homeGet Started

Legal

Privacy Policy

Last updated April 23, 2026.

Alias is an email-alias and forwarding service. This page describes exactly what we store, for how long we keep it, and the control you have over your data — including the bits that need honest disclosure rather than marketing copy.

scheduleRetention you controlvisibility_offNo third-party trackingverified_userNo data sold

Overview

Alias routes mail from aliases you create to your real inbox without exposing that inbox to the sender. To let you review deliveries in the dashboard, we temporarily store forwarded email (with user-controlled retention). Everything else we keep is metadata you configured yourself — aliases, forwarding destinations, custom domain records. This policy spells out each piece.

Data we collect

alternate_email

Email & optional password

Your email address is used to sign in and as the default forwarding destination. You can sign in with a one-time six-digit code, or — if you choose — set a password, which we store as a bcrypt hash.

key

Session token

A short-lived JWT kept in localStorage or extension storage to keep you signed in. The extension also caches your own aliases, domains, and preferences locally to stay responsive offline.

dns

Aliases & domain records

The alias prefix, forwarding target, on/off state, and — if you add a custom domain — the SPF / MX / DKIM / DMARC values set during verification so re-checks work later.

mail

Forwarded email & logs

To make past deliveries viewable in the dashboard, we store the raw message (up to 10 MB), parsed HTML/text, attachments, and metadata (sender, recipient, subject, status). An hourly cleanup purges expired rows per your retention setting.

How we use your data

  • check_circleRoute inbound mail from your aliases to your configured forwarding address.
  • check_circleSign you in — via a one-time code, or a password if you set one.
  • check_circleLet you view, toggle, or delete any alias from the dashboard or extension popup.
  • check_circleLet you open past deliveries in the dashboard until they fall outside your retention window.

blockWhat we don't do

  • closeWe do not sell, rent, or transfer your data to third parties.
  • closeWe do not embed third-party trackers, analytics, or ad pixels in the dashboard or extension.
  • closeWe do not read or transmit the content of pages you visit with the extension installed — it reads only the current tab's hostname.
  • closeWe do not keep forwarded email content or logs beyond the retention window you set. Scheduled cleanup permanently deletes anything past that window.

Chrome extension permissions

Every permission the extension requests exists to generate and manage aliases for you. Details below.

PermissionWhy we need it
storagePersist your session token, preferences (prefix style, default domain), and a local cache of your own aliases/domains so the popup opens quickly. All of it stays on your device.
activeTabRead only the hostname of the current tab so we can suggest a site-derived alias like "amazon-xxx@". We never read page content or form values.
contextMenusAdd the "Create mxalias for this site" item to the browser's right-click menu.
clipboardWriteCopy the freshly generated alias to your clipboard so you can paste it into a signup form.
scriptingInject the small inline "mx" button next to email input fields so you can create an alias without leaving the form.

Host permissions: https://api.mxalias.com/* for API calls, plus https://mxalias.com/* and https://www.mxalias.com/* so signing out in the popup also clears the web dashboard. The extension makes no other network requests and loads no third-party scripts.

Data retention

30 days
Email content & attachments

Default. Adjust (or shorten) the window in Settings; a cron purges expired rows hourly.

Metadata
Forwarding logs

Sender, recipient, subject, status. Auto-purges alongside content when you enable "content + logs" mode.

Until deleted
Account & aliases

No automatic expiry. Remove any alias, domain, or email individually in the dashboard.

Your rights

schedule

Control retention

Shorten the retention window or switch to "content + logs" auto-purge mode in Settings at any time.

delete_forever

Delete items

Delete any alias, custom domain, or stored email from the dashboard. Removal is immediate.

logout

Opt out of forwarding

Toggle an alias off; inbound mail is rejected with "no such recipient" at the SMTP layer and is not logged.

outgoing_mail

Full account erasure

Email privacy@mxalias.com and we will remove your account and all associated data; self-serve account deletion is on the roadmap.

Contact