Sponsored Proton Mail — Secure Email for Life — Get yourself a permanent secure email with end-to-end encryption and Swiss privacy protection.
Back to knowledge base

How We Built Tempy.email with Privacy-First Design

Most email services store your messages in databases, index them for search, keep backups, and retain them indefinitely.

We do the opposite: Everything lives in memory. When your timer expires, data is gone.

The Privacy Problem with Traditional Email

When you use Gmail, Outlook, or any traditional email service:

  1. Emails stored on disk → Can be subpoenaed, breached, or sold
  2. Indexed for search → Creates metadata about your communications
  3. Backed up → Multiple copies exist, increasing exposure
  4. Retained indefinitely → Your 10-year-old emails still exist
  5. Scanned for ads → Content analyzed to target advertising
  6. Logs kept → IP addresses, timestamps, access patterns tracked

You never truly delete anything.

Even if you hit "delete," the data might exist in:

  • Backup tapes
  • Search indexes
  • Server logs
  • Compliance archives
  • Legal hold systems

Our Approach: Memory-Only Architecture

tempy.email is built on one principle: If it's not in RAM, it doesn't exist.

Traditional Email:
User → Web Server → Database → Disk → Backups → Archives
(Data lives forever)

tempy.email:
User → Web Server → Redis (RAM only) → Expires → Gone
(Data lives 10 minutes)

No Persistent Storage

What we DON'T have:

  • ❌ No PostgreSQL, MySQL, or any disk-based database
  • ❌ No file storage (S3, disk, NAS)
  • ❌ No backups
  • ❌ No archives
  • ❌ No logs of email content
  • ❌ No "soft deletes" (marking as deleted but keeping data)

What we DO have:

  • ✅ Redis (in-memory key-value store)
  • ✅ TTL (Time-To-Live) on every key
  • ✅ Automatic expiration

How Email Storage Works

When an email arrives:

// Store email in Redis with TTL
await redis.set(
  `mailbox:${address}:emails`,
  JSON.stringify(email),
  'EX', 600  // Expires in 600 seconds (10 min)
);

After 10 minutes:

  • Redis automatically deletes the key
  • Memory is freed
  • Data is completely gone (not marked as deleted, actually gone)

There's no "recovery" process because there's nothing to recover from.

What About Server Logs?

We minimize logging:

Traditional server logs:

2026-02-12 10:15:23 User [email protected] logged in from 203.0.113.5
2026-02-12 10:15:45 [email protected] opened email "Password Reset"
2026-02-12 10:16:12 [email protected] deleted 3 emails

tempy.email logs:

2026-02-12 10:15:23 Mailbox created (no email address logged)
2026-02-12 10:15:45 Email received (no content logged)
2026-02-12 10:25:23 Mailbox expired

We log events, not identifiable data.

Privacy Features

1. No User Accounts

You can't create an account even if you wanted to:

  • No sign-up form
  • No passwords
  • No "My Account" page
  • No user database

Why: Accounts create identity. We don't want to know who you are.

2. No Tracking or Analytics

Many "privacy-first" services still use:

  • Google Analytics
  • Facebook Pixel
  • Mixpanel
  • Hotjar

We use: None of the above.

We track only:

  • Total mailboxes created (counter)
  • Total emails processed (counter)

We don't track:

  • Who created them
  • When they were created
  • What IP they came from
  • What browser was used

3. No Email Content Scanning

We never analyze email content for:

  • Advertising
  • Machine learning training
  • Pattern detection
  • Content classification

Emails pass through our system unread by humans or algorithms.

4. No IP Logging

We don't log:

  • Your IP address
  • Your geolocation
  • Your ISP
  • Your device fingerprint

Why: Even "anonymized" IP logs can often be de-anonymized through correlation attacks.

5. No Third-Party Services

We don't use:

  • CDNs that track (Cloudflare in privacy mode only)
  • Analytics platforms
  • Ad networks
  • Social media widgets
  • Third-party fonts (Google Fonts served locally)

Why: Every third-party service is a potential data leak.

Technical Implementation

Redis Configuration

// All keys have TTL by default
const DEFAULT_TTL = 600; // 10 minutes

// Mailbox key
await redis.setex(
  `mailbox:${address}`,
  DEFAULT_TTL,
  JSON.stringify({ created: Date.now() })
);

// Email key
await redis.rpush(`mailbox:${address}:emails`, emailJson);
await redis.expire(`mailbox:${address}:emails`, DEFAULT_TTL);

Automatic Cleanup

Redis handles expiration automatically:

T+0: Email arrives → Stored in Redis
T+600s: TTL expires → Redis deletes key → Memory freed

No cron jobs. No manual cleanup. No "soft deletes."

Email Sanitization

Before storing emails, we sanitize HTML to prevent:

  • XSS attacks
  • Tracking pixels
  • Malicious scripts
  • Privacy leaks
var sanitizer = new HtmlSanitizer();
sanitizer.AllowedTags = ["p", "a", "b", "i", "ul", "ol", "li"];
// No <img>, no <script>, no tracking
var cleanHtml = sanitizer.Sanitize(rawHtml);

What We Can't Access

Even if we wanted to (we don't), we physically cannot:

  1. Recover deleted emails → No backups exist
  2. See historical data → TTL deletes everything
  3. Track user behavior → No logs to analyze
  4. Identify users → No accounts, no IPs logged
  5. Comply with data requests → No data to hand over

This isn't a policy decision. It's architectural.

Trade-offs We Accept

Privacy-first design means accepting limitations:

We CAN'T offer:

  • ❌ Email search (no indexing)
  • ❌ Long-term storage (10 min default)
  • ❌ Email recovery (once expired, it's gone)
  • ❌ User accounts (can't "save" mailboxes)
  • ❌ Email forwarding to your real inbox

We CAN offer:

  • ✅ Complete privacy
  • ✅ Zero tracking
  • ✅ Instant deletion
  • ✅ No data breach risk (there's no data to breach)
  • ✅ Peace of mind

Comparison with "Privacy-Focused" Email

Feature ProtonMail Tutanota tempy.email
Encryption ✅ E2E ✅ E2E ⚠️ In transit only
Permanent storage ✅ Yes ✅ Yes ❌ No (10 min TTL)
User accounts ✅ Yes ✅ Yes ❌ No accounts
Data subpoena risk ⚠️ Encrypted data exists ⚠️ Encrypted data exists ✅ No data to subpoena
IP logging ⚠️ Optional ⚠️ Optional ❌ Never
Use case Permanent private email Permanent private email Throwaway/testing

ProtonMail and Tutanota are excellent for permanent private email.

tempy.email is for disposable use where you don't want data to exist at all.

The Bottom Line

Most services say: "We won't look at your data"
We say: "We can't look at your data (it doesn't exist long enough)"

Most services say: "We'll delete it if you ask"
We say: "It auto-deletes in 10 minutes whether you ask or not"

Most services say: "We're privacy-focused"
We say: "Privacy is our architecture"

This is privacy by design, not privacy by policy.

Try it: Generate a temp address and see for yourself. In 10 minutes, that email will be gone forever. Not "archived." Not "deleted." Gone.

Updated February 12, 2026