Privacy

TestTau captures inbound emails and HTTP requests addressed to user-chosen names on mail.testtau.com and hook.testtau.com. Because anyone with a name can read what was sent to it, captured data should be treated as public.

We retain data for 48 hours and then delete it. We log request metadata (hook/inbox name, size, country, timestamp) via Cloudflare Workers Logs and Analytics Engine for operational purposes. We do not sell data.

We use essential session cookies to keep signed-in users authenticated across TestTau pages and subdomains. Private mail and hook API keys are kept in this browser tab's session storage when you paste or create them, so they can be sent as Authorization headers instead of appearing in URLs.

Don't send real secrets, PII, or production credentials through TestTau.