Privacy Policy

Last updated: June 2025

Mail in Sync ("we", "us", or "our") operates the Mail in Sync service. This policy describes what data we collect, how we use it, and your rights regarding that data.

Information we collect

We collect the minimum data required to operate the service:

  • Account information — your email address and a hashed password used for authentication.
  • Source account credentials — your Yahoo (or other provider) email address and app-specific password, stored encrypted at rest using AES-256.
  • Gmail OAuth tokens — a refresh token obtained via Google OAuth, stored encrypted, used only to deliver emails to your Gmail inbox.
  • Sync metadata — counts of emails synced, sync run timestamps, and error logs. We do not store the content of your emails.
  • Usage logs — IP address and timestamps for authentication events, retained for 90 days for security purposes.
How we use your information
  • To authenticate you and operate the sync service on your behalf.
  • To send transactional emails: account verification, password reset, and sync failure notifications.
  • To detect and prevent abuse of the service.
  • We do not sell your data. We do not use your data for advertising.
Data retention and deletion

You can delete your account at any time from the Account page. Upon deletion, all your credentials, sync configuration, and history are permanently removed within 24 hours. Emails already delivered to Gmail are unaffected.

Third-party services

Mail in Sync connects to Google's Gmail API on your behalf, subject to Google's Privacy Policy. We use Supabase for database hosting; your encrypted data is stored in their US-East infrastructure. No other third parties have access to your data.

Contact

Questions? Email us at privacy@emailsync.app.