Privacy Policy

Introduction

VectaMail ("we", "our", or "the app") is an email client for iOS that connects to your Google account via the Gmail API. Your privacy is fundamental to how we build and operate VectaMail. This policy explains what data we access, how we use it, and the choices you have.

Data We Access

When you sign in with Google, VectaMail requests access to your Gmail account through Google's OAuth 2.0 flow. We access:

• Email metadata (sender, recipients, subject, date, labels)
• Email body content (for display within the app)
• Attachments (downloaded on demand when you open them)
• Contact names associated with your emails

We only request the minimum permissions necessary to provide a functional email experience.

How Your Data Is Stored

VectaMail stores your email data locally on your device using Core Data. This means:

• Your emails are cached on-device for fast, offline access
• Email data is not uploaded to any third-party server
• Attachments are stored temporarily in the app's sandboxed cache directory
• Deleting the app removes all locally stored email data

Authentication tokens are stored securely in the iOS Keychain, which is encrypted and protected by your device passcode.

Our Server

VectaMail uses a backend server for the following limited purposes:

• Push notifications — to deliver real-time email alerts, we maintain a secure connection with Google's push services through our server
• Subscription management — to verify your subscription status
• Preference sync — to sync settings like signature and undo send delay across your devices

Our server does not store the content of your emails. Push notification payloads contain only the minimum information needed to trigger a sync on your device.

Smart Categories

VectaMail automatically categorizes your emails (e.g., Receipts, Newsletters, Notifications) using a rule-based engine that runs entirely on your device. No email content is sent to any external service for categorization.

AI Features

VectaMail offers optional AI features such as email summaries and the Daily Briefing. When enabled, email content may be sent to our server for processing by an AI model. AI features are:

• Opt-in — you can enable or disable them at any time in Settings
• Only active when explicitly enabled by you
• Processed securely and not stored on our servers after the response is generated

We do not use your email content to train AI models.

Third-Party Services

VectaMail integrates with the following third-party services:

• Google Gmail API — to access and manage your email
• Apple StoreKit — to manage in-app subscriptions
• Sentry — for anonymous crash reporting and performance monitoring (no email content is included)

We do not sell, share, or provide your personal data to advertisers or data brokers.

Push Notifications

When push notifications are enabled, your device token is registered with our server to deliver real-time alerts. You can disable push notifications at any time through Settings or iOS system settings.

Data Retention & Deletion

• Email data cached on your device is removed when you delete the app or sign out
• Your Google OAuth token is revoked when you sign out, ending our access to your Gmail account
• Server-side records (device token, subscription info) are deleted when you sign out or upon request

When you delete your account through Settings > Profile > Delete Account, we delete all subscription data and user profile data from our servers. This includes your devices, push notification registrations, linked secondary accounts, and Gmail watch subscriptions. Your account cannot be recovered after deletion. If you have an active Apple subscription, you must cancel it separately through your Apple ID settings to avoid further charges.

Children's Privacy

VectaMail is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

Contact Us

If you have questions or concerns about this privacy policy or your data, please contact us at support@vectamail.com.