Terms & Policies

VppBox · Last updated March 2026 · Subject to legal review prior to launch
Privacy ChoicesPrivacy PolicyResponsible DisclosureTerms: Large PlanTerms: All PlansUsage Policy
01 — Data & Privacy

Privacy Choices

VppBox is built around a single principle: we cannot give what we do not have. Our architecture is designed to minimise data collection at every level. VppBox is designed to make you reachable in private — anyone can write to you, no one can see what they wrote. It is not designed to make the postbox owner invisible. Your address is public. Your inbox is not.

What we collect

  • Box number — randomly assigned at creation, retained for the duration of the subscription.
  • Box type and status — Small, Medium, or Large, and whether the box is active, suspended, or closed.
  • Creation timestamp — the date and time your postbox was created, retained for the duration of the subscription.
  • Sender fingerprint (per letter) — a one-way hash derived from the sender's browser characteristics (user agent, timezone, language, screen resolution). Stored with the letter for abuse prevention. Automatically deleted when the letter is destroyed. If you block a sender, their fingerprint is retained in your block list until you remove it.
  • Sender IP (per letter) — recorded at the time of sending for abuse detection. Automatically deleted when the letter is destroyed.
  • Encrypted verification blob — a cryptographic token derived from your keys, used solely to verify your identity at login. We cannot read your keys or reverse this blob.
  • Encrypted private key — stored in encrypted form. We cannot decrypt it.
  • Subscription and payment metadata — retained for billing and legal compliance. Payment processing is handled entirely by our payment processing provider; we do not store card numbers or full payment details. Your payment provider knows who paid; we know only that a valid subscription exists. This distinction is intentional: VppBox is designed to be reached anonymously — your postbox address is public — not to make the postbox owner anonymous. Postbox owners are visible by choice.
  • Stamp balance — retained for the duration of the subscription to deliver the service.
  • Encrypted letter content — stored as an opaque encrypted blob for a maximum of 24 hours (or up to 7 days if Waiting Mode is enabled at your explicit request). Permanently overwritten thereafter.
  • Setup code — generated at payment, deleted immediately upon setup completion or after 7 days if unused.

What we collect at signup (postbox owners only)

  • Your email address — collected once at signup for one-time verification. We do not use your email for marketing, newsletters, or any communication beyond the initial verification code.
  • Your IP address and browser fingerprint at signup — retained for accountability. This helps us respond to legal requests regarding misuse of postboxes.
  • Display name (optional) — only if you choose to provide one.

What we never collect

  • Login times, session history, or access patterns.
  • Who writes to you, when, or how often.
  • Message content — encryption happens on your device before anything is sent. We receive only ciphertext and have no means to decrypt it.
  • Location data.
  • Your keys — they are never transmitted to our servers.
  • Images, files, or attachments of any kind — VppBox is a text-only service. Image and file upload is technically impossible and will never be added.
  • Sender identity — those who write to your postbox remain anonymous. We do not collect their email or any personal identifier (only an opaque device fingerprint, used solely for your block list).

Your controls

  • Waiting Mode — off by default. If enabled, incoming letters are held encrypted on our servers at your explicit request. You acknowledge this and accept responsibility.
  • Anonymous Sender Block — off by default. If enabled, only registered VppBox users can write to you. Anonymous senders see a message that your postbox is restricted.
  • Block Sender — when reading a letter, you may block the sender. Their fingerprint is added to your personal block list. Future letters from the same sender are silently dropped — the sender sees “delivered” and is not notified. Your block list is stored on our servers and deleted when your postbox is closed.
  • Box closure — you may close your postbox at any time. All associated data is permanently and irreversibly destroyed. Unused stamps are forfeited.

Cookies and local storage

VppBox does not use cookies for authentication. Your session is stored entirely in your browser's sessionStorage (cleared when you close the tab). Some essential technical cookies may be set by Cloudflare (DDoS protection, bot challenge) for security purposes — these are not used for tracking, analytics, or advertising. No cookie consent banner is required.

02 — Privacy Policy

Privacy Policy

This policy applies to vppbox.com and all VppBox services. VppBox operates under EU law and is subject to the General Data Protection Regulation (GDPR).

Data controller

VppBox. Legal and data protection inquiries: legal@vppbox.com

Design philosophy: reachable, not hidden

VppBox is designed for a specific purpose: to allow anyone to reach you privately, without knowing who they are. The postbox owner is visible — you share your address publicly, put it in your bio, print it on a card. What remains private is who writes to you, what they say, and when. This is the core promise of VppBox.

VppBox protects the identity of the sender, not the postbox owner. If you need to conceal your own identity from everyone including VppBox, this service is not designed for that purpose.

Transit architecture

Letters are encrypted on your device using AES-256-GCM before transmission. The server receives only an encrypted blob and has no means to decrypt it. Letters are automatically overwritten with random data and destroyed within 24 hours of delivery or 24 hours after opening — whichever comes first. This is not a policy choice; it is a technical constraint.

Our legal position: “We cannot provide what we do not have.” We do not store message content. We cannot read it, hand it over, or delete it on request — because it does not exist on our servers in readable form.

Legal basis for processing

We process most personal data under Article 6(1)(b) GDPR — performance of a contract — to deliver the postbox service. Signup IP, browser fingerprint, and email retention beyond verification are processed under Article 6(1)(f) — legitimate interest — to detect and respond to misuse, and to comply with applicable law.

Data retention

  • Box number, type, status, creation timestamp: retained for the duration of the subscription. Deleted 12 months after the postbox is closed.
  • Postbox owner email address: retained for the duration of the subscription, used only for the initial verification. Deleted 12 months after the postbox is closed. Previous email addresses (if changed) are archived for the same retention period to support legal accountability.
  • Display name (if provided): retained for the duration of the subscription. Deleted 12 months after the postbox is closed.
  • Signup IP address and browser fingerprint: retained for the duration of the subscription, used to detect and respond to misuse. Deleted 12 months after the postbox is closed.
  • Sender fingerprint and sender IP per letter: retained only for the lifetime of the letter (maximum 24 hours, or 7 days in Waiting Mode). Automatically deleted when the letter is destroyed. Exception: if you block a sender, their fingerprint is retained in your block list until your postbox is closed.
  • Encrypted verification blob and encrypted private key: retained for the duration of the subscription. We cannot read either of these. Deleted 12 months after the postbox is closed.
  • Encrypted letter content: maximum 24 hours after delivery or opening. Maximum 7 days if Waiting Mode is active at your explicit request.
  • Setup codes and verification codes: setup codes deleted immediately after use or after 7 days if unused. Email verification codes expire after 5 minutes and are invalidated immediately upon use.
  • Stamp balance: retained for the duration of the subscription.
  • Payment and subscription metadata: retained for the duration required by applicable law and our payment processing provider's terms. Our payment provider processes and retains payment details on their infrastructure under their own privacy policy. We retain only what is necessary to confirm a valid, active subscription.

The 12-month grace period after postbox closure exists to satisfy legal record-keeping obligations and to allow response to legitimate legal requests. After this period, all data is permanently and irreversibly deleted.

Data breach notification

In the event of a breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33. Because message content is encrypted and unreadable to us, a breach of our servers does not constitute a breach of your message content.

Third-party processors

  • Payment processing provider — handles all payment transactions. Retains payment details (including card information and billing identity) under their own privacy policy. If you require full payment anonymity, consult their policy or use a payment method that does not link to your identity. VppBox receives only confirmation that a subscription is active — we do not receive or store card numbers.
  • Cloudflare — provides DDoS protection and CDN services. Processes encrypted traffic; cannot access message content.
  • Supabase — database hosted in Frankfurt, EU. Stores metadata and encrypted blobs only.
  • Vercel — application hosting. Processes requests but has no access to encryption keys or message content.
  • Resend — transactional email delivery, used solely to send the one-time verification code at signup or email change. Receives your email address and the verification code. No marketing, no newsletters.

Your rights under GDPR

You have the right to access, rectify, or erase your personal data; to restrict or object to processing; and to data portability. To exercise these rights, contact: legal@vppbox.com. Provide your box number and verified email address to identify your account.

Reporting illegal content (DSA Article 16)

Under the EU Digital Services Act Article 16 (Notice and Action), anyone may report a postbox being used for illegal activity — including impersonation, harassment, fraud, CSAM, spam, or other illegal use. Use our public reporting form: vppbox.com/abuse. We review every report and take action under our Usage Policy and applicable law. Decisions are recorded for audit and transparency purposes.

Law enforcement requests

VppBox cooperates with valid legal requests from competent authorities. Requests are evaluated against EU law, the GDPR, and the law of the requesting jurisdiction.

How to submit: Send to legal@vppbox.com with valid legal process — subpoena, court order, MLAT request, or equivalent. Informal requests without legal process will be declined.

What we can disclose: Postbox metadata (box number, type, status, timestamps), postbox owner email and signup IP/user-agent/fingerprint, email change history, and payment/subscription metadata held by us. We disclose only the minimum data described in the request and required by law.

What we cannot disclose: Letter content. Letters are encrypted on the user's device with keys we never receive; we cannot read, decrypt, or hand over message content. We cannot provide what we do not have.

User notification: Where lawful, we notify the affected postbox owner of the request and the data disclosed at least 14 days before disclosure, unless we are legally prohibited from doing so (e.g. gag order, ongoing criminal investigation). After any non-disclosure period expires, we notify the user of the past request.

Emergency disclosure: In good-faith belief that disclosure is necessary to prevent imminent risk of death or serious physical harm, or to address active CSAM coordination, we may disclose relevant data without prior user notification. Such disclosures are documented and reviewed.

Transparency report: We publish an annual transparency report listing the number of requests received, the jurisdictions, the categories of data disclosed, and the rejection rate. The report contains no user-identifying information.

03 — Security

Responsible Disclosure

Security is central to VppBox. If you discover a vulnerability, we ask that you report it responsibly before public disclosure. We commit to responding in good faith.

How to report

Email: legal@vppbox.com — subject: Security Disclosure

What to include

  • A clear description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Your contact information (optional — anonymous reports accepted)

Our commitments

  • We will acknowledge your report within 5 business days.
  • We will investigate and provide an update within 30 days.
  • We will not pursue legal action against researchers acting in good faith.
  • We will credit researchers who wish to be named, upon request and after the issue is resolved.
  • We ask for a reasonable coordinated disclosure window before public release.

Scope

  • In scope: vppbox.com, API endpoints, client-side encryption implementation, session management, authentication flows.
  • Out of scope: Social engineering, physical attacks, attacks on third-party services (Cloudflare, Supabase, Vercel), denial-of-service attacks.

The encryption implementation is our highest-priority security surface. Reports relating to the zero-knowledge architecture will receive the fastest response.

04 — Terms: Large Plan

Terms of Service: Large Plan

These terms apply to Large Postbox subscriptions ($23/year). By subscribing, you agree to these terms in addition to the All Plans terms below.

Subscription

  • Annual subscription only — no monthly option.
  • Your price is locked permanently. Price increases apply only to new subscribers, with 30 days advance notice.
  • Active subscriptions cannot be cancelled mid-term. Cancellation takes effect at the end of the current subscription period.
  • Box type upgrades are charged on a prorated basis. Downgrade is not available mid-term — you may select a lower tier at renewal.

Payment failure and tolerance

  • If payment fails, a 3-day grace period begins. Your payment provider will retry automatically.
  • After 3 days without payment: your postbox is locked (read access remains, no new letters accepted).
  • After a further 3 days without payment: your postbox is permanently closed and all data destroyed. Your box number returns to the available pool.
  • If a technical fault on our side causes a service outage exceeding 24 hours, your subscription is automatically extended by the equivalent period.

Large Plan features

  • Business card (display name and tagline only — no image upload) — visible to senders only. No record is kept on our servers. Image uploads are not supported and will not be added.
  • Custom box number — selected during setup from available combinations. Subject to availability; reserved combinations are not available.
  • Custom tagline — maximum 100 characters, visible to senders. Subject to our Usage Policy.

No SLA

VppBox does not provide a Service Level Agreement. We aim to provide the best possible availability but do not guarantee uninterrupted service.

Data processing

Large Plan customers subject to GDPR obligations who require a Data Processing Agreement (DPA) may request one by contacting legal@vppbox.com.

05 — Terms: All Plans

Terms of Service: All Plans

These terms apply to all VppBox subscribers (Small $9/year, Medium $13/year, Large $23/year). By creating a postbox, you agree to these terms.

Eligibility

You must be at least 16 years old to use VppBox. By completing the setup process, you confirm that you meet this requirement. We do not knowingly collect data from individuals under 16.

Subscription and refunds

  • Annual subscription only.
  • EU consumers: during checkout, you will be asked to explicitly confirm your waiver of the 14-day right of withdrawal under EU Consumer Rights Directive Article 16(m). This is required because the service begins immediately upon activation. The confirmation is timestamped and recorded.
  • No refunds after subscription activation.
  • Your price is locked permanently as a current subscriber.
  • Price increases apply only to new subscribers, with at least 30 days advance notice.

Keys and access

  • You set two access keys during setup. These are never transmitted to or stored on our servers.
  • A 4-word backup phrase is generated during setup. This is the only way to recover access if your keys are lost. Store it somewhere safe — we cannot recover it for you.
  • If all keys and the backup phrase are lost, access cannot be recovered. The subscription runs its course and the postbox is closed at expiry.
  • After 10 consecutive failed login attempts, your backup phrase is required and both keys are reset.

Stamps

  • Each new postbox receives a welcome gift of stamps: 50 (Small), 100 (Medium), or 200 (Large).
  • Stamps are used for: read receipts, sending beyond your daily limit (20 for Small, 50 for Medium, 100 for Large), and Waiting Mode.
  • Stamps cannot be transferred between postboxes.
  • Stamps are forfeited if your postbox is closed. You will be warned before closure if you have unspent stamps.
  • No stamp refunds are issued under any circumstances.

Postbox limits

  • One active postbox per device at a time.
  • Maximum 12 postboxes per device per year (open and closed combined).
  • These limits are enforced automatically and cannot be appealed.

Waiting Mode

  • Waiting Mode is off by default. Enabling it is your explicit request to hold letters on our servers.
  • Each held letter costs 1 stamp per day. If your stamp balance reaches zero, Waiting Mode deactivates automatically.
  • You accept full responsibility for letters held during Waiting Mode.
  • Maximum letters held: 25 (Small) / 50 (Medium) / 100 (Large).

Termination

VppBox reserves the right to suspend or close postboxes that violate these terms or the Usage Policy, with or without notice. No refund will be issued for terminated postboxes.

Usage Policy

VppBox provides infrastructure for private text-based communication. You are solely responsible for how you use it.

This is a text-only service

VppBox transmits text only. Image uploads, file attachments, and embedded media are technically impossible and will never be supported. This is a deliberate architectural decision, not a temporary limitation. Links in letters are rendered as plain, non-clickable text to prevent phishing.

Prohibited use

  • CSAM — Child sexual abuse material. Zero tolerance. Any attempt will be reported to law enforcement immediately. Image transmission is technically impossible on VppBox; any attempt to circumvent this is a serious violation.
  • Harassment and threats — Targeted abuse, threats of violence, or sustained harassment of any individual.
  • Doxxing — Publishing or coordinating the publication of private, identifying information of another person without their consent (real name, home address, workplace, phone number, etc.) — including using a postbox to collect such information about a third party.
  • Extortion or blackmail — Demanding money, conduct, or any benefit under threat of disclosure, harm, or other adverse consequence.
  • Fraud or scam — Phishing, social engineering, false-pretence solicitation of credentials/payment information, advance-fee schemes, or any deceptive practice intended to defraud.
  • Self-harm encouragement — Content that promotes, encourages, or provides instruction for suicide, self-injury, or eating disorders.
  • Intellectual property infringement — Content that violates third-party copyright, trademark, or other intellectual property rights.
  • Spam — Unsolicited bulk messaging or automated sending.
  • Illegal activity — Any use that violates applicable law in your jurisdiction or ours, including coordination of illegal acts.
  • Identity misrepresentation — Using the Business Card feature to impersonate a real person, company, brand, or institution you do not represent. This includes but is not limited to using the name of a registered company, public figure, government body, or protected trademark without authorisation.

Large Plan postbox holders are solely responsible for the accuracy of their Business Card information. By saving Business Card details, you confirm that the information represents your genuine identity or organisation. VppBox reserves the right to immediately suspend postboxes reported for identity misrepresentation — without refund and without prior notice. Verified complainants (companies, institutions, or individuals with documented proof of identity) may request suspension by contacting legal@vppbox.com with supporting evidence.

What we can and cannot do

Because VppBox uses zero-knowledge encryption, we cannot read the content of any message. We cannot proactively detect prohibited content. We rely on technical signals, usage patterns, and user reports.

Our position: “We are a carrier, not a publisher.” We deliver letters; we do not author, moderate, or store them in readable form. This is not a shield for prohibited use — it is an accurate description of our technical architecture.

Age requirement

VppBox is intended for users aged 16 and over. By using the service, you confirm you meet this minimum age. If we become aware that a postbox is operated by a person under 16, we will close the postbox and delete associated data. (EU DSA Article 28 — minor protection.)

Reporting abuse

Two channels:

  • Public reporting form (recommended for most cases): vppbox.com/abuse — DSA Article 16 Notice and Action mechanism.
  • Email for sensitive or legal matters: legal@vppbox.com — preferred for verified complainants (companies, institutions, legal counsel) with supporting documentation.

Include the postbox number and a clear description of the issue. We review every report and take appropriate action, which may include immediate postbox suspension.

Enforcement

  • Confirmed violations result in immediate postbox suspension without refund.
  • CSAM violations are reported to the relevant law enforcement authority without exception.
  • Repeat violations from the same device may result in permanent exclusion.
  • All enforcement decisions are recorded with reason for audit and transparency (DSA Article 17).

Appeals

If your postbox has been suspended or closed and you believe this was in error, you may appeal within 30 days of the action by emailing legal@vppbox.com from the verified email address associated with the postbox. Include the box number and your reasoning. We will review the appeal and respond within 14 days. Successful appeals result in postbox reinstatement; unsuccessful appeals are recorded and the action stands. (EU DSA Article 17 — internal complaint-handling system.)

DMCA

VppBox voluntarily complies with DMCA takedown principles. However, because message content is encrypted and unreadable to us, we cannot access, review, or remove specific letter content. If you believe your copyrighted work has been transmitted through VppBox, contact legal@vppbox.com with full details.