Privacy Policy — MailTone

Effective date: 2026-04-28
Last updated: 2026-04-28
Contact: mailtone.app@pm.me

MailTone ("we", "the app") is an email client developed by QSparks. This policy explains exactly what data the app accesses, where it is stored, and what it is — and is not — used for.

1. What MailTone is

MailTone is a third-party email client. It does not host or own your mailbox. Your email accounts continue to live with your existing provider (Gmail, Outlook, iCloud, Yahoo, or any IMAP provider). MailTone acts as a viewer and sender on your behalf, using credentials you authorize.

2. Data the app accesses

2.1 Email account credentials (OAuth tokens or IMAP password)

When you add an account, MailTone obtains either an OAuth refresh token (Gmail, Microsoft 365) or stores your IMAP password (other providers). These credentials are stored on the device only:

• iOS: Apple Keychain (encrypted by the OS, sandboxed per app)
• Android: EncryptedSharedPreferences (encrypted by the OS, sandboxed per app)

Credentials are never sent to our servers for storage. They are not included in standard backups when you opt out of token export.

2.2 Email content (messages, attachments)

MailTone reads your email directly from your provider over IMAP or the provider's API (Gmail REST, Microsoft Graph). Email content (headers, body, attachments) is cached on the device for offline access:

• Storage: local Hive database, sandboxed per app
• Encryption at rest: OS-level (Android FBE / iOS Data Protection)
• Server-side storage by us: none. We do not retain a copy of your email content on any server we operate.

2.3 Contacts (optional)

If you grant the Contacts permission, MailTone reads your device contacts to provide email-address autocomplete in the compose window. Contacts are read on-device only and are never transmitted outside the app.

You can revoke this permission at any time in your device settings.

2.4 Calendar (optional)

If you grant the Calendar permission, MailTone reads upcoming events to provide RSVP responses to calendar invitations received by email, and writes accepted events to your calendar. Calendar data is read and written on-device only and is never transmitted to our servers.

You can revoke this permission at any time in your device settings.

2.5 Push notification token (FCM / APNS)

To deliver real-time email notifications, MailTone registers your device's Firebase Cloud Messaging (Android) or Apple Push Notification Service (iOS) token with our self-hosted relay server. This token is a long-lived identifier, scoped to MailTone and your device. It does not contain personal information and cannot be reused by third parties.

2.6 Battery optimization exemption

MailTone requests REQUEST_IGNORE_BATTERY_OPTIMIZATIONS on Android to keep IMAP IDLE long-poll connections alive in the background. This is required to deliver push notifications for non-Gmail providers. No data is collected by this permission.

3. Our push relay server

To deliver notifications, MailTone operates a self-hosted relay server (referred to as "the push server"). The server's job is to:

1. Receive push notifications from email providers (Gmail Pub/Sub notifications, IMAP IDLE connections, Microsoft Graph webhooks).
2. Construct a small notification payload.
3. Forward the payload to FCM or APNS for delivery to your device.

3.1 What the push server temporarily processes

To construct a notification, the push server briefly accesses email metadata of newly arrived messages (sender domain, message identifier, recipient account). This data is processed in memory only for the duration of constructing the push notification, and is not retained in plaintext on the server.

3.2 What the push server stores

For debugging and diagnostics, the push server records the following for each push event in a 30-day retention log:

• Recipient account email (used for routing)
• Source (gmail, imap_idle, graph)
• Sender domain (e.g., @gmail.com) — the sender's display name and full email address are not stored
• Message identifier (used for de-duplication)
• Delivery status (success / failure per platform)
• Timestamp

Subject lines, sender display names, and email body content are never stored on the server.

3.3 What the push server does not do

• It does not read your email body.
• It does not store email content.
• It does not share data with third parties.
• It does not run analytics on the data it processes.

4. OAuth proxy

For Gmail accounts, MailTone uses our push server as an OAuth proxy to refresh access tokens. This is technically necessary because mobile applications cannot store the OAuth client secret securely. The proxy exchanges your refresh token for a short-lived access token on demand. The refresh token itself remains stored on your device; the proxy only sees it for the few seconds during a token refresh, and does not retain it.

5. Diagnostic logs (opt-in only)

MailTone maintains an in-memory diagnostic log of recent app activity (connection events, errors). This log is on-device only and is never transmitted unless you explicitly tap "Send bug report" in Settings, which composes an email containing the log to our support address. You can review the log content before sending.

6. Data we do not collect

• Marketing or behavioral analytics
• Third-party advertising trackers
• Cross-app or cross-device user profiles
• Location data
• Microphone, camera, biometric data
• Web browsing history
• App usage telemetry

7. Your rights

You have the right to:

• Access: All your email data is on your device — open the app to see it. Push server logs (30-day retention, see §3.2) can be exported on request to the contact email above.
• Delete: Uninstall the app to remove all on-device data. Server-side logs (§3.2) auto-expire after 30 days; you may request earlier deletion at the contact email.
• Revoke access: Revoke MailTone's OAuth grants in your Google Account settings or Microsoft account settings, immediately preventing further access.
• Object / Restrict: You may stop using the app at any time.

8. Third parties

MailTone communicates directly with:

• Your email provider (Google, Microsoft, Apple, Yahoo, your own IMAP) — governed by their respective privacy policies.
• Firebase Cloud Messaging (Google) — delivers notification payloads to Android devices. Governed by Google's privacy policy.
• Apple Push Notification Service — delivers notification payloads to iOS devices. Governed by Apple's privacy policy.

We do not share, sell, or transfer your data to any other third party.

9. Security

• On-device data is protected by the operating system's sandboxing and full-disk encryption.
• Network traffic between the app, our push server, and email providers uses TLS.
• Push server access is restricted to the developer; the admin dashboard is HTTP Basic Auth protected and redacts personally identifying information.
• The application source code is available for review; security vulnerabilities can be reported to the contact email above.

10. Children's privacy

MailTone is not intended for use by children under 13. We do not knowingly collect data from children. If you believe a child has used the app, contact us and we will remove their data.

11. International data transfers

The push server is located in a single data center and processes data in transit only. It does not replicate user-identifiable data across regions.

12. Changes to this policy

If we materially change this policy, we will:

• Update the "Last updated" date at the top.
• Push an in-app notice on the next app launch.
• For materially adverse changes, request your active consent.

13. Contact

Questions, requests, complaints:

• Email: mailtone.app@pm.me
• Developer: QSparks
• App: MailTone — Email Client