Privacy Policy

Effective date: April 6, 2026

EmailAlias is a product of LLMView IT Services ("we," "us," or "our"), operated at emailalias.io. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email alias and forwarding service. By using EmailAlias, you consent to the data practices described in this policy.

1. Information We Collect

We collect information that you provide directly and information generated through your use of the service:

  • Account information: Your email address when you create an account. We use passwordless authentication (magic links) — no passwords are stored.
  • Usage data: Information about how you interact with the service, including alias creation, forwarding activity, domain verification, and feature usage.
  • Email metadata: Sender addresses, recipient addresses, timestamps, and subject lines associated with emails processed through your aliases. We do not collect or store the content (body) of your emails.
  • Device and browser data: IP address, browser type, operating system, and referring URLs for security and analytics purposes.
  • Payment information: If you subscribe to a paid plan, payment details are collected and processed by Stripe, our third-party payment processor. We store only the last 4 digits and brand of your card for display purposes. We never store your full card number.
  • API keys: If you generate API keys, we store a cryptographic hash of the key. The raw key is shown only once at creation and cannot be retrieved.

2. How We Use Your Information

  • To provide, operate, and maintain the EmailAlias service, including alias generation, email forwarding, and spam filtering.
  • To forward emails from your aliases to your designated inbox securely and reliably.
  • To detect and alert you to potential data exposures or breaches involving your aliases (Exposure Intelligence).
  • To filter spam, malware, and malicious content before forwarding emails to your inbox using SpamAssassin and our content filtering engine.
  • To remove tracking pixels, UTM parameters, and other tracking mechanisms from forwarded emails to protect your privacy.
  • To process payments, manage your subscription, and provide email credit purchase functionality via Stripe.
  • To communicate with you about service updates, trial expiration reminders, security alerts, and support requests.
  • To prevent fraud, abuse, and unauthorized access through rate limiting, bounce tracking, and suspicious behavior detection.

3. Zero-Knowledge Architecture

EmailAlias operates on a zero-knowledge privacy model:

  • We never read, analyze, or store the content (body or attachments) of emails forwarded through our service.
  • Emails are processed in real-time through encrypted channels and are not stored after successful delivery.
  • We retain only email metadata (sender, recipient, timestamp, subject line, delivery status) for your analytics dashboard and troubleshooting.
  • Tracking pixels and UTM parameters are stripped from forwarded emails before delivery to prevent third parties from tracking you.

4. Data Storage and Security

Your data is stored in encrypted MySQL databases hosted on secure infrastructure. We employ industry-standard security measures, including:

  • AES-256 encryption at rest and TLS 1.3 encryption in transit.
  • SPF, DKIM, and DMARC authentication on all domains.
  • Custom MAIL FROM domains to prevent spoofing.
  • API keys hashed using SHA-256 before storage.
  • Rate limiting and abuse detection on all endpoints.
  • SpamAssassin inbound filtering before email forwarding.
  • Bounce blacklisting and complaint auto-blocking.
  • Emergency kill switch for immediate outbound email suspension.

5. Third-Party Services

  • Amazon Web Services (AWS SES): For sending and receiving emails. Subject to AWS Privacy Policy.
  • Stripe: For processing subscription payments and email credit purchases. Subject to Stripe Privacy Policy.
  • Redis: For caching, rate limiting, and real-time abuse detection. Data stored in Redis is ephemeral and automatically expires.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

6. Data Retention

  • Account data: Retained for as long as your account is active. When you delete your account, all personal data including aliases, domains, email logs, API keys, and subscription data is permanently deleted immediately via cascading deletion.
  • Email metadata logs: Retained for 90 days and then automatically deleted by our cleanup system.
  • Bounce blacklist: Bounced recipient addresses are retained indefinitely to prevent future delivery failures and protect sender reputation.
  • Rate limiting data: Stored in Redis with automatic expiration (24 hours for daily counters, 2 minutes for per-minute counters).

7. Your Rights

Depending on your jurisdiction (including GDPR and CCPA), you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Deletion: Delete your account and all associated data from Settings → Delete Account.
  • Portability: Export your alias and account data in a machine-readable format.
  • Correction: Update your email address from Settings.
  • Opt-out: Disable any alias to stop receiving forwarded emails. Unsubscribe from service communications via the link in every email.

To exercise any of these rights, contact us at privacy@emailalias.io.

8. Cookies

EmailAlias uses minimal cookies and browser storage:

  • Authentication tokens stored in localStorage to keep you signed in.
  • No tracking cookies, third-party advertising cookies, or analytics cookies are used.
  • No data is shared with advertising networks or data brokers.

9. Children's Privacy

EmailAlias is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your data may be processed and stored on servers located in the United States (AWS us-west-2 region). By using our service, you consent to the transfer of your data to the United States. We ensure appropriate safeguards are in place for international data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the effective date at the top of this page and by sending an email notification. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us: