Privacy Policy
Effective date: July 3, 2026
Keymail ("the app") is a native macOS email client developed by Chris Maury ("we", "us"). This policy explains what data Keymail accesses, how it is used, where it is stored, and the choices you have. The short version: Keymail runs entirely on your Mac. We operate no servers, and we never receive, collect, sell, or share your data.
1. Information Keymail accesses
When you connect a Google account, Keymail asks for your consent — via Google's OAuth 2.0 sign-in — to access the following Google user data:
- Email messages and settings (
https://www.googleapis.com/auth/gmail.modify) — the contents, headers, labels, and read state of messages in the Gmail accounts you connect. - Sending email (
https://www.googleapis.com/auth/gmail.send) — the ability to send messages from your account. - Your email address (
https://www.googleapis.com/auth/userinfo.email) — the address identifying each connected account. - Calendars and events (
https://www.googleapis.com/auth/calendar.readonlyandhttps://www.googleapis.com/auth/calendar.events) — your calendar list, event details, and the ability to create, update, and respond to events.
Keymail does not access any Google data beyond these scopes, and does not collect analytics, telemetry, usage data, or advertising identifiers.
2. How Keymail uses this data
- Displaying and organizing your mail. Message data is used to render your inbox, labels, threads, and search results, and to carry out actions you take in the app (archive, label, mark read/unread, move, delete).
- Follow-up radar. Keymail examines your sent threads locally, on your device, to detect messages you sent that have not received a reply, and surfaces them to you.
- Sending mail. Messages you compose are sent through the Gmail API only when you explicitly press send. Keymail never sends email automatically.
- Account identification. Your email address labels each account in the unified inbox.
- Calendar. Event data is used to show your schedule in the app and to carry out event actions you take (responding to invitations, creating or editing events).
All processing happens locally on your Mac. Keymail does not use your data for advertising, does not build profiles, and no human ever reads your data (we couldn't — it never leaves your device).
3. Where your data is stored
- OAuth tokens are stored in the macOS Keychain, encrypted by the operating system and protected by your macOS user account.
- Mail and calendar caches are stored only in the app's local storage on your Mac, so the app is fast and works offline. This cache is a mirror of data that already lives in your Google account.
- Nothing is stored on our side. Keymail has no backend. Your data is transmitted only between your Mac and Google's APIs, over encrypted (HTTPS/TLS) connections.
4. Sharing of data
We do not sell, rent, transfer, or share your Google user data with anyone. Because Keymail has no servers, we have no copy of your data to share, and we have no access to it ourselves.
A planned "bring-your-own-AI" feature may let you optionally connect an AI service of your choosing for assistive features. If and when that feature ships, data will be sent to your chosen provider only with your explicit configuration and consent, will be limited to what the feature requires, and this policy will be updated to describe it before the feature is enabled.
5. Data retention and deletion
- Removing an account from Keymail deletes that account's OAuth tokens and locally cached data from your Mac.
- Deleting the app removes all of its local data.
- You can revoke Keymail's access to your Google account at any time at myaccount.google.com/permissions. Once revoked, Keymail can no longer access your data.
- Your email and calendar data in your Google account itself is never deleted by Keymail except when you explicitly delete a message or event in the app.
6. Security
Keymail uses Google's official OAuth 2.0 flow with PKCE — the app never sees or stores your Google password. Tokens are kept in the macOS Keychain, all network communication with Google uses TLS, and all mail data at rest is protected by macOS user-account security (and FileVault disk encryption, if enabled).
7. Children's privacy
Keymail is not directed at children under 13 and does not knowingly collect personal information from children.
8. Changes to this policy
If we change this policy, we will update this page and the effective date above. Material changes affecting how Google user data is handled will be prominently disclosed before they take effect.
9. Contact
Questions about this policy or your data? Email help@chrismaury.com.