About
Who are we?
PrivoMail was built by Roel, a Dutch digital forensic investigator who has been interested in reclaiming online privacy for years: running Linux, self-hosting email, and de-Googling his phone.
The motivation for PrivoMail grew from realising that metadata is often more revealing than content. Who communicates with whom, when, and how often tells its own story. The Snowden leaks showed that mass collection of internet traffic was not theoretical. Even if you are not interesting today, you might be tomorrow.
If wholesale surveillance feels abstract, consider the commercial angle: personal data from websites is routinely sold for advertising purposes. Email addresses are a key identifier in those pipelines. An alias breaks that link.
Privacy
We believe in collecting as little user data as possible so that even in the event of a breach or legal compulsion, there is little to expose. We store your email address, a password hash, your plan tier, and billing references — nothing more.
Mail forwarded through PrivoMail is never written to disk. It passes through memory only.
Frontend
The frontend is plain HTML, CSS, and JavaScript — served directly from our own server. No Google Fonts, no CDN scripts, no analytics, no tracking pixels. JavaScript is used only to make the account page functional.
Cookies
We use one cookie: a session token to keep you logged in. It is HttpOnly, Secure, and SameSite=Lax. We do not set tracking cookies. Our payment processor Stripe does set its own cookies on payment pages — use a privacy browser or tracker blocker if that concerns you.
Backend
Hosting
Our servers are hosted by Contabo, a German hosting company founded in 2003. German law and the GDPR apply.
Mail server
Postfix handles forwarding via its virtual alias feature. The alias lookup is a live MySQL query — there is no map file, no intermediate storage. Email exists in RAM only, for the duration of the relay.
Web server
The backend is Node.js behind Nginx. Everything — registration, login, alias management, payment — is implemented without OAuth or other third-party authentication systems. The only external service with significant data access is Stripe.
Payment processing
We use Stripe. We currently share your account email address with Stripe. We are working on an option to use a PrivoMail alias as the billing email, which would remove even that link. We plan to add Bitcoin and Monero payment options.
Database
We use MariaDB. It stores:
- User account information: email, password hash, subscription status
- Email aliases: address, forwarding target, enabled status
- Operational logs: errors and warnings, retained for 30 days
Logging
We log the minimum necessary. We do not log successful logins or other successful operations. We do not log user IP addresses in normal operation — only if a security threshold is tripped (e.g. rate limiting). Error logs may include an account ID for troubleshooting. All logs are deleted after 30 days.