Last updated · 2026-05-23

Privacy Policy

TL;DR

We collect a randomly-generated handle, a hash of your client token, your inbound mail (briefly), and your IP for rate-limiting. We do not require an email or name. We do not read, sell, or train on your mail. Mail buffered for an offline CLI is deleted within 48 hours. Handles expire after 30 days of inactivity. GDPR applies to all users.

What we collect

popterminal anonymous mode is designed to collect the minimum data needed for the service to work. Specifically:

A randomly-generated handle (an animal-name plus a short random suffix, e.g., dugong-3xy9). You did not provide this; the server generated it on your first popterminal start.
A SHA-256 hash of your client token. The token itself is never stored — only its hash. We use the hash to authenticate your CLI when it reconnects.
Inbound mail addressed to your handle, buffered for up to 48 hours while you are offline, then forwarded to your CLI and deleted from our servers.
Your IP address, transiently, for rate-limiting handle registrations and incoming WebSocket connections. Per-IP rate-limit counters auto-delete on a rolling hourly window.
Minimal access logs (timestamps, handle, status codes) retained for up to 30 days to investigate abuse and operational issues.

What we don't do

To make the boundaries explicit:

We do not require an email address, name, phone number, or payment information to use anonymous mode.
We do not read your mail. Our Worker handles raw bytes and forwards them to your CLI; the only message-level processing is parsing the recipient address to find your handle.
We do not sell your data, share it with third parties for marketing, or use it to train any model.
We do not run advertising and never set tracking cookies. There are no analytics pixels or third-party trackers on popterminal.com.

Retention

Mail buffered for an offline CLI is deleted after one of three events, whichever comes first:

Your CLI reconnects and acknowledges receipt (typical case — usually within seconds of reconnecting).
48 hours pass. Cleanup runs on an hourly cron and removes anything older.
The buffer for a single handle exceeds 100 messages. Oldest are dropped first.

Your handle itself is deleted after 30 days of inactivity. Any mail received OR any CLI reconnection resets that clock. To roll your handle deliberately, run popterminal handle reset.

Access logs auto-delete after 30 days.

Where data lives

Data is stored on Cloudflare's network:

Mail flows through Cloudflare's Email Routing MX layer (cf.com global edge).
Handle metadata and the offline buffer are stored in Cloudflare D1 (a managed SQLite product) and Durable Objects.
Rate-limit counters live in Cloudflare KV.
Once mail reaches your CLI, it is stored locally on your laptop in ~/.popterminal/popterminal.db. We do not have access to that file.

Jurisdiction & GDPR

The operator of popterminal.com is based in Germany. The European Union's General Data Protection Regulation applies to all users worldwide.

Under GDPR you have the right to:

Access the data we hold about your handle
Request deletion of your handle and any buffered mail (you can also do this yourself with popterminal handle reset, which immediately invalidates the handle on the server)
Export your data (your local SQLite file is already a complete export of mail received)
Lodge a complaint with your local data protection authority

Cookies

popterminal.com does not set any cookies. The Worker that serves this page is stateless from the browser's perspective.

Changes to this policy

If we materially change what is collected, retained, or shared, we will update the "last updated" date at the top of this page and reset the version badge on the homepage. There is no mailing list for these changes — check popterminal.com or follow the project on npm.

Contact

Privacy questions, GDPR requests, abuse reports — all go to abuse@popterminal.com. This mailbox is monitored.