Privacy Policy

Unlike traditional email service providers, simpleemailapi.dev is designed to be a pass-through security layer. We do not store the content of your emails or your recipient databases. Our infrastructure is built to process, scan, and deliver—not to archive.

When you use our API to send an email, we process the following:

• Email Metadata: We temporarily process sender and recipient addresses to facilitate delivery and handle bounces/complaints via AWS SES.
• Content Scanning: For the safety of the platform and the recipient, we scan email bodies and attachments.
• Links: We check URLs against real-time blacklists to prevent phishing.
• Attachments: We scan files for malicious signatures and prohibited file types.
• Ephemeral Processing: Once the security scan is complete and the email is handed off to the delivery network, the email content is purged from our active memory.

We only store the minimum data necessary to operate the service:

• Account Data: Your email address, API keys, and usage metadata (counters for billing and rate limiting).
• Suppression Data: We maintain a list of hashed email addresses that have unsubscribed or complained. This is required to ensure we do not contact them again in violation of anti-spam laws.
• Security Logs: We log metadata about blocked attempts (e.g., if an email was rejected because it contained a virus) to help improve our security filters.

We do not sell, rent, or trade your data. To deliver your emails, we share the necessary data with:

• Amazon Web Services (AWS): Our infrastructure provider and delivery engine.
• Security Databases: We may check URLs/Hashes against third-party security databases to identify known threats.

• Email Content: Deleted immediately after processing and delivery.
• Analytics: We store aggregate data (e.g., "Total emails sent in January") for billing purposes.
• Suppression Lists: Retained indefinitely to honor unsubscribe requests.

As a developer, you have full control over your account. You may delete your API key or account at any time, which will remove all associated account metadata from our systems.