Public document

Privacy Policy

10Alert Mail is local-first: email-account data is processed on your device and directly by the provider, not on 10Alert servers.

Last updated: 18 July 2026

1. App publisher

10Alert Mail is published by 10Alert. For privacy questions or rights requests, use the contact details in Terms of Use, section 13.

2. Extension's single purpose

The extension connects email accounts selected by the user to display messages, create notifications and perform explicitly requested email actions. 10Alert Mail is not an email-hosting service and does not create an inbox on 10Alert infrastructure.

3. Data accessed

Account data

Email address, display name, provider identifier, connection state and local account preferences.

Message data

Message and thread identifiers, sender, recipients, subject, snippet, date, read state, star, labels and attachment metadata. The message body is requested when the user opens a message. Attachments are not downloaded automatically.

User-created data

Recipients, subject and plain text of messages or replies that the user chooses to send.

Authentication data

OAuth tokens for Gmail and Microsoft or, when the user selects IMAP/SMTP, credentials configured for the local companion.

4. How Google data is used

10Alert Mail uses Gmail data only for visible email-client features: listing and reading mail, notifications, local search, read/unread, star, archive, labels, move to Trash and sending user-initiated messages.

Google API Limited Use. 10Alert Mail's use of information received from Google Workspace APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data flow and storage

Additional Gmail authorizations and IMAP data are encrypted by the companion using Windows DPAPI or AES-GCM with a user-only local key on macOS/Linux. The primary Gmail account may use Chrome Identity's protected token cache.

6. Local retention

7. Sharing, sale and human access

Email data is not sold or used for advertising, scoring, unrelated profiling or AI-model training. 10Alert does not permit human access to user messages. Information voluntarily included in a support request is used only to resolve that request.

8. Public website

This website is static and has no accounts, forms, analytics cookies or advertising code. Cloudflare Pages delivers its files and may process standard network data such as IP address, HTTP headers and security events under Cloudflare's policies. Extension messages and tokens never reach this website.

9. User controls

Users can disable notification snippets, remote images, sound and voice; export settings; disconnect each account; and erase all local data. Google access can also be revoked from Google Account Connections.

10. Security

We use OAuth, PKCE for installed-app flows, HTTPS, a local loopback callback, local encryption for companion secrets and a Manifest V3 extension with no remotely executable code. Raw email HTML is not injected into the interface.

11. Rights and requests

Access, export and deletion of extension data are available in the product. For support records or legally available rights, use the contact details in Terms of Use. Support messages are retained only as long as needed to resolve the request and meet applicable legal obligations.

12. Children and changes

The product is not designed to intentionally collect children's data. Material changes to this policy will be published here before new processing begins.