Security & Anonymity Center
Postmarker is engineered specifically to protect privacy. We store zero tracking logs, require no user registration, and use cryptographic tokens to guarantee private thread isolation.
Cryptographic Tokens
Your private inbox key is a high-entropy, client-side token. We never store this key in plaintext. The database only stores a one-way **SHA-256 hash** of your token. Even if our database is compromised, it is mathematically impossible to reconstruct the token or decrypt access.
IP Masking & Headers
When you dispatch an email, our server handles outbound routing via SMTP. We strip all originating IP addresses and replace them with a unique sub-address wrapper (e.g. `you+threadId@gmail.com`). The recipient sees only the anonymous wrap address.
Ephemeral Data Cycle
All data is transient. We run a MongoDB TTL (Time-To-Live) index that automatically deletes threads, tokens, and messages exactly 7 days after the thread is created (unless manually extended). Once deleted, the data is completely expunged from memory and disks.
Under The Hood: Routing Anatomy
Message compiled. High-entropy token generated in-browser. Token is SHA-256 hashed before hitting API.
Alias constructed (threadId). Custom headers (`X-PostMarker-Thread-ID`) embedded. Dispatch via SMTP relay.
Incoming replies verified by sender address match and header References loop. Saved to DB, marked read on SMTP.
Privacy Guarantee
Postmarker stores no tracker analytics, cookies, browser fingerprints, or IP logging nodes. The system operates fully on-demand. When a thread's time is up, the clean sweep is complete. All code is open-source and reviewable for complete architectural audit.