Privacy Policy
Last updated: June 9, 2025
🔒 Privacy First Promise
Your emails never leave your device. All analysis happens locally in your browser. We never see, store, or have access to your email content.
Our Privacy-First Approach
MailMop is designed with privacy at its core. We believe your email data belongs to you, which is why our app operates primarily on your device rather than our servers.
Local-First Processing: All email analysis happens directly in your browser. Your emails and their contents never leave your device or pass through our servers.
No Email Content Storage: We don't store, process, or have access to the contents of your emails. The app only accesses email metadata (such as sender information and unsubscribe links) to provide its functionality.
📊 Exactly What Data We Collect on Our Backend
While your emails stay local, we do collect minimal data on our servers (Supabase) for essential functionality. Here's exactly what we store and why:
User Account Data
- Google Email Address: Used for account identification and login
- Google User ID: Unique identifier from Google OAuth
- Account Creation Date: When you first signed up
- Last Login Date: For account security purposes
Why: Required for authentication and account management
Beta Access Management
- Beta Whitelist Status: Whether you have beta access
- Waitlist Position: If you're on the waitlist
- Access Granted Date: When beta access was provided
Why: To manage beta program access and notify users when ready
Action Analytics
- Action Type: "delete", "unsubscribe", "mark_read", "apply_label"
- Action Count: How many emails were affected
- Timestamp: When the action was performed
Why: To understand feature usage and improve the product
What we DON'T store: Email content, sender names, subject lines, or any personal information from your emails
Subscription Data (If Applicable)
- Stripe Customer ID: For billing management
- Subscription Status: Active, inactive, cancelled
- Plan Type: Free or premium
- Billing Cycle: Monthly or annual
Why: To manage billing and provide appropriate access levels
Aggregated Usage Statistics
- Total Analysis Count: How many inbox analyses have been performed
- Total Actions Count: How many email actions have been taken
- Daily/Weekly Totals: Aggregated numbers for landing page stats
Why: To display usage statistics on our landing page and track product growth
🚫 What We Absolutely DO NOT Collect
- ❌ Email content or body text
- ❌ Email subject lines
- ❌ Sender names or email addresses from your inbox
- ❌ Recipient information
- ❌ Email attachments
- ❌ Detailed analysis results
- ❌ Your Gmail folder structure
- ❌ Contact lists or email histories
- ❌ Any personally identifiable information from your emails
Gmail API Access
MailMop uses the Gmail API to analyze your inbox locally. We request full Gmail scope to enable advanced queries, but all processing happens in your browser:
- Metadata Access: Sender, date, subject, labels (processed locally only)
- Email Actions: Delete, unsubscribe, mark as read, apply labels (when you request them)
- Search Capabilities: Advanced filtering and bulk operations
Your Gmail tokens (access and refresh tokens) are stored securely in httpOnly cookies and your browser's memory. They are never transmitted to or stored on our servers permanently.
Data Security & Infrastructure
The minimal data we do store is protected using industry-standard security:
- Encryption: All data encrypted in transit (HTTPS) and at rest
- Supabase: Our database provider with enterprise-grade security
- Access Controls: Strict database access controls and authentication
- Regular Security Audits: Ongoing security assessments and updates
- Google CASA Assessment: Undergoing Google's security review process
Data Sharing & Third Parties
We do not sell, rent, or share your personal information with third parties, except:
- Service Providers: Supabase (database), Vercel (hosting), Stripe (payments) - all with strict data protection agreements
- Legal Requirements: Only if required by law or to protect our rights and users' safety
- Business Transfers: In the unlikely event of a merger or acquisition, with the same privacy protections
Your Rights & Data Control
You have complete control over your data:
- Access: View all data we store about you
- Delete: Remove your account and all associated data
- Revoke Access: Disconnect MailMop from your Google account anytime
- Data Export: Request a copy of your stored data
- Corrections: Update or correct your account information
To exercise these rights, contact us through our support channels.
Source Code Transparency
MailMop is source-available, meaning you can inspect our code to verify our privacy claims:
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the date at the top of this policy and, for significant changes, we'll provide more prominent notice through the app or email. Your continued use of MailMop after any changes constitutes acceptance of the updated policy.
Contact & Questions
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
- GitHub Issues: Report privacy concerns
- Website: mailmop.com