fixture.email
Start trial

Privacy Policy

Last updated: June 17, 2026

This Privacy Policy explains how j6integrated LLC, which operates the fixture.email email-testing service (the “Service”), collects, uses, shares, and protects information. fixture.email is a business-to-business developer tool: you use it to test email in software you own or are authorized to test. By using the Service you agree to this Policy. Capitalized terms not defined here have the meaning given in our Terms of Service.

1. Information we collect

Information you provide

  • Account and organization data — the email address you sign up with and the organization it belongs to. Access to the Service is scoped to an organization.
  • Payment data — your subscription is processed by Stripe. We do not see or store full card numbers; we retain only billing identifiers and status (such as your Stripe customer and subscription IDs, plan, and trial state) needed to run your account.
  • Credentials you create — API keys and webhook (callback) signing secrets. API keys are stored only as a one-way hash; the plaintext is shown once and never stored, so we cannot recover it for you.

Customer Content

To provide the Service we process the test email you send, receive, or store through it — message subjects, bodies, headers, attachments, links, and the mailbox addresses and callback URLs you configure (together, “Customer Content”). This content is whatever your tests put through the Service; you control it and are responsible for its lawfulness. The Service is for testing — do not put real personal data, payment-card data, health data, or other sensitive data into test mailboxes.

Information collected automatically

When you use the Service we automatically collect technical and usage data such as IP address, request metadata, timestamps, and error and audit logs, generated by our infrastructure provider (Cloudflare) to operate, secure, and debug the Service.

2. Cookies and analytics

The Service is API- and agent-first and does not run advertising or cross-site tracking cookies. Our public pages and the sign-in flow use only the strictly necessary cookies and security mechanisms (for example, Cloudflare bot-management and Cloudflare Access session cookies) required to load the site and authenticate you.

3. How we use information

  • provide, maintain, and improve the Service and process Customer Content on your instructions;
  • create and manage your organization, authenticate access, and mint and verify API keys;
  • process payments, manage trials and subscriptions, and send related billing notices;
  • send service, security, and support communications (see the Terms’ electronic-communications consent);
  • monitor for, prevent, and respond to abuse, fraud, security incidents, and violations of our Terms, including enforcing sending quotas and bounce/complaint thresholds;
  • comply with law and enforce our agreements.

4. How we share information

We do not sell your personal information. We share it only as follows:

  • Subprocessors who run the Service: Cloudflare (compute, storage, databases, network security, and email delivery) and Stripe (payment processing). They process data on our behalf under their own terms and security commitments.
  • Legal and safety: when we believe disclosure is reasonably necessary to comply with law or legal process, enforce our Terms, or protect the rights, safety, and security of our users, the public, or j6integrated LLC.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

5. Data retention

Customer Content is transient test data: messages and their stored objects are deleted on a rolling schedule and when you delete a mailbox or your account, subject to short-lived, best-effort deletion retries in our storage layer. We keep account, organization, and billing records for as long as your organization is active and for a reasonable period afterward to meet legal, tax, accounting, and dispute-resolution obligations; Stripe retains payment records under its own retention rules. Revoked API keys remain only as a hash for audit and abuse-prevention.

6. Data security

We protect data with encryption in transit and at rest, one-way hashing of API keys, organization-scoped access controls, and authentication of the agent interface through Cloudflare Access. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security; you are responsible for keeping your API keys and signing secrets confidential and for not sending sensitive real data into test mailboxes.

7. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict certain processing. You can exercise many of these directly — deleting mailboxes and messages, revoking API keys, or canceling your subscription — or by contacting us at support@fixture.email. For Customer Content we process on your behalf, we will refer requests from your end users to you as the controller. We will respond within the time required by applicable law.

8. California privacy rights

If you are a California resident, the CCPA/CPRA gives you rights to know, access, correct, and delete your personal information and to be free from discrimination for exercising them. We do not sell or share personal information for cross-context behavioral advertising. To make a request, contact support@fixture.email.

9. International data transfers

We and our subprocessors operate globally, and your information may be processed in the United States and other countries whose data-protection laws may differ from yours. Where required, we rely on appropriate safeguards for such transfers. By using the Service you understand your information may be transferred and processed as described here.

10. Children’s privacy

The Service is a developer tool intended for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us and we will delete it.

11. Changes, and how to contact us

We may update this Policy from time to time; the “Last updated” date reflects the current version, and material changes will be notified through the Service or by email. Continued use after changes take effect constitutes acceptance.

Questions or privacy requests: support@fixture.email. The data controller is j6integrated LLC.

Privacy questions and requests: support@fixture.email.