Privacy policy draft

Privacy Policy

This page is written to be clear enough for users and useful for Google OAuth review. It should be reviewed by counsel before public release.

Effective date: Draft for early access.

Overview

MailRight is a desktop email client for Gmail and Google Workspace accounts. The product is designed to connect directly from the user's device to Google APIs after the user grants permission. MailRight does not require a MailRight-operated cloud mail sync server to read or search your email.

Google user data

When you connect a Google account, MailRight may request access to Google user data only for product features you enable. Depending on the features in use, this may include Gmail messages and labels, drafts, send-as aliases, attachments, Calendar events, Contacts, Tasks, Meet spaces, and Drive files.

MailRight uses this data to provide the desktop mail and Workspace features shown in the app: syncing mail, showing inboxes, searching, composing, sending, organizing messages, displaying contacts, creating tasks or events, joining meetings, and attaching or saving files when requested by the user.

MailRight's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Storage

MailRight stores app data locally on your device. Mail metadata, cached message content, settings, and indexes may be stored in an encrypted local database. OAuth refresh tokens are stored in the Windows Credential Manager.

MailRight does not sell your email data, contact data, calendar data, Drive data, or AI prompts.

Sharing and processors

MailRight does not share Google user data with third parties except where necessary to provide a feature the user explicitly enables, comply with law, or protect the app and users. Examples:

  • If you enable an AI provider, selected message content may be sent to that provider for the requested action.
  • If you enable translation, selected content may be sent to the translation provider you configure.
  • If you enable cloud link safety checks, suspicious URLs may be sent to the configured risk service for a verdict.

These features should be off by default and disclosed in-product before content leaves the device.

AI and automation

MailRight does not need AI to provide core mail features. AI features are optional. If enabled, MailRight should show which provider is used and what content will be sent before the action runs. Provider keys are stored locally where practical.

Telemetry

MailRight is designed with no telemetry by default. If crash reports or diagnostics are added later, they should be opt-in and should not include message bodies, recipient lists, attachments, or OAuth tokens.

Data deletion

Users should be able to remove a connected account from MailRight. Removing an account should delete its local cache and token from the device. Users can also revoke app access from their Google Account settings.

Security

MailRight is built with a local encrypted cache, token storage in Windows Credential Manager, safe HTML rendering, and safety rails for risky actions. No desktop email client can guarantee that every email, link, or attachment is safe.

Contact

Questions about privacy can be sent to hello@heardright.app.