No surprises
Privacy Policy
Privacy is a first principle here, not an afterthought.
Here's exactly what happens to your data, in plain language.
Last updated: April 2026
What we never store
These things never touch our database or disk. Ever.
Your .eml file
Processed in server memory and discarded immediately. Never written to disk or stored in a database.
Email content
Subject lines, body text, sender addresses, and URLs from your email are never logged or stored.
Your IP address
Used only to enforce rate limits. Immediately hashed with HMAC-SHA256 and a secret salt. The raw IP is discarded. The hash cannot be reversed.
Attachment files
Only the SHA-256 hash of your attachments is used to query VirusTotal. Actual file bytes never leave our server.
Your identity
No user accounts. No name, email address, or any personally identifiable information collected at any point.
Scan history
We keep no record of what emails you've scanned. Each analysis is isolated and discarded. There is no log linking you to a scan.
Argus Relay: email forwarding
Argus Relay is an optional feature that lets you forward suspicious emails to relay@mailargus.tech and receive a verdict reply. It has a slightly different privacy model from the web scanner. Here's exactly what changes.
Your email address
We receive your email address as part of the forwarded message envelope. It is used solely to send your verdict reply. The raw address is never logged or stored in our database. Only an irreversible HMAC-SHA256 hash is kept for rate limiting (see below).
Rate limiting
A one-way HMAC-SHA256 hash of your email address is stored alongside a daily scan count (max 3/day). The raw address cannot be recovered from this hash. The record resets daily.
Forwarded email content
When you forward an email to Argus Relay, it is briefly received by our mailbox on Namecheap's mail servers and deleted immediately after processing. It is never written to our application database. The same third-party services (Claude AI, urlscan.io, VirusTotal, Google Safe Browsing) receive the same extracted fields they would from a web scan.
Namecheap mail infrastructure
Inbound and outbound relay emails pass through Namecheap Private Email servers, which handle delivery. Namecheap will have a server-side record of the email transaction. We have no control over Namecheap's own retention policies.
What we do collect
Two minimal data points, both anonymous.
Rate limiting counters
A one-way hash of your IP, the date of your scans, and a count of scans used that day. This exists solely to enforce the daily scan limit and contains nothing that identifies you.
Aggregate analytics
Anonymous totals: scans per day, verdict counts, API performance metrics, and country-level geographic counts (e.g. "3 scans from Germany today"). No user-level information whatsoever. These stats power the public counter on the home page.
Third-party services
Four external services are involved in every scan. Here's exactly what each one receives.
Anthropic (Claude AI)
Receives extracted email fields: headers, auth results, body text, URLs. Raw .eml bytes are never transmitted. Governed by Anthropic's privacy policy.
urlscan.io
Receives the main CTA URL for a live browser scan. Uses unlisted visibility. Never appears in public search results. Governed by urlscan.io's terms.
VirusTotal
Receives the SHA-256 hash of attachments (never file bytes) and the final destination domain for a reputation check. Governed by VirusTotal's privacy policy.
Google Safe Browsing
The final destination URL is checked against Google's Safe Browsing threat database. Only the URL is transmitted. No identifying information. Governed by Google's privacy policy.
ipinfo.io (geo lookup)
Your IP address is sent to ipinfo.io to resolve a country code (e.g. "US"). Only the 2-letter country code is stored. Never the IP itself. This data is used only for aggregate geographic analytics. Governed by ipinfo.io's privacy policy.
Cookies
MailArgus uses one optional cookie, HttpOnly and containing no personal information. If you use the Stargate passphrase unlock, a cookie is set to grant unlimited scans. It contains only a signed token and is valid for one year. We do not use advertising cookies, tracking pixels, or any third-party analytics.
Your rights
Because we do not store personally identifiable information, there is nothing to access, export, or delete. Rate limiting records become inactive the following day and are purged after 30 days. Aggregate statistics are retained indefinitely as they contain no personal data.