This privacy policy explains how SASU Dynamic Foundries ("we", "us", "our") processes personal data when you use MyraMail ("the Service"), available at https://myramail.com, in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and French Law No. 78-17 of 6 January 1978 (Loi Informatique et Libertés).
MyraMail provides disposable email addresses that expire after 15 minutes. You do not create an account, sign up, or provide any personal information to use the Service. When you visit the Site, we generate a random address of the form myra-XXXXXXXX@myramail.com and issue a short-lived session token tying your browser to that address until expiry.
After 15 minutes, the disposable mailbox and all messages it has received are permanently deleted from our systems.
token) that allows your browser to view its own mailbox. Lifetime: 15 minutes.When someone sends an email to a disposable MyraMail address, the message — including the sender's email address, subject line, and body — is received and stored on our self-hosted mail server (operated by us on OVH infrastructure in France) for up to 15 minutes, after which it is permanently deleted along with the mailbox. We do not read, scan, profile, or share these messages. They exist only to be displayed to the holder of the corresponding disposable address.
If you are an email sender who did not intend for your message to be read on a disposable service, please contact us at contact@dynamic-foundries.com and we will assist within the constraints of our retention policy.
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Providing the disposable email service to the visitor | Legitimate interest (Art. 6(1)(f)) |
| Receiving and briefly storing inbound emails from third-party senders | Legitimate interest (Art. 6(1)(f)) — recipient asked for the service |
| Technical operation and security of the Site (rate limiting, abuse prevention) | Legitimate interest (Art. 6(1)(f)) |
| Site analytics and improvement | Consent for Google Analytics (Art. 6(1)(a)); legitimate interest for cookieless Plausible (Art. 6(1)(f)) |
| Legal and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
| Data type | Retention period |
|---|---|
| Disposable mailbox + inbound emails | 15 minutes from creation, then permanently deleted |
| Session token (JWT cookie) | 15 minutes |
| Web server access logs (IP, user-agent) | 12 months for security and legal purposes |
| Google Analytics data | 26 months |
| Plausible Analytics data | Aggregated, no personal data retained |
| Support communications | 3 years after resolution |
We use the following third-party services that may process your data on our behalf:
| Service | Purpose | Location |
|---|---|---|
| OVH SAS | Web hosting, PostgreSQL database, and mail server hosting | France (EU) |
| Plausible Insights OÜ | Cookieless site analytics (no personal data collected) | Estonia (EU) |
| Google LLC (Google Analytics) | Site analytics — loaded only with your consent | United States (EU-US Data Privacy Framework) |
MyraMail uses cookies — small text files stored on your device — for the following purposes:
token (15-minute session JWT) and token_created are required to display your disposable mailbox. These do not require consent.cookie_consent records your choice on the analytics consent banner. Exempt from consent (CNIL guidance)._ga, _ga_*) to measure site usage. Loaded only after you click "Accept" on the banner.Plausible Analytics is cookieless — it sets no cookies and collects no personal data. You can manage your overall cookie preferences through your browser settings at any time.
We implement appropriate technical and organizational measures to protect your data, including:
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us at contact@dynamic-foundries.com.
Under the GDPR, you have the following rights regarding your personal data:
Because disposable mailboxes are deleted after 15 minutes and contain no identifying information, most rights are exercised automatically by the design of the Service. For other data (server logs, support emails), contact us at contact@dynamic-foundries.com. We respond within 30 days.
If you believe your rights have not been respected, you may file a complaint with the French data protection authority:
All inbound email content and disposable-mailbox data is hosted in France (EU). Cookieless Plausible analytics is hosted in Estonia (EU). Google Analytics — loaded only with your explicit consent — may transfer aggregated usage data to the United States under the EU-US Data Privacy Framework adopted by the European Commission on 10 July 2023.
This Service is not intended for children under 15 years of age (digital age of consent under French Loi Informatique et Libertés Art. 45). We do not knowingly collect personal data from children under 15. If you believe a child has used the Service, please contact us and we will respond promptly.
We may update this privacy policy from time to time. The date of the last update is indicated below.
Last updated: May 2026