Privacy Policy
Last updated: March 30, 2026
1. Introduction
NoTemp.email (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website, API, and related services (the “Service”).
NoTemp.email is operated from Israel and is subject to the Israeli Privacy Protection Law, 5741-1981, as well as the EU General Data Protection Regulation (GDPR) where applicable.
2. Information We Collect
2.1 Account Information
When you create an account, we collect your email address and a hashed version of your password. This information is required to provide you with access to the Service.
2.2 Billing Information
If you subscribe to a paid plan, payment information is collected and processed by our payment processor, Lemon Squeezy. We do not store your full credit card number, CVC, or other sensitive payment details on our servers. We may receive and store a truncated card number, expiration date, and billing address from Lemon Squeezy for record-keeping.
2.3 API Usage Data
We log metadata about API requests (timestamps, response codes, request counts) for analytics and billing purposes. Email addresses submitted to the API for checking are processed transiently and are not stored beyond the duration of the request.
2.4 Automatically Collected Data
When you visit our website, we may automatically collect technical information including your IP address, browser type and version, operating system, referring URL, pages visited, and timestamps. This data is used for security, analytics, and improving the Service.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Authenticate your identity and manage your account
- Process billing and payments
- Monitor API usage and enforce rate limits
- Send transactional communications (account verification, billing receipts, security alerts)
- Detect and prevent fraud, abuse, and security threats
- Comply with legal obligations
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
- Contract performance: Processing necessary to provide the Service you signed up for
- Legitimate interest: Analytics, security monitoring, and fraud prevention
- Legal obligation: Compliance with applicable laws and regulations
- Consent: Where required, such as for optional marketing communications
5. Data Sharing & Third Parties
We do not sell your personal information. We may share data with the following categories of third parties:
5.1 Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, API Gateway, Cognito (authentication), DynamoDB (database) | US East (N. Virginia), EU (Frankfurt) |
| Lemon Squeezy (Lemon Squeezy, LLC) | Payment processing, subscription billing | United States |
| AWS Amplify | Website hosting and deployment | US East (N. Virginia) |
5.2 Other Disclosures
We may also share data with law enforcement when required by law, court order, or governmental regulation.
All third-party processors are contractually bound to process personal data only on our instructions and in compliance with applicable data protection laws. For more detail, see our Data Processing Addendum.
6. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including Israel and the United States (where AWS infrastructure is located). Israel has been recognized by the European Commission as providing an adequate level of data protection. For transfers to other countries, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).
7. Data Retention
We retain your account information for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain data for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements.
API usage logs are retained for up to 90 days for analytics and billing purposes, after which they are aggregated and anonymized.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data
- Restriction: Request that we restrict processing of your data
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interest
- Withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at support@notemp.email. We will respond within 30 days, or within the timeframe required by applicable law.
9. Children’s Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.
10. Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), secure password hashing, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. For details, see our Security Policy.
11. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- Provide details of the breach, including the nature of the data affected, likely consequences, and measures taken to mitigate the impact
- Document all breaches and remedial actions in our internal breach register
12. Cookies
Our use of cookies is described in our Cookie Policy.
13. Your Rights for California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it
- Right to Delete: You may request the deletion of your personal information, subject to certain exceptions
- Right to Opt-Out: We do not sell personal information. If this changes, you will have the right to opt out
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights
To exercise your CCPA rights, contact us at support@notemp.email. We will verify your identity before processing your request and respond within 45 days.
In the preceding 12 months, we have collected the following categories of personal information: identifiers (email address), commercial information (subscription and billing records), and Internet activity information (API usage logs, IP addresses).
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will notify you via email or through the Service.
15. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at support@notemp.email.
If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.