Privacy Policy

Last updated: May 16, 2025

Our Commitment to Privacy

At Zero, we believe that privacy is a fundamental right. Our open-source email solution is built with privacy at its core, and we're committed to being transparent about how we handle your data.

Important: Zero is a client-only email application. We DO NOT store your emails on our servers. All email data is processed directly between your browser and Gmail.

Our verified privacy commitments:

  • Zero Email Storage: We never store your emails - they remain in your Gmail account
  • Client-Side Processing: All email processing happens in your browser
  • Open Source: Our entire codebase is public and can be audited
  • Minimal Data: We only request essential Gmail API permissions
  • User Control: You can revoke our access to your Gmail at any time

Google Account Integration

When you use Zero with your Google Account:

  • We request access to your Gmail data only after receiving your explicit consent
  • We access only the necessary Gmail API scopes required for email functionality
  • Your Google account credentials are never stored on our servers
  • We use secure OAuth 2.0 authentication provided by Google
  • You can revoke our access to your Google account at any time through your Google Account settings

Data Collection and Usage

Google Services Data Handling

  • Email data is processed in accordance with Google API Services User Data Policy
  • We only process and display email data - we don't store copies of your emails
  • All data transmission between our service and Google is encrypted using industry-standard TLS 1.3 protocols
  • We maintain limited temporary caches only as necessary for application functionality, with a maximum retention period of 24 hours
  • Cached data is encrypted at rest using AES-256 encryption
  • We collect basic usage analytics (page views, feature usage) to improve the service, but this data is anonymized
  • Error logs are retained for 30 days to help diagnose and fix issues

Self-Hosted Instances

  • When you self-host Zero, your email data remains entirely under your control
  • No data is sent to our servers or third parties without your explicit consent
  • You maintain complete ownership and responsibility for your data
  • We provide detailed documentation on secure self-hosting practices
  • You can configure your own data retention and backup policies
  • Optional telemetry can be enabled to help us improve the platform

Data Processing Locations

  • All data processing occurs in secure data centers in the United States
  • Self-hosted instances can choose their own data processing location
  • We comply with international data transfer regulations
  • Data processing agreements are available for enterprise users

Data Protection and Security

Security Measures

  • End-to-end encryption for all email communications using industry-standard protocols
  • Secure OAuth 2.0 authentication for Google services with strict scope limitations
  • Regular third-party security audits and penetration testing
  • Open-source codebase for transparency and community security review
  • Compliance with Google API Services User Data Policy and security requirements
  • Real-time monitoring for suspicious activities and potential security threats
  • Automated security patches and dependency updates

Infrastructure Security

  • All servers are hosted in SOC 2 Type II certified data centers
  • Network-level security with enterprise-grade firewalls
  • Regular backup and disaster recovery testing
  • Multi-factor authentication required for all administrative access
  • Encryption at rest for all stored data using AES-256

Security Response

  • 24/7 security incident response team
  • Bug bounty program for responsible security disclosure
  • Incident response plan with clear notification procedures
  • Regular security training for all team members

Google User Data Handling

Data Access and Usage

  • We access the following Google user data through the Gmail API:
    • Email content and attachments
    • Email metadata (subject, dates, recipients)
    • Labels and folder structure
    • Basic profile information
  • This data is used exclusively for providing email functionality within Zero
  • No Google user data is used for advertising, marketing, or profiling purposes
  • We maintain detailed audit logs of all data access for security and compliance
  • Access to user data is strictly limited to essential personnel

Data Sharing and Transfer

  • Google user data is never shared with third parties except as required for core service functionality
  • When necessary, we only work with service providers who comply with Google API Services User Data Policy
  • All service providers are bound by strict confidentiality agreements
  • We maintain a current list of all third-party service providers with access to Google user data
  • Data sharing agreements are reviewed annually
  • Users are notified of any material changes to our data sharing practices

Data Retention and Deletion

  • Email data is processed in real-time and not permanently stored
  • Temporary caches are automatically cleared after 24 hours
  • Users can request immediate deletion of their cached data
  • Account deletion process:
    • All user data is immediately marked for deletion
    • Cached data is purged within 24 hours
    • Audit logs are retained for 30 days then permanently deleted
    • Backup data is removed within 7 days
  • We provide a data export tool for users to download their settings

User Rights and Controls

  • Right to access: Request a copy of your data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Export your data
  • Right to object: Opt-out of certain data processing

Limited Use Disclosure

Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Your Rights and Controls

  • Right to revoke access to your Google account at any time
  • Right to request deletion of any cached data
  • Right to export your data
  • Right to lodge complaints about data handling

Contact

For privacy-related questions or concerns:

Updates to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes through our application or website.

logo
Experience the Future of
Email Today
© 2025 Zero Email Inc, All Rights Reserved