Terms & Policies
VppBox · Last updated March 2026 · Subject to legal review prior to launch
Privacy ChoicesPrivacy PolicyResponsible DisclosureTerms: EnterpriseTerms: IndividualUsage Policy

Privacy Choices

VppBox is built around a single principle: we cannot give what we do not have. Our architecture is designed to minimise data collection at every level. VppBox is designed to make you reachable in private — anyone can write to you, no one can see what they wrote. It is not designed to make the postbox owner invisible. Your address is public. Your inbox is not.

What we collect

  • Box number — randomly assigned at creation, retained for the duration of the subscription.
  • Box type and status — Individual or Enterprise, and whether the box is active, suspended, or closed.
  • Creation timestamp — the date and time your postbox was created, retained for the duration of the subscription.
  • IP address at creation — recorded once at box creation to enforce the 12-box-per-year limit and detect abuse. Never used for tracking. Permanently deleted when the subscription ends.
  • Sender fingerprint (per letter) — a one-way hash derived from the sender's browser characteristics (user agent, timezone, language, screen resolution). Stored with the letter for abuse prevention. Automatically deleted when the letter is destroyed. If you block a sender, their fingerprint is retained in your block list until you remove it.
  • Sender IP (per letter) — recorded at the time of sending for abuse detection. Automatically deleted when the letter is destroyed.
  • Encrypted verification blob — a cryptographic token derived from your keys, used solely to verify your identity at login. We cannot read your keys or reverse this blob.
  • Encrypted private key — stored in encrypted form. We cannot decrypt it.
  • Subscription and payment metadata — retained for billing and legal compliance. Payment processing is handled entirely by our payment processing provider; we do not store card numbers or full payment details. Your payment provider knows who paid; we know only that a valid subscription exists. This distinction is intentional: VppBox is designed to be reached anonymously — your postbox address is public — not to make the postbox owner anonymous. Postbox owners are visible by choice.
  • Stamp balance — retained for the duration of the subscription to deliver the service.
  • Encrypted letter content — stored as an opaque encrypted blob for a maximum of 24 hours (or up to 7 days if Waiting Mode is enabled at your explicit request). Permanently overwritten thereafter.
  • Setup code — generated at payment, deleted immediately upon setup completion or after 7 days if unused.

What we never collect

  • Your email address — at no point, under any circumstance.
  • IP addresses after the initial box creation event.
  • Login times, session history, or access patterns.
  • Who writes to you, when, or how often.
  • Message content — encryption happens on your device before anything is sent. We receive only ciphertext and have no means to decrypt it.
  • Location data.
  • Your keys — they are never transmitted to our servers.
  • Images, files, or attachments of any kind — VppBox is a text-only service. Image and file upload is technically impossible and will never be added.

Your controls

  • Waiting Mode — off by default. If enabled, incoming letters are held encrypted on our servers at your explicit request. You acknowledge this and accept responsibility.
  • Anonymous Sender Block — off by default. If enabled, only registered VppBox users can write to you. Anonymous senders see a message that your postbox is restricted.
  • Block Sender — when reading a letter, you may block the sender. Their fingerprint is added to your personal block list. Future letters from the same sender are silently dropped — the sender sees “delivered” and is not notified. Your block list is stored on our servers and deleted when your postbox is closed.
  • Box closure — you may close your postbox at any time. All associated data is permanently and irreversibly destroyed. Unused stamps are forfeited.

Cookies

VppBox uses a single session authentication cookie, strictly necessary for the service to function. No analytics, advertising, or tracking cookies are used. No cookie consent banner is required.

Privacy Policy

This policy applies to vppbox.com and all VppBox services. VppBox operates under EU law and is subject to the General Data Protection Regulation (GDPR).

Data controller

VppBox. Legal and data protection inquiries: legal@vppbox.com

Design philosophy: reachable, not hidden

VppBox is designed for a specific purpose: to allow anyone to reach you privately, without knowing who they are. The postbox owner is visible — you share your address publicly, put it in your bio, print it on a card. What remains private is who writes to you, what they say, and when. This is the core promise of VppBox.

VppBox protects the identity of the sender, not the postbox owner. If you need to conceal your own identity from everyone including VppBox, this service is not designed for that purpose.

Transit architecture

Letters are encrypted on your device using AES-256-GCM before transmission. The server receives only an encrypted blob and has no means to decrypt it. Letters are automatically overwritten with random data and destroyed within 24 hours of delivery or 24 hours after opening — whichever comes first. This is not a policy choice; it is a technical constraint.

Our legal position: “We cannot provide what we do not have.” We do not store message content. We cannot read it, hand it over, or delete it on request — because it does not exist on our servers in readable form.

Legal basis for processing

We process personal data under Article 6(1)(b) GDPR — performance of a contract — to deliver the postbox service you have subscribed to.

Data retention

  • Box number, type, status, creation timestamp: retained for the duration of the subscription. Deleted when the subscription ends or the box is closed.
  • IP address at creation: retained for the duration of the subscription solely to enforce usage limits. Deleted when the subscription ends.
  • Sender fingerprint and sender IP per letter: retained only for the lifetime of the letter (maximum 24 hours, or 7 days in Waiting Mode). Automatically deleted when the letter is destroyed. Exception: if you block a sender, their fingerprint is retained in your block list until your postbox is closed.
  • Encrypted verification blob and encrypted private key: retained for the duration of the subscription. We cannot read either of these.
  • Encrypted letter content: maximum 24 hours after delivery or opening. Maximum 7 days if Waiting Mode is active at your explicit request.
  • Setup codes: deleted immediately after use, or after 7 days if unused.
  • Stamp balance: retained for the duration of the subscription.
  • Payment and subscription metadata: retained for the duration required by applicable law and our payment processing provider's terms. Our payment provider processes and retains payment details on their infrastructure under their own privacy policy. We retain only what is necessary to confirm a valid, active subscription.

Data breach notification

In the event of a breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33. Because message content is encrypted and unreadable to us, a breach of our servers does not constitute a breach of your message content.

Third-party processors

  • Payment processing provider — handles all payment transactions. Retains payment details (including card information and billing identity) under their own privacy policy. If you require full payment anonymity, consult their policy or use a payment method that does not link to your identity. VppBox receives only confirmation that a subscription is active — we do not receive or store card numbers.
  • Cloudflare — provides DDoS protection and CDN services. Processes encrypted traffic; cannot access message content.
  • Supabase — database hosted in Frankfurt, EU. Stores metadata and encrypted blobs only.
  • Vercel — application hosting. Processes requests but has no access to encryption keys or message content.

Your rights under GDPR

You have the right to access, rectify, or erase your personal data; to restrict or object to processing; and to data portability. To exercise these rights, contact: legal@vppbox.com. Note that because we do not collect email addresses, you will need to provide your box number to identify your account.

Responsible Disclosure

Security is central to VppBox. If you discover a vulnerability, we ask that you report it responsibly before public disclosure. We commit to responding in good faith.

How to report

Email: legal@vppbox.com — subject: Security Disclosure

What to include

  • A clear description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Your contact information (optional — anonymous reports accepted)

Our commitments

  • We will acknowledge your report within 5 business days.
  • We will investigate and provide an update within 30 days.
  • We will not pursue legal action against researchers acting in good faith.
  • We will credit researchers who wish to be named, upon request and after the issue is resolved.
  • We ask for a reasonable coordinated disclosure window before public release.

Scope

  • In scope: vppbox.com, API endpoints, client-side encryption implementation, session management, authentication flows.
  • Out of scope: Social engineering, physical attacks, attacks on third-party services (Cloudflare, Supabase, Vercel), denial-of-service attacks.

The encryption implementation is our highest-priority security surface. Reports relating to the zero-knowledge architecture will receive the fastest response.

Terms of Service: Enterprise

These terms apply to Enterprise Postbox subscriptions. By subscribing, you agree to these terms in addition to the Individual Terms below.

Subscription

  • Annual subscription only — no monthly option.
  • Your price is locked permanently. Price increases apply only to new subscribers, with 30 days advance notice.
  • Active subscriptions cannot be cancelled mid-term. Cancellation takes effect at the end of the current subscription period.
  • Box type upgrades are charged on a prorated basis. Downgrade is not available mid-term — you may select a lower tier at renewal.

Payment failure and tolerance

  • If payment fails, a 3-day grace period begins. Your payment provider will retry automatically.
  • After 3 days without payment: your postbox is locked (read access remains, no new letters accepted).
  • After a further 3 days without payment: your postbox is permanently closed and all data destroyed. Your box number returns to the available pool.
  • If a technical fault on our side causes a service outage exceeding 24 hours, your subscription is automatically extended by the equivalent period.

Enterprise features

  • Business card (display name and tagline only — no image upload) — visible to senders only. No record is kept on our servers. Image uploads are not supported and will not be added.
  • Custom box number — selected during setup from available combinations. Subject to availability; reserved combinations are not available.
  • Custom tagline — maximum 100 characters, visible to senders. Subject to our Usage Policy.

No SLA

VppBox does not provide a Service Level Agreement. We aim to provide the best possible availability but do not guarantee uninterrupted service.

Data processing

Enterprise customers subject to GDPR obligations who require a Data Processing Agreement (DPA) may request one by contacting legal@vppbox.com.

Terms of Service: Individual

These terms apply to all Individual and Enterprise postbox subscribers. By creating a postbox, you agree to these terms.

Eligibility

You must be at least 16 years old to use VppBox. By completing the setup process, you confirm that you meet this requirement. We do not knowingly collect data from individuals under 16.

Subscription and refunds

  • Annual subscription only.
  • EU consumers: during checkout, you will be asked to explicitly confirm your waiver of the 14-day right of withdrawal under EU Consumer Rights Directive Article 16(m). This is required because the service begins immediately upon activation. The confirmation is timestamped and recorded.
  • No refunds after subscription activation.
  • Your price is locked permanently as a current subscriber.
  • Price increases apply only to new subscribers, with at least 30 days advance notice.

Keys and access

  • You set two access keys during setup. These are never transmitted to or stored on our servers.
  • A 4-word backup phrase is generated during setup. This is the only way to recover access if your keys are lost. Store it somewhere safe — we cannot recover it for you.
  • If all keys and the backup phrase are lost, access cannot be recovered. The subscription runs its course and the postbox is closed at expiry.
  • After 10 consecutive failed login attempts, your backup phrase is required and both keys are reset.

Stamps

  • Stamps cannot be transferred between postboxes.
  • Purchased (permanent) stamps are retained if you renew your subscription, but forfeited if your postbox is closed.
  • Daily system stamps are refreshed each day and expire unused — they do not carry over.
  • No stamp refunds are issued under any circumstances.
  • You will be warned before closing your postbox if you have unspent stamps.

Postbox limits

  • One active postbox per device at a time.
  • Maximum 12 postboxes per device per year (open and closed combined).
  • These limits are enforced automatically and cannot be appealed.

Waiting Mode

  • Waiting Mode is off by default. Enabling it is your explicit request to hold letters on our servers.
  • Each held letter costs 1 stamp per day. If your stamp balance reaches zero, Waiting Mode deactivates automatically.
  • You accept full responsibility for letters held during Waiting Mode.
  • Maximum letters held: 50 (Individual) / 200 (Enterprise).

PDF downloads

You may download letters as PDF files. Responsibility for the storage, security and handling of downloaded PDFs rests entirely with you. VppBox has no record of downloaded content.

Termination

VppBox reserves the right to suspend or close postboxes that violate these terms or the Usage Policy, with or without notice. No refund will be issued for terminated postboxes.

Usage Policy

VppBox provides infrastructure for private text-based communication. You are solely responsible for how you use it.

This is a text-only service

VppBox transmits text only. Image uploads, file attachments, and embedded media are technically impossible and will never be supported. This is a deliberate architectural decision, not a temporary limitation. Links in letters are rendered as plain, non-clickable text to prevent phishing.

Prohibited use

  • CSAM — Child sexual abuse material. Zero tolerance. Any attempt will be reported to law enforcement immediately. Image transmission is technically impossible on VppBox; any attempt to circumvent this is a serious violation.
  • Harassment and threats — Targeted abuse, threats of violence, or sustained harassment of any individual.
  • Intellectual property infringement — Content that violates third-party copyright, trademark, or other intellectual property rights.
  • Spam — Unsolicited bulk messaging or automated sending.
  • Illegal activity — Any use that violates applicable law in your jurisdiction or ours.
  • Identity misrepresentation — Using the Business Card feature to impersonate a real person, company, brand, or institution you do not represent. This includes but is not limited to using the name of a registered company, public figure, government body, or protected trademark without authorisation.

Enterprise postbox holders are solely responsible for the accuracy of their Business Card information. By saving Business Card details, you confirm that the information represents your genuine identity or organisation. VppBox reserves the right to immediately suspend postboxes reported for identity misrepresentation — without refund and without prior notice. Verified complainants (companies, institutions, or individuals with documented proof of identity) may request suspension by contacting legal@vppbox.com with supporting evidence.

What we can and cannot do

Because VppBox uses zero-knowledge encryption, we cannot read the content of any message. We cannot proactively detect prohibited content. We rely on technical signals, usage patterns, and user reports.

Our position: “We are a carrier, not a publisher.” We deliver letters; we do not author, moderate, or store them in readable form. This is not a shield for prohibited use — it is an accurate description of our technical architecture.

Reporting abuse

To report abuse: legal@vppbox.com. Include your box number and a description of the issue. We will investigate and take appropriate action, which may include immediate postbox suspension.

Enforcement

  • Confirmed violations result in immediate postbox suspension without refund.
  • CSAM violations are reported to the relevant law enforcement authority without exception.
  • Repeat violations from the same device may result in permanent exclusion.

DMCA

VppBox voluntarily complies with DMCA takedown principles. However, because message content is encrypted and unreadable to us, we cannot access, review, or remove specific letter content. If you believe your copyrighted work has been transmitted through VppBox, contact legal@vppbox.com with full details.