1. App publisher
10Alert Mail is published by 10Alert. For privacy questions or rights requests, use the contact details in Terms of Use, section 13.
2. Extension's single purpose
The extension connects email accounts selected by the user to display messages, create notifications and perform explicitly requested email actions. 10Alert Mail is not an email-hosting service and does not create an inbox on 10Alert infrastructure.
3. Data accessed
Account data
Email address, display name, provider identifier, connection state and local account preferences.
Message data
Message and thread identifiers, sender, recipients, subject, snippet, date, read state, star, labels and attachment metadata. The message body is requested when the user opens a message. Attachments are not downloaded automatically.
User-created data
Recipients, subject and plain text of messages or replies that the user chooses to send.
Authentication data
OAuth tokens for Gmail and Microsoft or, when the user selects IMAP/SMTP, credentials configured for the local companion.
4. How Google data is used
10Alert Mail uses Gmail data only for visible email-client features: listing and reading mail, notifications, local search, read/unread, star, archive, labels, move to Trash and sending user-initiated messages.
5. Data flow and storage
- Gmail: directly between the user's device and Gmail API.
- Microsoft: directly between the device and Microsoft Graph.
- IMAP/SMTP: directly between the local companion and the user-selected server.
- 10Alert: does not centrally receive or store email content, provider tokens or IMAP passwords in the described edition.
Additional Gmail authorizations and IMAP data are encrypted by the companion using Windows DPAPI or AES-GCM with a user-only local key on macOS/Linux. The primary Gmail account may use Chrome Identity's protected token cache.
6. Local retention
- Recent headers and snippets are cached in Chrome for the user-selected period; the default is seven days.
- Settings and account metadata persist until the user removes the account or erases extension data.
- Local authorizations remain until disconnection, revocation or expiration.
- 10Alert does not archive complete messages, and attachments are not stored automatically.
7. Sharing, sale and human access
Email data is not sold or used for advertising, scoring, unrelated profiling or AI-model training. 10Alert does not permit human access to user messages. Information voluntarily included in a support request is used only to resolve that request.
8. Public website
This website is static and has no accounts, forms, analytics cookies or advertising code. Cloudflare Pages delivers its files and may process standard network data such as IP address, HTTP headers and security events under Cloudflare's policies. Extension messages and tokens never reach this website.
9. User controls
Users can disable notification snippets, remote images, sound and voice; export settings; disconnect each account; and erase all local data. Google access can also be revoked from Google Account Connections.
10. Security
We use OAuth, PKCE for installed-app flows, HTTPS, a local loopback callback, local encryption for companion secrets and a Manifest V3 extension with no remotely executable code. Raw email HTML is not injected into the interface.
11. Rights and requests
Access, export and deletion of extension data are available in the product. For support records or legally available rights, use the contact details in Terms of Use. Support messages are retained only as long as needed to resolve the request and meet applicable legal obligations.
12. Children and changes
The product is not designed to intentionally collect children's data. Material changes to this policy will be published here before new processing begins.