tenmin.app
Legal

Privacy policy

Last updated · 2026-05-16

This page describes what tenmin.app does and does not collect, store, share, or sell. It is written in plain English rather than the usual three-paragraph legalese so you can actually read it. Where we use a defined term ("we", "the service", "your inbox"), it means the same thing the rest of the site uses it to mean.

One-line version

We don't have accounts, so there is no profile to leak. We don't store mail beyond the 10-minute display window. The only third-party services that see anything are Cloudflare (who delivers the mail and runs the site) and, optionally, Google AdSense and Google Analytics (which are off when this notice is being shown).

What we collect

From you directly: nothing. There is no signup, no login, no profile, no preference store, no "remember this device" toggle, and no support form that asks for your name. The site does not set any first-party cookies of its own. Anything we could write into localStorage would expire with the tab anyway, so we don't bother.

From your interaction with the inbox tool itself, we briefly hold:

  • The inbox ID you generated (six hexadecimal characters, randomly chosen by your browser and never sent to us until a sender uses it).
  • Messages delivered to that inbox, including standard headers (From, Subject, Received, MIME structure), the rendered HTML and text body, and any attachments. These are stored in Cloudflare's KV service with a hard 600-second time-to-live. The TTL is the deletion mechanism — there is no separate cleanup process, and there is no "all messages" archive on our side.
  • Bounce events at the routing layer when a message is rejected for shape reasons (malformed recipient, oversized envelope). These are logged transiently by Cloudflare's email infrastructure and not retained by us.

What we do not collect

  • We do not log your IP address against an inbox ID.
  • We do not store browser fingerprints or device identifiers.
  • We do not retain a copy of any message past its 10-minute TTL.
  • We do not run content analysis, classification, or AI training on messages.
  • We do not maintain a directory of previously-issued addresses.
  • We do not sell, rent, or share message contents with anyone.

Third parties

Cloudflare

tenmin.app runs entirely on Cloudflare's infrastructure: Pages for the static frontend, Workers for the email-parsing and API logic, KV for storage, and Email Routing for accepting mail at the domain. Cloudflare receives the raw mail before we do and applies its own filtering. Their privacy and abuse policies apply to that handling — refer to Cloudflare's privacy notice for specifics.

Google Analytics (optional, may be off)

If we have configured a Google Analytics 4 measurement ID, the site loads the GA4 script and reports pageviews and a small set of UI events ("copy email", "new inbox", "extend inbox", "open message"). GA4 sets cookies that identify the visit. IP addresses are anonymised at collection time via the anonymize_ip flag. When the GA4 ID is unset (which is currently the case), the analytics loader is a no-op and no script is injected.

Google AdSense (optional, currently off)

Ad slots on the site are designed to render with Google AdSense if we have configured an AdSense publisher ID. AdSense uses cookies and similar technologies to serve and measure ads. At the time of this writing, AdSense is disabled on tenmin.app pending a policy review. When it is re-enabled, this page and the consent UI will be updated to reflect that. If you'd like to opt out of personalised advertising at the Google level, you can do so at adssettings.google.com.

Buy Me a Coffee

The "Tip" links in the header and the home page point to a Buy Me a Coffee profile. If you follow one and complete a payment, BMC and their payment processor handle that transaction; we receive no payment details from them, only an aggregate notification.

How long we keep things

  • Messages: 600 seconds from arrival, enforced by Cloudflare KV's built-in time-to-live. Hitting Extend resets the TTL on the next write.
  • Bounce / error logs: retained by Cloudflare's platform per their policy; we don't pull them into a separate store.
  • Analytics events: when GA4 is active, retained for the default GA4 window (currently 14 months) unless we shorten it.

Your rights

Because we don't store anything that ties to an identifiable person, most of the standard data-subject rights are moot — there is nothing to access, correct, or port. You can still:

  • Delete your inbox immediately by closing the tab and ignoring the address. The data expires on its own within 10 minutes.
  • Opt out of analytics via any standard browser ad/tracker blocker or Google's ads-settings page.
  • Contact us with questions or complaints via the contact page.

Children

tenmin.app is intended for users aged 13 and older. We do not knowingly collect any information from children. If you believe a child has interacted with the service and you want to discuss it, please reach out.

Law enforcement

We will respond to valid, narrowly-scoped legal process. Because we don't retain message contents past the 10-minute window, in most cases there is nothing for us to produce — the data has already expired by the time a request reaches us. Where we have information that's responsive to a valid request, we'll comply with the minimum necessary.

Changes

If we change this policy in a way that affects how we handle data, we'll update the "Last updated" line at the top of this page and, for material changes, surface a notice on the home screen for at least a week. We won't make a substantive change quietly.

Contact

Questions about this policy go through the contact page. We aim to respond within a few business days.