Privacy Policy - Gmail Cleanup Tool
Last Updated: February 2026
Summary
Gmail Cleanup Tool is a privacy-first Chrome extension. We do not collect or transmit your email content to any third party during standard cleanup usage. All analysis happens locally in your browser, and actions (scan/delete/archive/mark read) are performed by calling Google's Gmail API directly.
If you opt into AI Summary and provide your own API key, the extension will send limited email data to your chosen AI provider to generate summaries. Summaries are generated only when you click the Summary button.
Scan Modes
- Privacy True (default): Fetches only metadata (sender, subject, date, size, labels, headers, attachment structure). No body content or previews.
- Deep Scan (optional): Includes preview data when explicitly enabled by the user.
This remains true whether or not licensing (for example, Gumroad) is enabled: license verification never includes your email content.
Data We Do Not Collect
- Email content or attachments
- Email metadata (subject lines, sender lists, message IDs) to our own servers
- Usage analytics or telemetry to our own servers
- Personal information to our own servers
What Network Requests Can Occur
Google (Required)
- The extension calls Google Gmail API endpoints (
googleapis.com) to read message lists/details and perform user-requested actions (trash/archive/mark read).
- OAuth authentication is handled by Google via Chrome's Identity API. We never see or store your password.
AI Summary Provider (Optional)
If you enable AI Summary and provide your own API key, the extension will send limited email data to the AI provider endpoint (for example, generativelanguage.googleapis.com) to generate a summary.
- Sent: subject, sender, date, and preview snippet (when available)
- If "Full Content Summaries" is enabled: full email content (text only) for the specific message you request
- Not sent: attachments or mailbox history
- Provider choice: the data is sent only to the provider you select with your API key
Licensing Provider (Optional)
If Pro licensing is enabled, the extension may contact a licensing provider (for example, Gumroad) to verify a license key.
- Sent: license key (and any licensing metadata required by the provider)
- Not sent: email content, message bodies, attachments, or mailbox data
Local Storage
The extension stores only what it needs locally (Chrome Storage), such as:
- OAuth token (stored by Chrome)
- UI preferences (theme, confirmation toggle)
- Optional cached analysis results to avoid immediate re-scan
- Optional license status (if licensing is enabled)
Permissions Explained
| Permission |
Why We Need It |
identity |
To authenticate with your Google account via Chrome Identity API |
storage |
To store local preferences and optional local cache |
Gmail API scopes (gmail.readonly, gmail.modify) |
To scan and perform user-requested cleanup actions |
Data Security
- All communication uses HTTPS encryption
- OAuth tokens are stored in Chrome's protected storage
- Email data is processed locally; the extension does not upload mailbox content to our servers
Your Rights
- Access: Your data stays on your machine and in your Google account
- Deletion: Uninstall the extension to remove local extension data
- Portability: No server-side data exists to export
Contact
Questions about privacy? Contact: traoher@gmail.com
Changes
We'll update this policy if our practices change. The "Last Updated" date will reflect any modifications.