Privacy Policy
PostfixMe is built on a simple principle: the app has no business knowing anything about you, and we have no infrastructure to collect data even if we wanted to.
Plain-language summary: PostfixMe collects zero data. It only communicates with the private mail server you configure. We have no servers, no analytics, no crash reporting endpoints, no advertisement networks, and no way to receive your data.
Who we are
PostfixMe is developed and maintained by one guy: William W. Kimball, Jr., MBA, MSIS. Contact him via the GitHub Issues page for this project.
This privacy policy applies to the PostfixMe iOS application (Bundle ID: ninja.kimball.postfixme) and the PostfixMe promotional website at https://postfixme.kimball.ninja/.
What PostfixMe does and does not do
PostfixMe is a single-purpose utility app that manages email aliases and mailbox passwords on a self-hosted PostfixAdmin server. It does not send or receive email messages.
Data the app does NOT collect
- No analytics: No Mixpanel, Amplitude, Firebase Analytics, or equivalent. We have no insight into how you use the app.
- No crash reporting: No Sentry, Firebase Crashlytics, or any service that transmits crash data to a third-party or developer server.
- No location: The app never requests, reads, or stores your geographic location.
- No contacts: Your address book is never accessed.
- No photos or media: Camera and photo library access is never requested.
- No device identifiers: No IDFA, IDFV, device name, or hardware fingerprinting of any kind.
- No advertising: There are no advertisements and no ad-network SDKs in the app.
- No third-party SDKs: The app contains no third-party frameworks, libraries, or SDKs beyond what Apple provides as part of iOS.
What is stored on your device
PostfixMe stores a small amount of data exclusively on your device:
iOS Keychain
The following are stored with kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection:
- The server URL you configure (e.g.,
https://mail.yourdomain.example/) - Your JWT access token (short-lived, typically 15 minutes)
- Your JWT refresh token (long-lived, managed by your server)
This data does not sync to iCloud. It cannot be restored from a backup to a different device. It is automatically deleted when the app is uninstalled.
UserDefaults
- Your selected theme (defaults to System)
- Your biometric authentication preference (on/off)
These preferences are benign display and OS-integration settings with no personal identifiers.
Network communication
PostfixMe communicates exclusively with the server you configure by its PostfixAdmin URL. There is no developer-controlled server, cloud backend, or external service that the app contacts.
- All communication with your configured server is over HTTPS/TLS (enforced by the API layer in production deployments).
- The exception is
localhostconnections which are permitted without TLS for local development and testing only. - No data is ever transmitted to the developer, to Apple (beyond standard OS crash reporting controlled by your iOS privacy settings), or to any third party.
- The app never "phones home" to anywhere.
Apple's built-in iOS data collection
Apple may collect certain data as part of standard iOS system services, including:
- Crash reports (controlled by your iOS Settings → Privacy → Analytics & Improvements)
- App Store usage data (controlled by your Apple ID privacy settings)
This data is handled by Apple under Apple's Privacy Policy, entirely outside the developer's control or access.
The PostfixMe promotional website
The PostfixMe website at https://postfixme.kimball.ninja/ is a static HTML site with no analytics scripts, no tracking pixels, no cookies, and no forms that collect personal data. Standard web server access logs (IP address, timestamp, requested path) may be retained by the hosting infrastructure per its normal operational policy.
Children's privacy
PostfixMe is not directed at, and has no features designed for, users under 13 years of age. The app's technical complexity (requiring a self-hosted mail server) makes it unsuitable for children in practice. The app does not knowingly collect any personal information from anyone, children or otherwise.
Changes to this policy
If this policy changes materially, the updated version will be published at https://postfixme.kimball.ninja/privacy.html with a revised effective date. Given the app's architecture (collecting nothing), material changes are unlikely.
Contact
Use GitHub Issues: GitHub Issues
Effective date: February 12, 2026 · This policy applies to PostfixMe v1.0 and later.