Privacy policy.
Last updated: 2026-06-18. Effective: 2026-06-18.
This policy describes what Maski collects, why we collect it, how we
protect it, and what you can do with it. It applies to maski.dev,
the Maski API, and any branded alias domain we operate
(e.g. alias4me.in).
What we collect
Account data. The email address you sign up with, an optional secondary email for recovery, an optional password (Argon2id-hashed), your active sessions, and your plan state. If you set up paid billing, we also store the customer and subscription identifiers issued by our payment processor — never your card details.
Alias data. The aliases you create, the destination address each alias forwards to, and per-sender rules you configure (forward, block, or hold).
Message metadata. For every inbound message that hits one of your aliases, we record sender, recipient alias, timestamp, size, content-type summary, and delivery status (forwarded, held, dropped, bounced). This is what lets us bill, surface activity in your dashboard, and stop forwarding when a destination starts hard-bouncing.
Message contents. Subjects, bodies, and attachments. We hold them only as long as we need to forward them, plus any inbox-hold window you've configured for a specific sender.
Operational logs. Web request logs, SMTP connection logs, and error reports. These are scrubbed of email addresses, message contents, and credentials before they're written.
What we do not collect
We do not place tracking cookies on maski.dev. We do not embed
third-party analytics scripts. We do not run advertising trackers. We
do not buy or enrich identity data from third parties.
How we protect your data
Encryption at rest. Sensitive fields are encrypted with AES-256-GCM before they're written to the database. That covers your login email, secondary email, alias destinations, sender contact addresses, and message subject + body + attachments. The encryption keys are stored on the server, separate from the database.
Blind-index lookups. For fields we need to look up (your login email, an alias destination, a sender contact), we store a one-way HMAC-SHA-256 fingerprint alongside the ciphertext. Lookups happen against the fingerprint. An attacker with read access to a database dump cannot enumerate or reverse the encrypted values.
Encryption in transit. All web traffic uses TLS. WebSocket connections use WSS. The database connection enforces TLS. Inbound SMTP advertises STARTTLS to senders that support it.
Disk encryption. The production database volume runs on LUKS full-disk encryption.
Log discipline. Our logger filters strip email addresses, message contents, API keys, and session tokens. We do not log the bodies of the messages we forward.
Operator access. No Maski operator has standing access to your message contents in plaintext. Database access is restricted, audited, and time-bound. We're building a formal audit log table to record admin actions before we hit a thousand users; in the meantime, all admin access is logged at the OS level.
Who we share it with
We share data only with the sub-processors required to run the service. We do not sell your data, share it for advertising, or analyze message contents for training, ads, or insights of any kind.
| Sub-processor | What they receive | Purpose |
| --- | --- | --- |
| Amazon Web Services | Encrypted application and database data at rest, the outbound forwards we send plus their envelope metadata, and encrypted backups and exports | Hosting (EC2), email delivery (SES), and backup storage (S3) — all in the ap-south-1 (Mumbai) region |
| Dodo Payments | Your billing email, plan, and subscription state | Merchant of Record — handles tax, invoicing, refunds, and chargebacks |
If we add or remove a sub-processor, we update this list and date the change in the "Last updated" line above. Material changes also go out by email.
How long we keep it
Aliases you delete enter a 30-day grace period during which mail to them is silently dropped. After the grace window, the alias is permanently retired — neither you nor anyone else can re-claim it. This protects the next person who might otherwise inherit residual mail.
Held messages sit in your inbox-hold area only as long as the configured TTL (default 7 days). After that, they're deleted.
Anonymous-mode forwards are held for the brief configurable window (default 5 minutes), forwarded, and discarded. They are not retained afterwards.
Your account. When you delete your account, deletion is immediate. The cascade removes every row that belongs to you — aliases, contacts, sender rules, held mail, sessions, recovery codes, audit entries, and billing references. There is no "we'll process this within 30 days" delay. Aliases you've previously retired stay retired.
Operational logs. Retained 30 days, then rotated out. PII is already filtered before write.
Your rights
Export. From the Account page, you can export everything we hold for you as JSON. Available on every plan, including free, including during a trial.
Correction. Update your login email, secondary email, and alias destinations from your account at any time.
Deletion. Delete your account from the Account page. Immediate. Cascading. No retention.
Objection and restriction. You can pause an alias instantly to stop new mail. You can block any sender. You can opt your account out of the pilot promotion grant.
Complaints. If you believe we've handled your data improperly, you can write to hey@maski.dev. If you're in a jurisdiction with a data protection authority, you may also complain to that authority directly. Maski's status is that of a data controller for the data described in this policy.
Children
Maski is not directed at children under 13, and we do not knowingly collect data from anyone under 13. If you are under the age of majority in your country, you may use Maski only with the consent and supervision of a parent or legal guardian. If you believe a child has signed up without that consent, write to hey@maski.dev and we'll remove the account.
International transfers
Maski's primary infrastructure — application, database, outbound
email, and backups — runs in Amazon Web Services' ap-south-1
(Mumbai) region, in India. Our payment processor, Dodo Payments,
operates globally for payment, tax, and fraud processing. If you use
Maski from outside India, your data is processed in India and, for
payments, may be processed in other regions.
Changes to this policy
We update this policy when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes (adding a sub-processor, changing what we collect, changing retention windows) go out by email to your account address before they take effect.
Contact
For privacy questions, complaints, sub-processor questions, or security disclosures: hey@maski.dev.