Cookie & Storage Policy
Last updated: 2026-04-14
1. Overview
imap.pm uses minimal browser storage for essential functionality only. There are no analytics cookies, no advertising cookies, and no third-party tracking cookies set by imap.pm.
2. Cookies
| Name | Purpose | Type | Duration | Flags |
|---|---|---|---|---|
mailsync_admin_session |
Authenticates your admin panel session. Required to access the admin interface. Without this cookie, you cannot log in. | Essential / Strictly Necessary | 24 hours | HttpOnly, Secure (configurable), SameSite=Lax, Path=/admin |
This is the only cookie set by imap.pm. It is classified as strictly necessary and does not require consent under GDPR/ePrivacy as it is essential for the service to function.
3. Local Storage (Browser)
imap.pm uses the browser’s localStorage API to persist user interface preferences. This data never leaves your browser and is not transmitted to the server.
| Key | Purpose | Values |
|---|---|---|
routing_wrap_rules |
Remembers whether to word-wrap long routing rule expressions in the admin table | 0 or 1 |
imap_novalidate_warn_skip_v1 |
Suppresses the repeated warning when saving an IMAP account with novalidate-cert |
1 (if suppressed) |
Theme preference (light/dark) is stored server-side in your admin user profile, not in localStorage.
4. Third-Party Cookies
imap.pm loads web fonts from Google Fonts (fonts.googleapis.com, fonts.gstatic.com). Google may set cookies or use browser storage in accordance with their own privacy policy. imap.pm does not control these cookies.
No other third-party resources are loaded on imap.pm pages. Mail preview pages load no external resources — all content is served inline.
5. Mail Preview Pages
The encrypted mail preview pages (/[token]) do not set any cookies and do not use localStorage. They are stateless HTML pages served with Cache-Control: no-store.
Email HTML content within previews is rendered in a sandboxed <iframe> with referrerpolicy="no-referrer". The sandbox prevents the email content from accessing cookies, localStorage, or any parent page data.
6. How to Manage Cookies
- Session cookie: Deleted automatically after 24 hours, or when you click “Logout” in the admin panel. You can also delete it manually in your browser settings.
- localStorage: Clear via your browser’s developer tools (Application > Local Storage) or by clearing site data for the imap.pm domain.
- Google Fonts: Block requests to
fonts.googleapis.comvia browser extensions (e.g. uBlock Origin) or your browser’s content settings. The admin interface will fall back to system fonts.
7. Do Not Track
imap.pm does not track users across sessions or sites. The Do Not Track (DNT) browser signal is respected by default because there is no tracking to disable.
8. Changes
This policy may be updated if the cookie or storage usage changes. The date at the top indicates the latest revision.