Contents
1. Overview
This Privacy Policy describes how MyEmailSpamFilter ("the App", "we", "our") handles information when you use the MyEmailSpamFilter application on Windows, Android, or any other supported platform.
MyEmailSpamFilter has no backend server. We do not collect, transmit, or store any of your data on any external server. All data remains exclusively on your device under your control.
Because there is no server-side component, this privacy policy primarily explains what information the App stores locally on your device, how that information is used, and how you can delete it.
2. Data We Handle
The App handles the following categories of information. All of this information remains on your device and is never transmitted to any server operated by us or any third party (other than authentication exchanges directly with your email provider as described below).
| Data Type | Purpose | Storage Location | Encrypted |
|---|---|---|---|
| Email address | Account identification and login | Platform-native secure storage | Yes |
| OAuth access tokens | Gmail API authentication | Platform-native secure storage | Yes |
| OAuth refresh tokens | Token renewal without re-login | Platform-native secure storage | Yes |
| IMAP app passwords | IMAP server authentication | Platform-native secure storage | Yes |
| Email headers (from, subject) | Spam rule evaluation | In-memory only (transient) | N/A - never persisted |
| Email body content | Body-text rule evaluation | In-memory only (transient) | N/A - never persisted |
| Scan result metadata | Results display and history | Local SQLite database | No (local only) |
| Spam filter rules | Email evaluation logic | Local SQLite database and YAML files | No (local only) |
| Safe sender patterns | Sender whitelist evaluation | Local SQLite database and YAML files | No (local only) |
| App and account settings | Configuration and preferences | Local SQLite database | No (local only) |
3. How Data Is Stored
All data is stored locally on your device. There are two storage mechanisms used:
-
Encrypted secure storage: Email addresses, OAuth tokens, and IMAP passwords
are stored using
flutter_secure_storage, which uses platform-native encryption: the Android Keystore on Android and the Windows Credential Manager (DPAPI) on Windows. This data is encrypted at rest and is accessible only by the App. - Local SQLite database: Scan results, filter rules, safe sender lists, and app settings are stored in a SQLite database file on your device. This file is located in the App's private data directory and is not accessible to other applications.
No data is uploaded, synced, or backed up to any cloud service by the App itself. If your device's operating system performs automated backups (for example, Android auto-backup or Windows File History), those backups may include the App's local data directory as part of normal OS behavior. You can control this in your OS or device settings.
4. Data Sharing
We do not share any of your data with any third party. There are no advertising networks, analytics services, data brokers, or any other third-party data recipients.
The only external network communication the App performs is:
- Authentication with your email provider: When you sign in to Gmail, the App exchanges credentials with Google's OAuth servers using the standard OAuth 2.0 protocol. For IMAP providers (AOL, Yahoo, Outlook.com, ProtonMail), the App connects to your provider's IMAP server using your app password. These communications are between your device and your email provider only; we are not involved.
- Email retrieval: The App connects to your email provider's servers to retrieve email headers and content for local evaluation. This is the same connection your email client would make. No intermediary server is involved.
We do not sell, rent, lease, or trade your personal data.
5. Google API Services
MyEmailSpamFilter uses the Gmail API to access your Gmail mailbox when you choose to add a Gmail account. Our use of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.
Specifically, in accordance with this policy:
- We use Gmail data solely to provide spam filtering functionality within the App. Data obtained via the Gmail API is not used for any other purpose.
- We do not use Gmail data to serve advertising or to create advertising profiles.
- We do not sell Gmail data or transfer it to third parties.
- We do not use Gmail data for creditworthiness assessment or lending purposes.
- We do not allow humans to read your Gmail data except with your explicit consent or as required by law. In practice, no human can read your data because it is never transmitted to any server we operate.
- The App requests only the minimum Gmail API scopes required to perform its function (access to your inbox to read, evaluate, and optionally move messages).
Gmail data is processed exclusively on your device. It is never transmitted to or stored on any server operated by MyEmailSpamFilter or any third party.
6. Email Content Handling
Email content (including headers such as sender address and subject, and message body text) is retrieved from your email provider's server solely for the purpose of evaluating it against your configured spam rules. This processing is entirely in-memory and transient.
- Email content is loaded into memory during a scan operation.
- The App evaluates the content against your rules and records only the result metadata (for example, the subject line, whether a rule matched, and what action was taken).
- The full email body is never written to disk or any persistent storage by the App.
- Email content is discarded from memory when the scan completes or the App is closed.
The only persistent record of an email is the scan result metadata stored in the local SQLite database. This metadata may include the email subject line and sender address to allow you to review scan history. It does not include the email body.
7. Data Retention
Data is retained on your device indefinitely until you choose to delete it. The App does not automatically expire or delete data. You are in full control of your data.
The App provides the following deletion mechanisms:
- Account deletion: Removes all credentials, scan history, and settings for that account from the App.
- App uninstall: When you uninstall the App, the operating system removes the App's private data directory, including the SQLite database. Platform-native secure storage credentials are also removed on uninstall on most platforms.
Credentials stored in the platform-native secure storage (encrypted storage) are deleted automatically when you delete an account through the App or when you uninstall the App.
8. Account and Data Deletion
You can delete your account and all associated data at any time. Because the App has no backend server, all your data resides on your device.
To delete an account from within the App:
- Open MyEmailSpamFilter.
- Navigate to Settings or Account Management.
- Select the account you want to delete.
- Tap or click Delete Account.
This action removes from your device:
- Your email address and any stored credentials (OAuth tokens or IMAP password) for that account.
- All scan result history associated with that account.
- All account-specific settings.
- The account record itself.
For complete removal of all App data, uninstalling the App will remove the SQLite database and all associated files from your device.
For step-by-step instructions accessible outside the App, see our Account Deletion page.
9. Children's Privacy
MyEmailSpamFilter is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect any personal information from children. Because the App does not collect or transmit any data to any server, there is no server-side collection risk. However, if a parent or guardian believes their child has installed and used the App, they may delete the App and all its local data by uninstalling it from the device.
10. Your Rights (GDPR and CCPA)
Depending on where you live, you may have certain rights regarding your personal data. Because MyEmailSpamFilter processes all data locally on your device and does not transmit it to any server, the practical exercise of these rights is largely within your direct control.
Rights under GDPR (European Economic Area and United Kingdom):
- Right of access: All your data is on your device. You can access scan history and settings directly within the App.
- Right to rectification: You can edit settings and rules at any time in the App.
- Right to erasure: You can delete all data by deleting accounts in the App or uninstalling the App.
- Right to data portability: Spam filter rules are stored in portable YAML format and can be exported from the App.
- Right to object: You can stop all processing by uninstalling the App.
Rights under CCPA (California):
- Right to know: This policy discloses all categories of information the App handles.
- Right to delete: You can delete all local data as described in Section 8.
- Right to opt out of sale: We do not sell personal information. There is nothing to opt out of.
- Right to non-discrimination: We do not discriminate based on the exercise of privacy rights.
Because we do not operate a backend server, we cannot respond to data subject requests for server-side data - there is no server-side data. If you have questions about the App's local data handling, please use the contact information in Section 13.
11. Zero Telemetry Declaration
MyEmailSpamFilter collects absolutely no telemetry. This means:
- No analytics or usage tracking of any kind.
- No crash reports or error reporting sent to any server.
- No performance metrics collected or transmitted.
- No advertising identifiers used or shared.
- No third-party analytics SDKs active in the App.
- No tracking pixels or web beacons.
- No user profiling or behavioral analysis.
The App may include dependencies (such as Firebase libraries) that have analytics capabilities, but those capabilities are not initialized or used in this App. No data is sent to any analytics or tracking service.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If we make material changes, we will note this on the App's website at myemailspamfilter.com.
We encourage you to review this policy periodically. Continued use of the App after changes become effective constitutes your acceptance of the revised policy.
This policy is versioned in the App's source repository. You can view the full history of changes at any time.
13. Contact
If you have questions or concerns about this Privacy Policy or the App's data handling practices, please contact us:
Email: kimmeyh@outlook.com
Website: myemailspamfilter.com
Because the App has no backend server and collects no data, we are unable to look up or retrieve any user data on your behalf. All data is on your device.