Privacy Policy

Last updated: June 2025

Privacy by design

Aurelion is built with privacy as a core principle. We collect the minimum data necessary to provide the service, and all data is automatically and permanently deleted after the countdown expires.

1. Information We Collect

Aurelion does not require account registration. We do not collect names, email addresses, passwords, or any personally identifiable information to use the service.

What we do process temporarily:

Email content — Messages received by temporary addresses are stored in Cloudflare KV with an auto-expiring TTL
API keys — Generated for programmatic access, stored in Cloudflare KV

2. Data Storage & Retention

All data is stored in Cloudflare Workers KV, a globally distributed key-value store. Every piece of data — including email addresses, messages, and API keys — has an automatic Time-To-Live (TTL). After expiry, data is permanently and irreversibly deleted from all servers.

We do not maintain backups, logs, or archives of user data.

3. Cookies & Tracking

Aurelion does notuse cookies, analytics trackers, fingerprinting scripts, or any tracking technology. Your inbox state is stored exclusively in your browser's localStorage, which you control.

4. Third-Party Services

We use the following infrastructure:

Cloudflare Workers & KV — Application hosting and data storage (with automatic TTL expiry)

No data is shared with advertising networks, data brokers, or analytics providers.

5. Email Security

All email content rendered in the browser is sanitized using DOMPurify to prevent XSS attacks. HTML emails are displayed in sandboxed iframes with restricted permissions.

6. Your Rights

Since we collect no personal data and all data auto-expires:

There is no personal data to request, modify, or delete
No data portability request is needed — your data is already ephemeral
Clearing your browser's localStorage removes all local state

7. Contact

For privacy inquiries, contact us at privacy@aurelion.web.id.