Privacy Policy

This policy covers both the Zerofinger website at zerofinger.com and the Zerofinger desktop app for Mac. Zerofinger is operated by an individual developer. You can reach us at [email protected].

We collect the minimum we need to run the service. Concretely:

• Account, sign-in, and billing data. Your name, email address, Google profile picture URL, session records, plan and subscription state, and a Stripe customer reference if you upgrade to Plus.
• Google OAuth grants and tokens. An access and refresh token for each Gmail account you connect, so the app can call Gmail on your behalf. We request Google profile and email information for sign-in and the Gmail gmail.modify scope for email client features. We do not collect your Google password.
• Local mail cache on your Mac. Messages, threads, drafts, attachments, labels, and the local search index are stored in a SQLite database under your macOS user account so the desktop app can work quickly.
• Gmail API relay data. The desktop app talks to Zerofinger's API, and the API talks to Gmail using your OAuth token. Message content and attachments can pass through the API in transit when you sync, search, open, send, draft, label, trash, unsubscribe, or otherwise act on mail. We do not store ordinary synced message bodies on our servers after serving those requests.
• Server-side feature records. Some features need server storage: scheduled sends store the message, recipients, attachments, and send time until they are sent or cancelled; reminders store message IDs, thread IDs, subject/sender metadata, and reminder times; email tracking stores outbound subject/body snapshots, recipients, delivery status, tracked-link mappings, and open/click event metadata such as IP address, user agent, method, timestamp, and classification; feedback stores the text you submit and app version/platform metadata.
• Operational telemetry. Basic logs from the website (request paths, status codes, IP addresses), desktop activity heartbeats, and error reports from the app when something crashes. We do not intentionally include mail content in error reports.

We use the data above to:

• Sign you in and keep your session active.
• Let the desktop app talk to Gmail on your behalf using the OAuth tokens you granted.
• Sync, search, display, draft, send, schedule, label, archive, trash, mark, snooze, remind, and track mail when you use those features.
• Charge for Plus and handle subscription changes through Stripe.
• Respond when you write to support.
• Investigate bugs, abuse, and security incidents, and keep the service running.

We do not sell your mail, share it with advertisers, or train any machine-learning model on it. See the Limited Use section below for the binding version of this commitment.

Gmail remains your authoritative mailbox. Zerofinger adds two layers around it: a local cache on your Mac and an authenticated API relay on Zerofinger's servers. This means:

• Ordinary message bodies and attachments are cached locally on your Mac and relayed through the API only as needed to serve the action you took.
• Server-side features store the narrower records described above: scheduled-send payloads, reminder metadata, tracking records, feedback, account records, and billing records.
• Uninstalling the app or wiping local data removes the cache on your Mac. The originals stay in Gmail until you delete them there.
• If you lose access to our website (for example, because the service is unavailable), the mail in your Gmail account is unaffected.

Zerofinger's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements for restricted scopes.

We request the Gmail scope needed to operate as a full email client: gmail.modify. We do not request the full Gmail mailbox scope. With respect to data we receive from Google APIs:

• We only use the data to provide and improve user-facing features of Zerofinger that are visible and prominent in the app.
• We do not transfer the data to others unless doing so is necessary to provide and improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with prior user notice.
• We do not use the data to serve advertisements, including retargeted, personalized, or interest-based advertising.
• We do not allow humans to read message content unless you give us explicit consent for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and used for internal operations under appropriate privacy protections.
• We do not use the data to train generalized or third-party AI or machine-learning models.

We use a small number of vendors to run the service. They process the data described above only to deliver their service to us:

• Google — Google Sign-In, OAuth, Gmail API, Gmail push notifications, and Google profile data.
• Stripe — payment processing for Plus subscriptions. Receives your billing details directly; we receive a reference and a payment record.
• Cloudflare — edge routing and tunnel infrastructure for zerofinger.com, api.zerofinger.com, admin.zerofinger.com, and tracking endpoints.
• GitHub — desktop release distribution and auto-update artifacts.
• Hosting providers — servers, databases, and networking used to run the website, API, admin console, and background workers.

We keep account, OAuth, subscription, scheduled-send, reminder, tracking, feedback, and operational records while your account is active or while they are needed for the feature you used. Raw desktop activity events are pruned after 90 days, and raw tracking events are pruned on a retention schedule. Billing records may need to be kept longer for tax, accounting, and fraud-prevention reasons.

Deleting a connected Gmail account from Zerofinger removes that account's OAuth token and dependent scheduled-send, reminder, and tracking rows from our server database. If you delete your Zerofinger account, we remove identifiable account data within 30 days except where we must keep it longer.

You can revoke Zerofinger's access to your Gmail at any time from your Google Account permissions page. Uninstalling the app, or clearing its local data, removes the local cache on your Mac. To delete the account entirely, write to [email protected].

All connections between the app, our website, our API, and Google use TLS in transit. OAuth tokens are stored in our server database and protected by access controls, credential separation, and least-privilege operational access. On your Mac, the app stores its session token in local app storage and keeps the local mail database under your macOS user account.

No system is perfectly secure. If we discover a breach that affects your data, we'll notify you in line with applicable law and tell you what happened and what we did about it.

Depending on where you live, you may have rights over your personal data under laws such as the GDPR (EU/UK), CCPA/CPRA (California), or PIPA (Korea). These typically include the right to access a copy of your data, correct it, delete it, restrict or object to certain uses, and lodge a complaint with a data-protection authority.

To exercise any of these rights, write to [email protected]. We may need to verify your identity before we can act on the request.

Zerofinger is not directed to children under 16. If you believe a child has signed up, write to us and we will remove the account.

Your data may be processed in countries other than the one you live in, including the United States, where our hosting and payment vendors operate. We rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers where required.

We may update this policy. When we do, we'll change the "Last updated" date at the top and, for material changes, give you reasonable notice. Questions? Write to [email protected].