software configured to help prevent logging things we don't need to operate

Data Collected by Our Webmail

The following information is collected from our webmail:

  • Contacts (Name, email and first + last name if set) - Required to function
  • Identities (Changed date, organization, email address, reply to, bbc and signature) - Required to function
  • Sessions (Session ID, Date, IP) - Required to function, removed once session is invalid
  • Users (Email, creation date, last login date, failed login date, failed login count, preferences (webmail preferences)) - Required to function

Data Collected by Postfix

The following information is collected by postfix:

< ul class="list-disc pl-4 mb-4">
  • Email (Email, Password, Username, Maildirectory, Quota, Creation date (Normally set to 2000-01-01 00:00:00), last update date, active/enabled)
  • Invites (Invite code, who owned the invite, who used the invite, when it was created, when it was used) - New users do not have this, required for helping with password reset for old users
  • Aliases (Alias owners email, Alias, created at (normally set to 2000-01-01 00:00:00), modified (normally set to 2000-01-01 00:00:00), active/enabled) - Required to function

    • Data Collected by Our Email Handler

    The following information is logged and stored by our email handler:

    • Date of sending/recieving an email (Required for monitoring spam mail)
    • ID of Incoming/Outgoing Email (useless but required for filtering)
    • IP of server that is connecting to our mail deamon (Can be removed but required for antispam)

    Consent and Agreement

    By using this service, you agree to follow our terms.
    At any point, we can revoke access to your email account if you are caught abusing.
    Evil may trade/sell off domains; we guarantee a 2-8 week timeframe for you to transfer your emails onto another domain or service free of charge.
    Once you login, signup, use, or pay for our service, you automatically agree to not abuse or request a refund.

    Account Data Request

    To receive data for your email account, please email legal@evilmail.to.
    Only emails from our domains will be read; it may take up to 7 days to receive data.

    Legal Requests

    Please contact us with a signed subpoena; we will make all lawful requests public in our transparency report unless legally obligated otherwise.
    We may ask for a UK court order to verify the authenticity of the lawful request.
    If you have direct evidence of a user of our service committing a crime that threatens the life of children or acts of terrorism, please forward us the evidence; if it checks out, we will process your request ASAP for the requested data.
    Please note timestamps of users may be unavailable due to the way our service operates; other data like IPs are only accessible if the user has a current session open.
    We are not responsible for all of our users' emails; people can upload and send whatever they want to, and we will disable users for abuse ASAP.
    The following emails are our only Staff/Moderation/Owner emails; any other emails are impersonators:

    • admin@evilmail.to
    • support@evilmail.to
    • legal@evilmail.to
    • abuse@evilmail.to