Privacy Policy

Last updated: 2025-12-18

1. Who We Are

Security Internet Develop ("we", "us", or "our") develops software applications for Windows, including Yiaitool Mail App – Mail for All Mailbox. This Privacy Policy explains how we access, use, protect, and do not share or store Gmail user data when you connect a Gmail account via Google OAuth.

2. What Information We Access

When you connect your Gmail account via Google OAuth, the app accesses Gmail data strictly to provide email client functionality. These may include:

• Email messages and associated metadata (sender, recipients, subject, date, labels).
• Message content (text, HTML) and attachments.
• Labels and mailbox folder structure.
• Information needed to send emails on your behalf.

3. How We Use Gmail Data

We use Gmail data only for the features you explicitly request in the app:

• Displaying your inbox and messages.
• Reading, searching, organizing messages.
• Composing, replying, forwarding, and sending emails.
• Providing unified inbox and categorized views.

4. Additional Google Data Usage Details

For further details on exactly what Gmail data is accessed, how we securely handle it, and the OAuth scopes used, please visit our dedicated information page:

👉 How Yiaitool Mail App uses Google (Gmail) data

5. How We Protect Sensitive Data

Yiaitool Mail App treats Gmail user data and authentication tokens as sensitive. Because the app is a client-only desktop application, **all sensitive data is processed and stored only on the user’s device**. We implement the following protections:

5.1 Local Only Processing

The app does not send Gmail content or sensitive tokens to any server we control. All Gmail interactions occur directly between the user’s device and the Gmail API.

5.2 OAuth Token Protection

• Storage method: OAuth access and refresh tokens are stored locally using Windows secure storage mechanisms (e.g., DPAPI / Credential Locker).
• Protection measures: Tokens are never logged, never included in URLs, and are encrypted by the operating system’s secure store.
• Retention & deletion: Tokens are cleared when the user disconnects the Gmail account within the app, or when the account is revoked from Google’s account settings.

5.3 Local Email Metadata

• Storage method: Minimal email metadata (such as message IDs, thread IDs, subject, headers, and labels) is stored locally in an encrypted database (e.g., SQLCipher or equivalent encryption).
• Protection measures: The database is encrypted at rest and is accessible only by the app process running under the user’s credentials.
• Retention & deletion: This metadata is deleted when the user disconnects the Gmail account or manually clears the local cache.

5.4 Email Bodies and Attachments

• Usage method: Message bodies and attachment content are retrieved on demand and processed in memory or in the OS temporary cache.
• Protection measures: These contents are not written to permanent storage by the app and are protected by the operating system’s security model.
• Retention & deletion: No long-term storage is performed; content is fetched from Gmail API as needed.

5.5 App Configuration and Logs

• Application settings and UI preferences are stored locally under the user profile and do not contain sensitive tokens or message bodies.
• Diagnostic logs, if enabled, are designed not to contain credentials or Gmail content and can be manually cleared by the user.

6. No Sharing or Server Storage

We will never share, transfer, sell, or disclose your Gmail data, tokens, or local cache with any third party or organization, including for marketing, analytics, or advertising. We do not store Gmail data on any server — all data access, processing, and local storage occur only on your device.

7. Your Choices

• You can disconnect your Gmail account at any time inside the app.
• Uninstalling the app will remove all locally stored data on your device.
• You can manually clear local cache or request deletion of any data we hold (if any) by contacting us.

8. Children’s Privacy

Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy from time to time. The updated version will be posted here with a revised “Last updated” date.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at:
jingzhounewcom412@hotmail.com