Last updated: 2026-04-19. Plain-language version. If any part is unclear, read it as strictly as possible and email the operator before using the site.
hereornot.xyz is a pseudonymous, end-to-end encrypted mailbox. The operator cannot read your direct messages or files. You agree not to rely on this service for anything where data loss or delivery failure would harm you — this is a hobby service provided as-is.
The service is provided "as is", without warranty of any kind. The operator is not liable for lost messages, lost files, lost mailboxes, failed deliveries, downtime, data corruption, or any other damage. Do not use this service for anything you cannot afford to lose.
You are solely responsible for what you send and post. You agree not to use the service to:
If the operator becomes aware that content you posted violates these terms, it may be removed without notice. If the operator becomes aware of likely criminal content on a public profile (bio, avatar, handle), it will be removed and, where legally required, reported.
Direct messages and attached files are end-to-end encrypted using keys controlled by you. The operator sees only ciphertext. Public profiles (handle, optional bio, optional avatar) are not encrypted and are visible to anyone who browses the directory or visits your profile URL.
Your private key is generated in your browser and encrypted with your password. The operator never sees the decrypted key. If you forget your password and lose your 12-word recovery phrase, your mailbox cannot be recovered. Do not contact the operator to ask for recovery — it is cryptographically impossible.
Messages expire according to the sender's chosen expiry (1 hour to 30 days, or "never"). Expired ciphertext is purged from storage. Attachments follow the same rules. Deleted messages are purged on a best-effort basis within 24 hours. Public profile data is retained until you delete your mailbox.
The site does not use tracking cookies, third-party analytics, advertising pixels, or fingerprinting scripts. The operator's infrastructure provider (Netlify) may log IP addresses and request metadata for abuse prevention and service operation; these logs are not accessible to the operator beyond what Netlify exposes in standard dashboards and are not correlated with your pseudonym.
The operator will respond to valid legal orders from courts with jurisdiction. The operator cannot produce plaintext of encrypted messages or files because they cannot decrypt them. The operator can produce: your handle, the time your mailbox was created, the encrypted blob of your private key, and the encrypted blobs of your messages. See also the warrant canary.
If you believe a public profile violates these terms, contact the operator at the address on the canary page. Encrypted message content cannot be reviewed or removed by the operator — if you received abusive messages, use the block function, delete them, and consider involving law enforcement directly.
The operator may suspend or delete any account that violates these terms, with or without notice. You may delete your own account at any time from the profile page.
These terms may change. Material changes will be noted on the homepage for at least 14 days. Continuing to use the service after changes means you accept the updated terms.
These terms are governed by the laws of the Republic of Estonia. Any dispute shall be resolved in the courts of Estonia, unless a mandatory consumer-protection law in your country of residence requires otherwise.
See the canary page for the operator's current contact address. Because this is a pseudonymous service, the operator may also be pseudonymous.