Privacy policy
This is the privacy policy for Send-to-me as run at stm.smkd.uk.
Summary
- We store your email address and your active sessions. We do not store the content of anything you send.
- Outgoing content passes through Postmark, the email delivery provider, on its way to your inbox. Postmark sees content briefly during sending.
- The trust chain is: you, then us, then Postmark, then your email provider, then your inbox. Every hop sees the content while it is in transit.
- You can stop using the service at any time. Account deletion is available from the settings page and removes your account and all sessions.
What we collect, and why
When you sign in, we record:
- Your email address. Required to verify you and to deliver to your inbox.
- A hashed, single-use sign-in token. Used to confirm you control the address you signed in with. Single-use; deleted on use; expired tokens are purged.
- Active session records. Used to keep you signed in across visits. Sessions expire 30 days after sign-in and are deleted at sign-out.
When you send a link or note through Send-to-me, we receive the content in process memory for as long as it takes to forward it to Postmark. The content is not written to disk, not stored in our database, and not written to logs. Once the send completes (or fails), the content is gone from our side.
We do not collect:
- Analytics or tracking data.
- Device identifiers, advertising IDs, or browser fingerprints.
- IP addresses beyond the brief in-memory window used by rate-limiting on sign-in attempts. IPs used for rate-limiting are not persisted.
Where your content goes
The path from you to your inbox is multi-hop:
- You to us. Over HTTPS to
stm.smkd.uk. The content lives only in our process memory during the request. - Us to Postmark. Over HTTPS to Postmark's API. We hand over the content for delivery.
- Postmark to your email provider. Standard email delivery (SMTP).
- Your email provider to your inbox. As stored email, subject to that provider's retention.
Every system in this list sees your content during delivery. None of them can be removed without removing email itself.
What Postmark sees and retains
Postmark sees the content of each message during delivery, briefly. They retain delivery metadata (timestamps, recipient address, delivery status, bounce records) indefinitely. We have no mechanism to remove that metadata.
We configure Postmark's Retention Add-on to its minimum (7-day retention) with content suppression in the Activity feed where available, so message bodies are not retained long-term in Postmark's systems.
What your email provider sees and retains
Your email provider stores everything you send to yourself as ordinary email, with whatever retention and privacy properties that provider applies. Your relationship with them is outside the scope of this service.
Retention
| Data | Retention |
|---|---|
| Your email address | Held while your account exists. Deleted on account deletion. |
| Sign-in tokens | Hashed at rest; single-use; expire 15 minutes after issue. |
| Session records | Held while active; expire 30 days after sign-in; deleted on sign-out. |
| Message content (our side) | Not stored. Held in process memory only for the duration of the send. |
| Server logs | Method, path, status code, latency. No request or response bodies. Retention set by underlying log storage. |
| Postmark message bodies | 7 days with content suppression in the Activity feed, per Retention Add-on configuration. |
| Postmark delivery metadata | Retained by Postmark indefinitely. |
Your rights
If you are in the UK or EU, you have rights under UK GDPR and EU GDPR including access, rectification, erasure, restriction, portability, and objection. To exercise any of these rights, contact us using the address below.
In practice, the data we hold is small: your email address and any active sessions. Erasure is therefore straightforward.
Children
Send-to-me is not directed at children and is not intended for use by anyone under the age of 13. We do not knowingly collect data from children.
Contact
For privacy questions or to exercise your rights, contact: [email protected].
Current limitations
The privacy posture above is the intended steady state. The following items are in-flight rather than complete:
- Postmark Retention Add-on configured to 7 days with content suppression. Planned; not yet applied to the production Postmark account. Until applied, default Postmark retention (which is longer) is in effect.
- Contact mailbox monitoring. The
[email protected]mailbox above is provisional; the operational floor includes confirming the address and ensuring it is monitored.
Changes to this policy
This policy may change as the service evolves. The date below records the most recent meaningful update.
Last reviewed: 2026-05-24.