Privacy Policy

Last updated: February 13, 2025

Our Commitment to Privacy

At Zero, we believe that privacy is a fundamental right. Our open-source email solution is built with privacy at its core, and we're committed to being transparent about how we handle your data.

Google Account Integration

When you use Zero with your Google Account:

  • We request access to your Gmail data only after receiving your explicit consent
  • We access only the necessary Gmail API scopes required for email functionality
  • Your Google account credentials are never stored on our servers
  • We use secure OAuth 2.0 authentication provided by Google
  • You can revoke our access to your Google account at any time through your Google Account settings

Data Collection and Usage

Google Services Data Handling

  • Email data is processed in accordance with Google API Services User Data Policy
  • We only process and display email data - we don't store copies of your emails
  • All data transmission between our service and Google is encrypted using industry-standard protocols
  • We maintain limited temporary caches only as necessary for application functionality

Self-Hosted Instances

  • When you self-host Zero, your email data remains entirely under your control
  • No data is sent to our servers or third parties without your explicit consent
  • You maintain complete ownership and responsibility for your data

Data Protection and Security

  • End-to-end encryption for all email communications
  • Secure OAuth 2.0 authentication for Google services
  • Regular security audits and updates
  • Open-source codebase for transparency and community review
  • Compliance with Google API Services User Data Policy

Google User Data Handling

Data Access and Usage

  • We access the following Google user data: email content, attachments, and metadata through Gmail API
  • This data is used exclusively for providing email functionality within Zero
  • No Google user data is used for advertising or marketing purposes
  • We maintain detailed logs of all data access for security and compliance

Data Sharing and Transfer

  • Google user data is never shared with third parties except as required for core service functionality
  • When necessary, we only work with service providers who comply with Google API Services User Data Policy
  • All service providers are bound by strict confidentiality agreements
  • We maintain a current list of all third-party service providers with access to Google user data

Data Retention and Deletion

  • Email data is processed in real-time and not permanently stored
  • Temporary caches are automatically cleared within 24 hours
  • All Google user data is permanently deleted when you revoke application access
  • You can request immediate deletion of all your Google user data by contacting [email protected]

Limited Use Disclosure

Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Your Rights and Controls

  • Right to revoke access to your Google account at any time
  • Right to request deletion of any cached data
  • Right to export your data
  • Right to lodge complaints about data handling

Contact

For privacy-related questions or concerns:

[email protected]Open an issue on GitHub

Updates to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes through our application or website.