Privacy Policy

Introduction

VectaMail ("we", "our", or "the app") is an email client for iOS that connects to your Google account via the Gmail and Google Calendar APIs. Your privacy is fundamental to how we build and operate VectaMail. This policy explains what data we access, how we use it, and the choices you have.

Data We Access

When you sign in with Google, VectaMail requests access through Google's OAuth 2.0 flow. With your permission, we access:

• Gmail — email metadata (sender, recipients, subject, date, labels), email body content for display, and attachments downloaded on demand when you open them. The Gmail permission also lets you send, archive, delete, and label messages from within the app.
• Google Calendar — your calendar list and events, so you can view your schedule and create events from inside the app.
• Basic profile — your name and email address, to identify your account.

We request both Gmail and Calendar access at sign-in because both are core to the app. You're always shown exactly what VectaMail is asking for on Google's consent screen, and you can revoke access at any time from your Google Account.

How Your Data Is Stored

VectaMail stores your email data locally on your device using Core Data. This means:

• Your emails are cached on-device for fast, offline access
• Email content is not uploaded to or stored on any third-party server
• Attachments are stored temporarily in the app's sandboxed cache directory
• Deleting the app removes all locally stored email data

Authentication tokens are stored securely in the iOS Keychain, which is encrypted and protected by your device passcode.

Our Server

VectaMail uses a backend server for the following limited purposes:

• Push notifications — to deliver real-time email alerts, we maintain a secure connection with Google's push services through our server
• Subscription management — to verify your subscription status with Apple
• Preference sync — to sync settings like your signature, swipe actions, and undo-send delay across your devices
• AI processing — only when you actively use an AI feature (see below)

Our server does not store the content of your emails. Push notification payloads contain only the minimum information needed to trigger a sync on your device.

Smart Categories

VectaMail automatically categorizes your emails (e.g., Receipts, Newsletters, Notifications) using a rule-based engine that runs entirely on your device. No email content is sent to any external service for categorization.

Quick Replies

Suggested one-tap replies are generated on your device using Apple's on-device intelligence. The content used to generate them does not leave your iPhone and is not sent to our servers.

AI Features

VectaMail offers optional AI features such as thread summaries, AI compose and rewrite, action-item extraction, and the Daily Briefing. When you use one of these features, the relevant email content is sent to our server for processing by an AI model. AI features are:

• Opt-in — they run only when you explicitly trigger them
• Processed securely and not stored on our servers after the response is generated
• Never used to train AI models — your email content is not used to train or improve any model

Third-Party Services

VectaMail integrates with the following third-party services:

• Google Gmail API — to access and manage your email
• Google Calendar API — to display your calendar and create events
• Apple StoreKit — to manage in-app subscriptions
• Sentry — for anonymous crash reporting and performance monitoring (no email content is included)

We do not sell, share, or provide your personal data to advertisers or data brokers.

Push Notifications

When push notifications are enabled, your device token is registered with our server to deliver real-time alerts. You can disable push notifications at any time through Settings or iOS system settings.

Data Retention & Deletion

• Email data cached on your device is removed when you delete the app or sign out
• Your Google OAuth tokens are revoked when you sign out, ending our access to your Gmail and Calendar
• Server-side records (device token, subscription info) are deleted when you sign out or upon request

When you delete your account through Settings > Profile > Delete Account, we delete all subscription data and user profile data from our servers. This includes your devices, push notification registrations, linked secondary accounts, and Gmail watch subscriptions. Your account cannot be recovered after deletion. If you have an active Apple subscription, you must cancel it separately through your Apple ID settings to avoid further charges.

Children's Privacy

VectaMail is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

Contact Us

If you have questions or concerns about this privacy policy or your data, please contact us at support@vectamail.com.