What is a temporary email address?

A temporary email address is a real, working inbox that receives emails like any normal address. It does not require an account or registration. The inbox automatically deletes itself after one hour.

Is TempEmail free to use?

Yes. TempEmail is completely free. There are no plans, no usage limits, and no credit card required.

How long does a temporary email inbox last?

The inbox stays active for one hour from when it was created. After that, the address and all emails in it are permanently deleted. You can bookmark the page URL to return to the same inbox within that window.

Can I choose my own temporary email address?

Not at the moment. Addresses are randomly generated each time you visit. Custom addresses are planned for a future update.

Can I send emails from a temporary email address?

No. TempEmail is a receive-only inbox. You can read emails sent to your temporary address but you cannot send emails from it.

What are legitimate uses for a temporary email address?

Common legitimate uses include testing your own application's email flows, signing up as a new user to test your product's onboarding experience, protecting your inbox while researching vendors or services, short-term project registrations, and maintaining privacy on public or shared computers.

Why didn't I receive the email I was expecting?

Some services actively block disposable or temporary email domains. If you did not receive an expected email, the sender may have rejected the address. This is the sender's decision and cannot be overridden.

Is my temporary email inbox private?

The inbox has no password, but the address is randomly generated and long enough that it cannot realistically be guessed. Do not use it for anything sensitive like banking or private communications.

Can I use TempEmail on my phone?

Yes. TempEmail works on any device with a browser, including mobile phones and tablets. Copy the address and emails will appear in real time just like on desktop.

What Happens to Your Temp Email Inbox After One Hour?

You've opened a temporary inbox, received what you needed, and now you're wondering — what actually happens when the hour is up? Maybe you're a developer who wants to understand the system before using it in testing. Maybe you're a privacy-conscious user who wants to know exactly what the expiry means. Either way, here's the complete, honest answer.

The short version: everything is permanently deleted. The email address, the session, every message in the inbox — all of it is removed from the database at expiry. Not archived. Not anonymised and kept for analytics. Not soft-deleted with a flag that could be reversed. Deleted — as in, the database records are gone. There is no "recycle bin" and no backup retention that would allow anyone, including us, to bring that data back.

If that's all you needed to know, you have your answer. But if you want to understand the reasoning behind it, the exact technical timeline, and what this means in practice for different use cases, read on.

Why Auto-Deletion Is a Feature, Not a Limitation

Most people's first instinct is to think of expiry as a restriction — something being taken away from them. It feels like a countdown to losing access. But it's actually the central design feature of a temporary email service, and it's the thing that makes the privacy guarantee meaningful rather than theoretical. Data that doesn't persist can't be breached. It can't be sold. It can't be subpoenaed. It can't be accessed by a disgruntled employee or an overly curious third party. It can't be used by anyone, for anything, after the session ends.

Compare this to leaving an old, unused account on some service you signed up for years ago. That account — and your email address, your usage history, and whatever else they collected — remains a target long after you've forgotten it exists. Every data breach you read about in the news involves data that was stored and never properly deleted. Troy Hunt, the security researcher who created Have I Been Pwned, has documented thousands of breaches over the years, affecting billions of records. The consistent pattern is always the same: companies collected data, held onto it far longer than necessary, and eventually that data was exposed. TempEmail.ai's architecture makes that entire category of problem structurally impossible for your temp inbox — because the data isn't there to be breached.

The one-hour lifetime is a deliberate engineering choice that prioritises your privacy over convenience. For the vast majority of use cases — receiving a verification email, testing a registration flow, accessing a download link, completing a sign-up process — one hour is more than enough. It's generous, in fact. Most of these tasks take minutes, not an hour. The expiry window exists to give you comfortable margin, not to rush you.

The Exact Timeline

Here's precisely what happens, step by step, from the moment you open a session to the moment your data is gone:

You visit TempEmail.ai — a new session is created with a unique email address and a 60-minute expiry timestamp stored in the database.
During that hour, emails arrive in real time via a live WebSocket connection. You see them instantly in your browser without refreshing the page.
At the 60-minute mark, the session and inbox are marked as expired in the database. No new emails can be delivered to the address.
A background cleanup service runs every 15 minutes. When it runs, it permanently deletes all expired sessions, email addresses, and every email message associated with them.
Within a short window after the expiry — at most 15 minutes — all traces of your inbox are gone from the database entirely.

"Permanently deleted" in this context means the database records are dropped entirely. They are not soft-deleted with a flag. They are not moved to an archive table. They are not retained in backups indefinitely. The records are removed from the active database. This is not a promise we make reluctantly — it's the whole point of the system's design.

The 15-minute cleanup cycle means that in the worst case, your data persists for about 75 minutes from session creation (60 minutes of active session plus up to 15 minutes before the next cleanup run). In practice, it's often shorter than that because the cleanup may run sooner after your session expires.

What Happens to Emails That Arrive After Expiry

If someone — or some automated system — sends an email to your temporary address after it has expired, the email is rejected. The address no longer exists in the system, so there is nowhere for it to be delivered. The sending mail server would receive a delivery failure notification (a bounce message), exactly as it would if it had sent an email to any non-existent address on any mail server in the world. From the sender's perspective, it's indistinguishable from sending to an address that was never valid.

This is worth noting for testing purposes. If you're using a temp mail address to test a delayed notification flow — for example, an application that sends an email hours after registration, or a drip campaign that sends a follow-up the next day — those later emails will bounce. Your temp address only exists for the hour. If your test requires receiving emails after that window, you would need to open a fresh inbox for each phase of the test or adjust your test timing to fit within the hour.

Can You Extend the Session?

No. Once an inbox has expired, it cannot be extended, renewed, or recovered. The data is gone. This is by design — if sessions could be extended indefinitely, the privacy guarantee would be meaningless. The one-hour limit is what makes the system trustworthy: you know with certainty that your data will be deleted, because the system doesn't allow exceptions.

If you're still within the hour and worried about running out of time, the important thing to understand is that the session timer is based on the creation time, not your last activity. The clock started when you first visited and created the session. Clicking around within the inbox, reading emails, or refreshing the page does not reset or extend the timer. The expiry is fixed at exactly one hour from creation.

If you need more time for a task — for example, a complex development testing session that might run longer than an hour — the straightforward approach is to open a new temp inbox when the old one expires. Each new session gets a fresh hour with a brand-new email address. Keep in mind that the new inbox will have a different address, so any accounts or services you registered with the old address won't automatically transfer. Plan your testing sessions accordingly.

The GUID in Your URL — What It Means After Expiry

Your session is tied to a unique GUID (globally unique identifier) that's stored in two places: your browser's URL as a query parameter, and your browser's localStorage. This GUID is what allows you to return to the same inbox within the hour. Close the tab, reopen it, navigate back to the URL — as long as the session hasn't expired, your inbox is still there with all its emails.

After expiry, the GUID becomes meaningless. The server no longer has any record associated with it. If you try to visit the URL, the system will recognise that the session GUID is no longer valid and will offer to create a new session instead. If you share the URL with someone, or if someone else somehow obtains it, there is nothing there after expiry — no inbox, no emails, no session data. The GUID is just a random string that pointed to something that no longer exists.

This is consistent with security best practices recommended by OWASP: session identifiers should have limited lifetimes and should not persist beyond their purpose. A session that expires quickly and contains no personally identifiable information is a session that poses minimal risk even if the URL were somehow exposed.

What About Emails That Arrived Before Expiry?

Any emails that arrived during your active session are deleted along with the session itself when the cleanup runs. There is no way to retrieve them afterward. The emails are not forwarded anywhere, not backed up, and not retained in any form. When the session goes, everything associated with it goes too.

If you received something important during your session that you need to keep — a confirmation number, an account credential, a licence key, a document download link — you should save that information before the hour is up. Copy the relevant text to a notes application, forward the essential content to your real email address, take a screenshot, or download any attachments. Once the inbox is gone, that content is not recoverable by anyone, including the team behind TempEmail.ai. This isn't a limitation we could fix if we wanted to — it's the fundamental design: data that is deleted is deleted.

Why This Is Good for Your Privacy

The auto-delete model has a meaningful privacy benefit that goes beyond just cleaning up after your testing session. Because TempEmail.ai deletes everything automatically, there is no long-term database of your usage to worry about. No record of which services you signed up for using temp addresses. No history of what emails you received. No profile being built from your usage patterns. No list of email addresses that could be correlated back to you. The absence of this data is not an oversight — it's the product.

GDPR and similar privacy regulations around the world give users the right to have their data deleted. The right to erasure — sometimes called the "right to be forgotten" — is one of the most significant rights in modern data protection law. TempEmail.ai's architecture makes this right automatic and universal: you don't need to request deletion, because deletion happens by design, for every user, every time. The UK ICO guide to data protection emphasises that data retention policies should be proactive, not reactive — and that's exactly how this system works.

In a world where data breaches are reported weekly and companies routinely hold onto data they have no business keeping, a service that genuinely deletes your data after an hour is not just convenient — it's a principled stance on how online tools should work.

Practical Guidance for Developers

If you're using temp email for development and QA testing, here's how to work effectively with the one-hour lifecycle:

For short tests — registration flows, email verification, password reset, account confirmation: one session is more than enough. Open a fresh inbox, trigger the email from your application, receive it, click the link or copy the code, and you're done. These tests typically complete in under five minutes. You don't need to worry about the timer at all.

For longer test sessions — testing notification sequences, email timing, multi-step onboarding flows, or workflows that involve waiting for delayed emails: plan your tests to complete within the hour, or structure them so that each major test phase uses a fresh inbox. Keep a record of which temp address you used for which test scenario so you can track results. If your application sends a delayed email (for example, a "welcome" email 30 minutes after registration), make sure you start the test early enough in the session to receive it before expiry.

For automated testing: never hardcode a temp email address in your test scripts. Generate a fresh address for each test run by creating a new session via the API. This ensures each test starts from a genuinely clean state — no leftover emails from previous runs, no shared state between tests. This is actually better testing practice regardless of the one-hour limit, because it eliminates a common source of flaky tests: residual data from previous test runs contaminating the current one. Using a temp mail inbox for each test run is good practice — it ensures you're testing from a genuinely clean state every time.

The Email Infrastructure Behind the Scenes

Emails sent to your temp address travel through standard internet email infrastructure — SMTP servers, DNS MX record lookups, mail routing — all governed by RFC 5321, the foundational protocol for email transmission. From the perspective of the sending mail server, your temp address is a perfectly ordinary email address hosted on a perfectly ordinary mail server. The email is delivered through normal channels, received by TempEmail.ai's infrastructure, stored in the database, and pushed to your browser in real time via WebSocket. The temporary nature of the inbox is completely invisible to anyone sending to it — until the address expires and any subsequent delivery attempt bounces.

This means that emails to your temp address are delivered with the same reliability and speed as emails to any other address. There is no special routing, no delay, and no filtering beyond standard spam protections. You get the email as fast as internet email infrastructure can deliver it — which, in most cases, is within seconds.

Set a reminder or keep an eye on the countdown timer when you start a testing session, especially if your task might run close to the hour mark. An extra moment of attention can save you from having to restart a test flow from scratch because the inbox expired while you were in the middle of something.

The Bottom Line

The one-hour lifecycle is what makes a temporary email address genuinely temporary — not just in name, but in fact. It's not a marketing label applied to a system that quietly keeps your data around. It's a hard technical constraint built into the architecture of the system. Data that automatically deletes is data that can't cause problems later — not for you, not for anyone.

The Electronic Frontier Foundation has long championed the principle of data minimisation — the idea that services should collect and retain only the data they genuinely need, for only as long as they need it. The one-hour auto-delete is that principle taken seriously. When the hour is up, the data is gone. That's not a limitation — that's the whole point.

Blog