Privacy Policy

Top Temp Mail — Disposable Inbox

Thank you for using Top Temp Mail (“the App”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application. Please read this policy carefully. By downloading or using the App, you agree to the practices described herein.

This Privacy Policy is fully compliant with Google Play’s Developer Program Policies, the General Data Protection Regulation (GDPR — EU 2016/679), the California Consumer Privacy Act (CCPA/CPRA), the Children’s Online Privacy Protection Act (COPPA), the UK GDPR, and applicable international data protection frameworks.

1. Information We Collect

1.1 Information You Provide

The App is built on a privacy-first design. We do not require you to create an account, provide your real name, personal email address, phone number, or any other personally identifiable information to use the App’s core functionality.

If you upgrade to a Premium subscription, payment and billing information is processed entirely by Google Play. We never collect, see, or store your payment card details.

1.2 Information Collected Automatically

When you use the App, the following technical data may be collected automatically:

•     Device information — device model, operating system version, and unique device identifiers (used exclusively for crash reporting and analytics)

•     App usage data — feature interactions, session duration, and error logs (used to improve app performance and stability)

•     IP address and approximate geographic region — country or city level only; never precise GPS location. Note: IP addresses may constitute pseudonymous personal data under applicable privacy laws and are processed accordingly, retained only for the duration of the service session, then deleted.

•     Temporary email addresses generated within the App — these are not linked to your real name or personal identity, though they may be transiently associated with your device identifier or IP address during the active session solely for service delivery purposes

•     Email content received to your temporary inbox — stored temporarily on our servers solely to display them to you within the App. Email content is processed automatically and is never accessed, read, or monitored by any human, except when strictly required to investigate security incidents or comply with a lawful legal obligation (see Section 4)

•     Firebase Cloud Messaging (FCM) push notification tokens — only collected if you explicitly grant notification permission; used solely to deliver email arrival alerts to your device

•     Android Advertising ID (AAID) — collected only in the free, ad-supported version of the App; used by Google-certified advertising SDKs to serve interest-based advertisements. This data is never collected for Premium subscribers.

1.3 Information We Do NOT Collect

We explicitly do not collect any of the following:

•     Your real name, personal email address, or contact information

•     Precise GPS or fine location data

•     Contacts, photos, camera, or microphone data

•     Biometric data of any kind

•     Financial information, health data, or government-issued IDs

•     SMS messages or call logs

•     Any data from children under the age of 13

2. How We Use Your Information

We use the information we collect for the following specific purposes only:

•     To provide, operate, and maintain the temporary email service

•     To generate, assign, and manage disposable email addresses

•     To receive and display emails and attachments sent to your temporary inbox

•     To send push notifications when new emails arrive (only if you have granted permission)

•     To detect, investigate, and prevent abuse, spam, phishing, and fraudulent use of the service

•     To diagnose technical problems, fix bugs, and improve App stability

•     To analyze aggregate, anonymized usage trends and improve user experience

•     To process and manage Premium subscription features through Google Play

•     To serve interest-based or contextual advertisements in the free version of the App via Google-certified advertising SDKs (e.g., Google AdMob or equivalent certified partners)

•     To comply with applicable legal obligations and respond to lawful legal requests

Important:  We do not use your information to build personal profiles, send unsolicited marketing to your personal email, engage in surveillance of email content, or sell your personal data to any third party for their own commercial purposes.

3. Legal Basis for Processing (GDPR & Applicable Laws)

Where required by applicable law (including GDPR for EEA users), we process your data on the following legal bases:

•     Performance of a contract — to provide the temporary email service you have requested

•     Legitimate interests — to prevent abuse, maintain platform security, improve the App, and protect our users — balanced against your privacy rights

•     Consent — for optional features such as push notifications and interest-based advertising (withdrawable at any time via your device settings)

•     Legal obligation — to comply with applicable laws, court orders, and regulatory requirements

4. Data Retention and Deletion

4.1 Temporary Email Addresses

Disposable email addresses are temporary by design. Each address and all associated emails are automatically and permanently deleted from our servers after a limited period, typically between 1 to 24 hours, depending on activity level. Premium subscribers may have access to extended retention periods as part of their subscription.

4.2 Email Content

Emails and attachments received in your temporary inbox are stored exclusively to deliver them to you within the App. Email content is processed in an automated pipeline only and is never accessed, read, or reviewed by any human at our organization except in the narrow circumstances of a confirmed security incident investigation or a legally mandated disclosure request. Once the retention period expires, all email content is permanently and irreversibly deleted from our systems. We do not archive, analyze for marketing, or share the contents of emails received in your temporary inbox.

4.3 Analytics and Technical Data

Anonymized usage and technical data used for analytics and crash reporting is retained for up to 12 months. This data is fully anonymized and cannot be traced back to any individual user.

4.4 Advertising ID Data

We do not store the Android Advertising ID (AAID) on our own servers. The AAID is passed directly to Google-certified ad network SDKs operating locally within the App. Ad partners retain this data subject to their own privacy policies. You may reset your AAID or opt out of personalized advertising at any time via Settings → Google → Ads on your Android device.

4.5 Push Notification Tokens

Firebase Cloud Messaging tokens used to deliver push notifications are retained only while the App is installed and notification permission is active. They are deleted from Firebase’s servers when you uninstall the App or revoke notification permissions.

5. Sharing of Information

We do not sell, rent, or trade your personal information to any third parties for their own marketing or commercial purposes. We share limited technical data with the following categories of trusted service providers, solely as necessary to operate the App:

•     Cloud hosting and infrastructure providers — to store and deliver email data securely (servers located in the United States, AWS us-east-1 region)

•     Firebase Analytics (Google) — to receive anonymized, aggregated usage reports; data is anonymized before transmission

•     Firebase Crashlytics (Google) — to identify and resolve technical crashes and errors

•     Firebase Cloud Messaging (Google) — to deliver push notifications to your device (if permission is granted)

•     Google-certified advertising partners (e.g., Google AdMob or equivalent certified networks) — to serve advertisements in the free version of the App; only the Android Advertising ID is shared, never your name, email address, or location data

All third-party service providers are bound by data processing agreements requiring them to handle data securely, use it only for the stated purpose, and not disclose it to other parties. We may also disclose data when required by law, court order, or to protect the safety of our users or the public.

6. Advertising

6.1 Free (Ad-Supported) Version

The free version of the App displays advertisements served exclusively through Google-certified advertising SDKs (such as Google AdMob or equivalent certified partners). These SDKs may use the Android Advertising ID (AAID) to serve interest-based or contextual advertisements. We do not share any other personal data (such as email content, name, or precise location) with advertising partners.

You can opt out of interest-based advertising at any time:

•     Settings → Google → Ads → Opt out of Ads Personalization, or

•     Settings → Google → Ads → Reset advertising ID

Opting out replaces personalized ads with contextual ads. Ads are still shown; only personalization is disabled.

6.2 Premium Version (Ad-Free)

Premium subscribers enjoy a completely ad-free experience. No advertising SDKs are initialized or active for Premium users. The Android Advertising ID is never collected or shared for Premium accounts.

6.3 Children’s Advertising — Families Policy Statement

This App is NOT directed at children under the age of 13 and is NOT enrolled in Google Play’s Families Program. The App’s target audience on Google Play is set to “Not designed for children.” No child-directed advertising is served.

Developer Compliance Note:  If the App’s target audience designation is ever updated to include children or a mixed audience in the future, all advertising will unconditionally comply with Google Play’s Families Ads Policy — including exclusive use of Families-certified ad SDKs — before any such change takes effect.

7. Children’s Privacy (COPPA)

This App is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction, which may be higher in certain countries such as 16 in parts of the EU). We do not knowingly collect any personal information from children. The App’s audience designation on the Google Play Store is “Not designed for children.”

If we become aware that we have inadvertently collected personal information from a child under the applicable minimum age, we will take immediate steps to delete that information from our systems within 5 business days. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@toptempmail.com.

8. Data Security

We implement industry-standard technical and organizational security measures to protect all data we handle against unauthorized access, loss, destruction, alteration, or disclosure. Our security measures include:

•     Encryption of all data in transit using TLS 1.2 or higher (Transport Layer Security)

•     Encryption of all data at rest using AES-256 encryption on our servers

•     Role-based access controls limiting data access to authorized personnel only on a need-to-know basis

•     Regular security reviews, penetration testing, and vulnerability assessments

•     Secure coding practices aligned with OWASP Mobile Security Top 10 guidelines

•     Automated deletion pipelines ensuring email data is purged after the retention period expires

Important Limitation:  No method of transmission over the Internet or electronic storage is 100% secure. While we apply strong protections, we cannot guarantee absolute security. Please use this App only for non-sensitive, disposable communications — do not use temporary email addresses to receive sensitive account credentials or financial information.

9. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your information:

•     Right to Access — Request a summary of information we hold in connection with your device

•     Right to Deletion — Request deletion of your data at any time. Note: temporary email data is automatically and permanently deleted within 1–24 hours by design

•     Right to Opt-Out of Advertising — Opt out of interest-based advertising via your Android device settings at any time

•     Right to Withdraw Consent — Revoke push notification permission at any time via Settings → Apps → Top Temp Mail → Notifications

•     Right to Data Portability — Where technically feasible, request your data in a portable, machine-readable format

•     Right to Restrict Processing — Request restriction of processing of your data in circumstances permitted by law

•     Right to Lodge a Complaint — File a complaint with your local data protection authority (e.g., the ICO in the UK, or your national DPA within the EU)

To exercise any of these rights, contact us at support@toptempmail.com with the subject line “Privacy Rights Request.” We will respond within 30 days (or 45 days for CCPA requests where the additional time is required). Because the App does not require account registration, some rights may be limited by the absence of identifying information. For immediate data removal, you may also clear App data directly via Settings → Apps → Top Temp Mail → Clear Data on your device.

10. California Privacy Rights (CCPA / CPRA)

This section applies exclusively to residents of California, USA, and supplements the remainder of this Privacy Policy.

10.1 Categories of Personal Information Collected (Last 12 Months)

•     Identifiers: Device identifiers (for crash reporting), IP address (for service delivery and abuse prevention), Android Advertising ID (free version — advertising only)

•     Internet or other electronic network activity information: App usage data, session data, crash logs

•     Approximate geolocation: Country or city level, inferred from IP address only

•     Inferences: Aggregated, fully anonymized usage patterns — not linked to individuals

10.2 Do Not Sell or Share My Personal Information

We do not sell your personal information for monetary consideration. However, under CPRA definitions, sharing the Android Advertising ID with third-party ad networks for cross-context behavioral advertising may constitute “sharing” of personal information.

To opt out of such sharing:

•     Go to Settings → Google → Ads → Opt out of Ads Personalization on your device, or

•     Reset your Android Advertising ID via Settings → Google → Ads → Reset advertising ID, or

•     Upgrade to the Premium version, which is 100% ad-free and does not share any Advertising ID

To submit a formal CCPA rights request (access, deletion, or opt-out), email us at support@toptempmail.com with the subject line “CCPA Privacy Request.” We respond within 45 days. We will not discriminate against you for exercising your CCPA rights.

11. App Permissions

The App requests only the minimum permissions necessary to deliver its core features. Below is a complete list with justification for each:

•     INTERNET — Required to generate temporary email addresses, receive emails, and communicate with our servers. Without this permission the App cannot function.

•     RECEIVE_BOOT_COMPLETED — Used to restore push notification listeners after the device restarts, ensuring you continue to receive email alerts if you have granted notification permission. This permission does not collect any data.

•     POST_NOTIFICATIONS — Used to send you a notification when a new email arrives in your inbox. This is entirely optional — the App’s core email functionality is unaffected if you deny or revoke this permission.

•     READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE (Android 9 and below only) — Used exclusively when you explicitly tap to save an email attachment to your device storage. This permission is only triggered by a deliberate user action (tapping “Download Attachment”) and is never used to read, scan, or access any other files on your device. Not requested on Android 10 and above, which uses scoped storage.

Permission Principle:  We do not request access to your contacts, camera, microphone, precise location, phone state, or SMS messages. All permissions listed above can be revoked at any time via Settings → Apps → Top Temp Mail → Permissions without affecting core email delivery functionality.

12. International Data Transfers

Our primary servers are located in the United States (Amazon Web Services, us-east-1 region). If you access the App from the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with data protection laws that restrict cross-border data transfers, your information may be transferred to and processed in the United States, which may not have equivalent data protection standards to those in your jurisdiction.

We implement the following legally recognized transfer safeguards:

•     EEA transfers: EU Standard Contractual Clauses (SCCs) adopted under European Commission Decision 2021/914/EU (Module 2: Controller to Processor)

•     UK transfers: UK International Data Transfer Agreement (IDTA), approved by the UK Information Commissioner’s Office

•     Other regions: Equivalent contractual safeguards as required by the applicable local law

Copies of the applicable transfer mechanisms are available upon request by emailing support@toptempmail.com.

13. Contact Us

For any questions, concerns, privacy rights requests, or data inquiries regarding this Privacy Policy, please reach out:

Developer / Data Controller:  Top Temp Mail App

Support Email:  support@toptempmail.com

Response Time:  30 days for general requests | 45 days for CCPA requests

For Google Play–related inquiries, you may also use the “Contact developer” button on our Google Play Store listing.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, App features, or legal requirements. When material changes are made, we will:

•     Update the “Last Updated” date and version number at the top of this policy

•     Display a prominent in-app notice to all users for at least 7 days following a material change

•     For significant changes affecting how we use sensitive data, we will request fresh consent where required by law

Your continued use of the App following any posted changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

15. Google Play Data Safety Disclosure Summary

The following summary is provided in accordance with Google Play’s Data Safety Section requirements. This summary must match the Data Safety form submitted in the Google Play Console.

Developer Action Required:  Ensure your Google Play Console Data Safety form declares all items below under the correct data type categories. A mismatch between this policy and the Console form can result in app rejection or removal.

Data Collected by This App

•     Device or Other IDs — Device identifiers (crash reporting & analytics); Android Advertising ID (advertising — free version only); FCM push notification token (notifications, if permission granted)

•     App Activity — Feature interactions, session duration, error logs (analytics and performance improvement)

•     App Info and Performance — Crash logs and diagnostics

•     Approximate Location — Country/city level, derived from IP address only (service delivery and abuse prevention)

•     Emails — Temporary inbox content (service delivery only; auto-deleted; never shared or analyzed)

Data NOT Collected

•     Name, personal email, phone number, or any contact information

•     Precise GPS or fine location data

•     Contacts, photos, camera, or microphone data

•     Financial data, health data, or government IDs

•     Biometric data

Data Sharing

•     Anonymized analytics data — shared with Firebase Analytics (Google)

•     Crash data — shared with Firebase Crashlytics (Google)

•     Push notification token — shared with Firebase Cloud Messaging (Google), if permission granted

•     Android Advertising ID — shared with Google-certified ad network SDKs (free version only)

•     No personal data sold to any third party

Security and Deletion Practices

•     All data encrypted in transit: TLS 1.2+

•     All data encrypted at rest: AES-256

•     Email data permanently auto-deleted after 1–24 hours

•     Analytics data retained up to 12 months in fully anonymized form

•     Users may request manual deletion at any time: support@toptempmail.com

•     App follows secure coding practices and undergoes regular security reviews