Privacy Policy

1. Overview

This Privacy Policy describes how mailrat ("the Application", "we", "our") collects, uses, and protects information when you authorise it to access your Google account data. The Application is privately operated and is not available to the general public.

By using this Application, you agree to the practices described in this policy.

2. Information We Access

The Application requests access to the following Google user data via Google APIs:

• Gmail messages and threads — including subject lines, message bodies, sender and recipient addresses, timestamps, labels, and attachment metadata. Accessed using the OAuth 2.0 scopes https://www.googleapis.com/auth/gmail.readonly and https://www.googleapis.com/auth/gmail.modify.
• Sent mail — the ability to compose and send email on your behalf. Accessed using the scope https://www.googleapis.com/auth/gmail.send.
• Google Contacts — contact names and email addresses from your Google address book, used for address autocomplete when composing email. Accessed using the scope https://www.googleapis.com/auth/contacts.

No other Google account data (such as Calendar, Drive, or Photos) is accessed or requested.

3. How We Use Your Data

Data accessed through Google APIs is used exclusively to:

• Display your inbox, threads, and messages in the mailrat interface
• Cache messages locally in SQLite so the application works offline
• Apply Gmail labels, mark messages read or unread, and move messages to Trash
• Compose and send email, including replies and forwards, on your behalf
• Provide address autocomplete from your Google Contacts when composing
• Sync new messages and history changes from Gmail on demand

Your data is not used for advertising, analytics, profiling, training machine learning models, or any purpose other than the email management functions described above.

4. Data Storage and Retention

The Application stores the following data locally on the machine where it is run:

• OAuth tokens — an access token and refresh token issued by Google are stored in a local credentials file on the host machine. These tokens are used solely to authenticate requests to Google APIs on your behalf.
• Email cache — message metadata, bodies, and attachment binaries are cached in a local SQLite database (~/.mailrat/) to enable fast, offline-capable access. This data is a local mirror of data already held by Google and remains under your control.
• Contacts cache — contact names and email addresses are cached locally in the same SQLite database for address autocomplete.

No data is transmitted to any server operated by the Application's developer. All network communication occurs directly between the host machine and Google API endpoints.

OAuth tokens are retained until you revoke access via your Google Account permissions page or until the local credentials file is manually deleted. The SQLite cache can be removed by deleting the ~/.mailrat/ directory.

5. Data Sharing and Disclosure

We do not sell, rent, trade, or share your Google user data with any third party, including:

• Advertisers or analytics providers
• Data brokers
• Other users or organisations
• AI model training pipelines

Your data is never transmitted to any server other than Google's own API endpoints (gmail.googleapis.com, people.googleapis.com). The Application acts solely as a local client that reads and writes data directly between your machine and Google.

6. Google API Services User Data Policy

The Application's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements. Specifically:

• Access to Google user data is limited to providing the email and contacts management features described in this policy.
• Google user data is not used to develop, improve, or train generalised AI or machine learning models.
• Google user data is not transferred to third parties except as necessary to provide the Application's functionality (i.e. communicating directly with Google's own API endpoints), and only with your explicit authorisation.
• Humans do not read your Google user data unless you explicitly share it or we are required to do so by law.

7. Security

OAuth credentials and the local email cache are stored on the host machine under ~/.mailrat/. These files are never transmitted to any remote server operated by the Application's developer. Access to the host machine and the security of these files is the responsibility of the operator. We recommend ensuring appropriate file system permissions are set on the ~/.mailrat/ directory so that only your user account can read its contents.

8. Your Rights and Choices

You may at any time:

• Revoke access — remove the Application's access to your Google account at myaccount.google.com/permissions . Revoking access immediately invalidates all stored OAuth tokens.
• Delete local data — remove the ~/.mailrat/ directory from the host machine to delete all locally stored credentials and cached email data.
• Request information — contact us at the address below to request details about what data the Application has accessed on your behalf.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date at the top of this page. Continued use of the Application after changes are posted constitutes your acceptance of the revised policy.

10. Contact

If you have any questions or concerns about this Privacy Policy or the Application's data practices, please contact the operator at rajasuperman@gmail.com or via the domain rsubr.in.