How Yiaitool Mail App Uses Your Google (Gmail) Data

Yiaitool Mail App – Mail for All Mailbox is a client-only Windows desktop email application. The app connects directly from the user’s device to Google OAuth and the Gmail API, without any backend servers. We access Gmail data only to provide the core email client functionality that you request.

OAuth Scopes We Request

The app requests the following authorization scope:

• https://mail.google.com/
  This is a restricted scope that provides wide access to Gmail user data, including reading, composing, sending, and managing Gmail messages as needed for complete email client functionality. It is necessary to implement features such as reading mail, updating labels, deleting or archiving messages, and managing threads, which cannot be fully supported by narrower scopes alone.

How We Use Gmail Data

We use Gmail data only for the following features:

• Displaying messages, threads, and message details (sender, recipients, subject, date, labels).
• Reading, searching, and organizing your inbox.
• Composing, replying, forwarding, and sending emails.
• Archiving and managing message states (read/unread, labels).

We do not use Gmail data for advertising, analytics, profiling, or any purpose beyond providing these explicit email client functionalities. This access is only available after the user has granted consent in the Google OAuth authorization flow.

Security and Data Protection Measures

We consider Gmail user data and access tokens to be highly sensitive. Because the app operates entirely on the user’s device, all sensitive data is processed locally and is never stored or processed on any server we control. We implement industry-standard security practices to protect this data:

• Local encryption: OAuth tokens and sensitive local data are stored using the operating system’s secure store (e.g., Windows DPAPI / Credential Locker).
• Encrypted local cache: Minimal email metadata (IDs, labels, status) is stored in an encrypted local database; full message bodies and attachments are used transiently and not permanently stored.
• In-memory processing: Message content and attachments are only held in memory or OS temporary cache while being displayed and are never written to persistent server storage.
• No server transmission: All Gmail data access occurs directly between the user’s device and Google APIs, and no restricted data is transmitted or stored on our servers.
• Token security: OAuth tokens are never logged, never placed in URLs, and are only accessible by the app process under the user’s account context.

User Control and Data Removal

You remain in full control of your Gmail connection and any local data:

• You can disconnect your Gmail account at any time from within the app.
• Once disconnected, the app stops accessing your Gmail account via the API.
• Locally cached data and tokens are removed when you uninstall the app or manually clear local app data.

Compliance with Google API Services Policy

Yiaitool Mail App complies with the Google API Services User Data Policy , including the Limited Use requirements for restricted scopes. All data access, usage, retention, and security practices are fully disclosed in this document and in our Privacy Policy. The scope requested matches the functionality described and is necessary for full Gmail client operations.

For additional details on how your Gmail data is used and protected, see our Google Data Usage page and Privacy Policy.