Privacy Policy - MailTone

Effective date: 2026-05-11 Last updated: 2026-05-11 Contact: mailtone.app@pm.me

MailTone ("we", "the app") is an email client developed by QSparks. This policy explains what data the app accesses, where it is stored, and what it is - and is not - used for.

1. What MailTone is today

MailTone is an email client currently focused on Outlook.com, Hotmail, Live, and Microsoft 365 mailboxes through Microsoft Graph. MailTone does not host your mailbox. Your email stays with Microsoft and is fetched by the app directly from Microsoft Graph after you sign in.

MailTone can also help you receive instant notifications for mail from other providers by forwarding those messages into your Outlook or Hotmail mailbox. In that setup, MailTone does not need credentials for the original forwarded account. It only sees the forwarded message after it has arrived in the Outlook mailbox you connected.

2. Data the app accesses

2.1 Microsoft sign-in and tokens

When you add an Outlook, Hotmail, Live, or Microsoft 365 account, MailTone uses Microsoft OAuth. The app receives Microsoft access and refresh tokens so it can read, sync, and send mail on your behalf.

By default, in MailTone's "True privacy" push mode, Microsoft mail tokens are stored on your device and are not stored on the MailTone push server. If you explicitly choose a richer server-managed push mode, the push server may need limited token access to maintain Microsoft Graph subscriptions and prepare the notification payload described in section 3.2.

You can revoke MailTone's Microsoft access at any time from your Microsoft account security settings.

2.2 Email content

MailTone reads email directly from Microsoft Graph. Message headers, body text, attachments, read state, folders, and local search/cache data may be stored on your device so the app can work quickly and offline.

• On-device storage: local app storage, protected by the operating system sandbox and device encryption.
• Server-side mailbox storage by us: none. MailTone does not operate a hosted mailbox and does not keep a copy of your email body or attachments.
• Remote images: remote images are blocked unless you enable loading them.

2.3 Forwarded accounts

You can forward mail from any other email account into your Outlook or Hotmail mailbox and let MailTone notify you instantly when those forwarded messages arrive.

For forwarded accounts:

• MailTone does not need the password, OAuth token, or server settings of the original account.
• Matching is based on data available in the forwarded message after it reaches your Outlook mailbox, such as forwarded-recipient headers and user-created rules.
• You can assign separate notification sounds to forwarded accounts.

2.4 Custom sounds and notification rules

MailTone lets you assign custom notification sounds to accounts, forwarded accounts, and filter rules. You can also upload your own sound files.

• Uploaded sound files are stored on your device and shared with the iOS notification extension so the operating system can play them.
• MailTone may register sound identifiers, channel names, and rule configuration with the push system so the correct notification sound can be selected.
• The uploaded audio file itself is not uploaded to the MailTone push server.
• In True privacy mode, content-sensitive matching is performed on the device whenever possible.

2.5 Contacts (optional)

If you grant Contacts permission, MailTone reads your device contacts for email-address autocomplete in compose and search flows. Contacts are read on-device and are not uploaded to MailTone servers.

You can revoke this permission at any time in your device settings.

2.6 Calendar (optional)

If you grant Calendar permission, MailTone may read calendar-related email invitations and help you handle RSVP flows. Calendar data is processed on-device and is not uploaded to MailTone servers.

You can revoke this permission at any time in your device settings.

2.7 Push tokens and device routing

To deliver notifications, MailTone registers your device push token with the MailTone push server. This token is scoped to MailTone on your device and is used only to route push notifications through Apple Push Notification Service and, where applicable, Firebase Cloud Messaging.

The push server may store the minimum routing configuration needed for notifications, such as your account identifier, push token, platform, selected privacy mode, Graph subscription identifiers, folder opt-in state, rule configuration, and sound/channel identifiers.

3. Instant push notifications and privacy modes

MailTone operates a self-hosted push relay server so notifications can arrive quickly even when the app is not open. The relay is designed to minimize what passes through the server.

3.1 True privacy mode (default)

True privacy is the default and recommended push mode.

In this mode:

• Microsoft Graph subscriptions are managed by the device.
• The MailTone push server does not store your Microsoft mail refresh token.
• The push server does not fetch your messages from Microsoft Graph.
• The push server does not receive or process readable message content such as body text, attachments, subject, sender name, sender address, recipient list, or preview text.
• The server receives only the operational routing data needed to wake your device, validate the Graph subscription, de-duplicate events, and choose the configured notification channel or sound.

Microsoft Graph may include an opaque message/resource identifier in a webhook. MailTone treats that as routing data: it can be passed to your device so the app can fetch the message directly from Microsoft Graph, but it is not used by the server to read the message and is not stored in push history.

3.2 Optional richer notification modes

MailTone also offers optional privacy modes for users who want more server-prepared notification detail:

• Recipient: the push payload may include the recipient/forwarded-recipient signal, but not sender, subject, or preview text.
• Sender only: the push payload may include recipient and sender identity, but not subject or preview text.
• Full preview: the push payload may include sender, recipients, subject, and a short preview so the notification can display richer detail.

These modes are optional and can be changed in Settings. If you choose a richer mode, the server processes only the selected fields needed for that mode and does not store email body content or attachments.

3.3 Push history and operational logs

The push server keeps a small in-memory operational history so we can diagnose "notification did not arrive" reports.

• The history is in memory only.
• It is capped at about 1000 events and at most 24 hours.
• It is erased on every server restart or redeploy.
• In True privacy mode, history does not include account email, message id, sender, subject, preview, or body.
• In richer modes, history may include limited routing/diagnostic fields allowed by the selected privacy mode, such as sender email or message identifier for delivery debugging.

Operational application logs are retained for a limited period and are intended for service reliability, crash diagnosis, and delivery debugging. Logs are designed to avoid email body content and attachments.

4. Diagnostic logs in the app

MailTone keeps recent diagnostic logs on your device to help debug sync, notification, and UI issues. These logs are not sent automatically.

If you tap "Send bug report", the app prepares an email to our support address with selected diagnostic logs. You can review the email before sending it. Bug reports are designed not to collect message bodies, passwords, or tokens.

5. Data we do not collect

MailTone does not collect:

• Advertising identifiers
• Third-party advertising trackers
• Cross-app or cross-device marketing profiles
• Precise location data
• Microphone, camera, or biometric data
• Web browsing history
• Email body content for analytics

We do not sell your personal data.

6. Third parties

MailTone communicates with:

• Microsoft Graph - used to access your Outlook, Hotmail, Live, or Microsoft 365 mailbox after you sign in.
• Apple Push Notification Service - used to deliver push notifications to iOS devices.
• Firebase Cloud Messaging - used for push delivery infrastructure where applicable.
• Apple system frameworks - used for optional contacts, calendar, keychain, and notification functionality.

These services are governed by their own privacy policies. MailTone does not sell, rent, or transfer your email data to advertising partners.

7. Security

• Microsoft tokens and local app data are protected by the operating system's sandboxing and encryption.
• Network traffic between the app, Microsoft Graph, Apple, Google push services, and the MailTone push server uses TLS.
• The push relay is self-hosted and restricted to operational access.
• Admin and diagnostic tooling redacts sensitive identifiers where practical.
• Custom sound files remain on your device.

No internet-connected service can be guaranteed to be perfectly secure, but the MailTone architecture is designed to avoid server-side mailbox storage and to minimize the data needed for notifications.

8. Your choices

You can:

• Disable push notifications in your device settings or inside MailTone.
• Choose the True privacy push mode to keep message content and metadata device-side.
• Switch to a richer notification mode if you prefer more detailed notification previews.
• Remove an account from MailTone to delete its local app data.
• Uninstall MailTone to remove app data from the device.
• Revoke MailTone's Microsoft OAuth access from your Microsoft account.
• Contact us at mailtone.app@pm.me for privacy requests or questions.

9. International processing

The MailTone push server is operated as a single self-hosted relay. It is used for routing notifications and operational diagnostics, not for hosting your mailbox.

10. Children's privacy

MailTone is not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided data to MailTone, contact us and we will take appropriate action.

11. Changes to this policy

If we materially change this policy, we will update the "Last updated" date and make the updated policy available in the app or on the MailTone website.

12. Contact

Questions, requests, or complaints:

• Email: mailtone.app@pm.me
• Developer: QSparks
• App: MailTone