Gmailytics

1. What We Access

Gmailytics accesses your Gmail account through Google OAuth to provide email analytics. We only access email metadata, which includes:

• Sender email addresses and names
• Email subject lines
• Date and time emails were received
• Read/unread status
• Gmail labels (categories like Social, Promotions)

We never access, read, or store the actual content of your emails.

2. How We Use Your Information

We use the accessed metadata to:

• Generate email volume charts and trends
• Identify your top email senders
• Show daily email activity patterns and trends
• Categorize emails by type (work, personal, social, etc.)
• Perform actions you request: trash or archive emails

3. Data Storage

We never store the content of your emails. We do not store email bodies, subject lines, or attachments. Here is what we do store:

Account information:

• Your email address and account creation date
• Aggregate cleanup statistics: total emails cleaned and total storage freed

Cleanup history:

• For each cleanup action you take (trash, archive), we store the sender email address, sender name, number of emails affected, and timestamp
• This allows you to view your cleanup history and undo actions across devices

Inbox snapshots:

• Aggregate statistics from each scan: total email count, storage used, unread count, number of unique senders, and email category breakdown
• These are summary numbers only — no individual email data is stored

Temporary data:

• Your OAuth tokens are stored in httpOnly cookies in your browser and transmitted only over HTTPS
• Email metadata is fetched from Gmail's API when you use the dashboard and may be temporarily cached on our server (up to a few minutes) to improve performance
• Your browser caches email metadata locally for faster loading — you can clear this anytime by disconnecting

In summary: we store your email address, cleanup action history (sender names and counts), and aggregate inbox statistics. We never store email content, subject lines, or attachments.

4. Data Sharing and Disclosure

We do not sell, rent, trade, or share your Google user data with any third parties. Specifically:

• We do not share your email metadata, cleanup history, or account information with advertisers, data brokers, or any other external parties
• We do not transfer your Google user data to third parties for their own purposes
• We do not use your Google user data for advertising, market research, or profiling
• Your Google user data is only used internally to provide and improve Gmailytics's core functionality as described in this policy

The only circumstances under which we would disclose your data are:

• If required by law, regulation, or valid legal process (e.g., a court order or subpoena)
• To protect the rights, safety, or property of Gmailytics, our users, or the public

5. Data Protection

We implement the following security measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
• Encryption at rest: Your stored data (account info, cleanup history, inbox snapshots) is held in a database with encryption at rest enabled
• Secure token storage: Your Google OAuth tokens are stored in httpOnly, secure, SameSite cookies — they are never exposed to client-side JavaScript or third-party scripts
• Minimal data collection: We only access the minimum data necessary to provide our service — email metadata, never email content or attachments
• No persistent email storage: Email metadata fetched from Gmail is processed in memory and temporarily cached for performance. It is not permanently stored on our servers
• Access controls: Database access is restricted to the application only, protected by environment-level credentials that are not exposed publicly

6. Third-Party Services

Gmailytics uses Google's Gmail API to access your email metadata. Your use of Gmailytics is also subject to Google's Privacy Policy and Terms of Service. We use the gmail.modify scope, which allows us to read email metadata and perform actions you explicitly request, such as trashing or archiving emails. We never perform any actions on your emails without your direct instruction.

Gmailytics's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We use Ahrefs Analytics to collect anonymous usage data such as page views and feature usage. This helps us understand how the product is used and improve it. Ahrefs does not receive any of your email data or Gmail account information.

7. Data Retention

We retain your account data and cleanup history for as long as your account is active. If you request deletion of your account, we will delete all your stored data (account info, cleanup history, and inbox snapshots) within 30 days. Disconnecting from the dashboard clears all locally cached data from your browser immediately.

Temporary server-side caches of email metadata are automatically purged within minutes and are not retained after your session ends.

8. Your Rights

You have full control over your data:

• Revoke access anytime through your Google Account settings at myaccount.google.com/permissions
• Disconnect from Gmailytics to clear all locally cached data
• Request complete deletion of your account and all stored data (account info, cleanup history, and inbox snapshots) by contacting us at jacob@gmailytics.com

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, your data, or security concerns, contact us at jacob@gmailytics.com.

Non-Affiliation Disclaimer: Gmailytics is an independent product and is not affiliated with, endorsed by, or connected to Google LLC or Gmail.