Privacy Policy
Last updated: July 6, 2026
Overview
YaroMail (https://yaromail.clevercode.app) is a self-hosted personal email client operated by its owner for their own mailboxes. This policy describes how the app handles information when you sign in and connect email accounts.
Information we process
- Google account sign-in: When you sign in with Google, we receive your name, email address, and profile information needed to authenticate you to the app.
- Email content:When you connect Gmail or SMTP/IMAP mailboxes, the app syncs messages, attachments, labels/folders, and metadata (senders, recipients, subjects, dates) into the operator's self-hosted database so you can read, organize, search, and send mail.
- Device tokens (iOS): If you use the iOS app, we store your Apple Push Notification device token to deliver new-mail alerts.
- Open tracking:If you send mail with tracking enabled, recipients' opens may be logged (device label, timestamp) when the tracking pixel loads.
Google user data
YaroMail requests the following Google OAuth scopes when you connect a Gmail mailbox or sign in with Google:
gmail.modify— read, label, archive, and organize messages in your Gmail account on your behalf.gmail.send— send email from your Gmail account on your behalf.- Profile and email scopes for authentication (
openid,email,profile).
We access Gmail messages and labels solely to display, organize, search, and send mail within the client. Message data is stored in the operator's own database on infrastructure they control. We do not sell, rent, or share Google user data with third parties for advertising, profiling, or any purpose unrelated to providing the mail client.
Data is retained while your mailbox remains connected and cached in the database until you delete it or disconnect the account. You can revoke YaroMail's access at any time via Google Account permissions.
Limited Use disclosure
YaroMail's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide and improve user-facing mail features in this app, not for serving ads or transferring data to third parties except as necessary to operate the service (e.g. hosting infrastructure under the operator's control).
Security
OAuth tokens and SMTP passwords are encrypted at rest. The app is served over HTTPS in production. Access to the web UI and API requires authentication.
Contact
Questions about this policy: 1@clevercodelab.com.