Privacy Policy

Last Updated: December 2024

Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you use our services at www.onlyone.email.

1. Who We Are

Only One Email is a Unified email management for multiple accounts. We are committed to protecting your privacy and ensuring the security of your personal information through advanced encryption and secure token management.

2. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

3. Purposes of Processing

We process your personal data for the following purposes:

  • To provide and maintain our unified email management service
  • To authenticate and authorize your access to multiple Gmail accounts
  • To enable cross-account email search and management
  • To communicate with you about your account and our services
  • To improve and personalize your email management experience
  • To comply with legal obligations
  • To protect against fraud and abuse

4. Collecting Your Personal Data

We collect information in the following ways:

Information You Give Us

  • Account registration information (name, email address, password)
  • Profile information and preferences
  • Communication with our support team
  • Email account connection preferences

Information from Gmail Integration

When you connect your Gmail accounts through OAuth 2.0, we access:

  • Email Metadata: Headers, sender, recipient, subject, timestamp, labels
  • Account Information: Email address, account display name
  • OAuth Tokens: Access tokens and refresh tokens (encrypted)
  • Permission Scope: Gmail API permissions for email management

Important: We do NOT access, store, or process:

  • Email body content
  • Email attachments
  • Personal Google Drive files
  • Other Google services data

Information from Others

  • Information provided by third-party services you connect to our platform
  • Information from our business partners and service providers

Information Collected Automatically

  • Log data (IP address, browser type, access times)
  • Device information (device type, operating system)
  • Usage data (features used, time spent on platform)
  • Cookies and similar tracking technologies

5. Gmail OAuth Integration

OAuth Permissions

Our application requests the following Gmail permissions:

  • Read email metadata and headers - To display email information in unified inbox
  • Manage email labels and organization - To organize emails across accounts
  • Send emails on your behalf - To compose and send emails from your accounts

We do NOT request access to:

  • Email body content
  • Personal Google Drive files
  • Other Google services
  • Calendar or contact information

Token Management

  • Access Tokens: Used for Gmail API calls, automatically refreshed
  • Refresh Tokens: Stored securely for automatic token renewal
  • Token Encryption: All tokens encrypted using RSA encryption
  • Token Storage: Hybrid approach with local browser storage and optional server sync

6. RSA Encryption & Security

Token Encryption

We use RSA encryption to secure your Gmail access tokens:

  • Encryption Method: RSA-2048 encryption for token storage
  • Key Derivation: Encryption keys derived from your user credentials
  • Local Storage: Primary storage in browser's IndexedDB
  • Server Sync: Optional encrypted backup to our servers

Security Measures

  • Web Crypto API: Client-side encryption using browser's secure crypto functions
  • Password-Based Keys: Encryption keys derived from your login credentials
  • Zero-Knowledge: We cannot decrypt your tokens without your password
  • Hybrid Storage: Choose between local-only or synced storage

7. Hybrid Storage Options

Storage Choices

You can choose how your email account data is stored:

Local-Only Storage (Recommended):

  • All data stored locally in your browser
  • No data transmitted to our servers
  • Maximum privacy and control
  • Data lost if browser data is cleared

Synced Storage (Optional):

  • Encrypted backup to our servers
  • Access from multiple devices
  • Automatic conflict resolution
  • Requires additional authentication

Data Synchronization

  • Real-time Sync: Changes sync across devices when enabled
  • Conflict Resolution: Automatic resolution of conflicting changes
  • Selective Sync: Choose which accounts to sync
  • Sync Controls: Enable/disable sync at any time

8. Email Data Processing

What We Process

Email Metadata (Processed):

  • Email headers (sender, recipient, subject, date)
  • Email labels and folders
  • Read/unread status
  • Email size and attachment information

Email Content (NOT Processed):

  • Email body content
  • Email attachments
  • Email drafts
  • Personal email content

Data Processing Purpose

  • Unified Inbox: Display emails from all connected accounts
  • Cross-Account Search: Search across multiple Gmail accounts
  • Email Organization: Manage labels and folders
  • Account Switching: Switch between different Gmail accounts

9. Multi-Account Management

Account Connections

  • Multiple Accounts: Connect 3+ Gmail accounts (free tier) or unlimited (premium)
  • Account Switching: Quick switching between connected accounts
  • Unified View: View emails from all accounts in one interface
  • Account Status: Monitor connection status and health

Account Management

  • Add Accounts: Connect new Gmail accounts through OAuth
  • Remove Accounts: Disconnect accounts with confirmation
  • Account Settings: Manage individual account preferences
  • Connection Monitoring: Automatic detection of connection issues

10. Cookies

We use cookies and similar tracking technologies to:

  • Remember your preferences and settings
  • Analyze how you use our service
  • Provide personalized content and advertisements
  • Improve our service functionality

You can control cookie settings through your browser preferences.

11. Use of Data

We use the collected data for:

  • Providing and maintaining our unified email management service
  • Enabling cross-account email search and organization
  • Notifying you about changes to our service
  • Providing customer support
  • Gathering analysis or valuable information to improve our service
  • Monitoring the usage of our service
  • Detecting, preventing and addressing technical issues

12. Data Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations
  • To protect our rights and safety
  • With trusted service providers who assist us in operating our service
  • In connection with a business transfer or merger

13. International Data Transfer

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your information.

14. Security

We implement appropriate technical and organizational measures to protect your personal information:

  • RSA Encryption: 2048-bit RSA encryption for sensitive data
  • Web Crypto API: Secure client-side encryption
  • OAuth 2.0: Secure authentication with Gmail
  • HTTPS: All data transmission encrypted
  • Token Security: Encrypted token storage with password-derived keys

However, no method of transmission over the internet or electronic storage is 100% secure.

15. Data Retention

Retention Periods

  • Account Information: Retained while account is active
  • Email Metadata: Retained for 30 days after account disconnection
  • OAuth Tokens: Retained until account disconnection or token expiration
  • Usage Analytics: Retained for 12 months
  • Support Communications: Retained for 24 months

Data Deletion

  • Account Deletion: All data deleted within 30 days
  • Account Disconnection: Email metadata deleted within 30 days
  • Token Revocation: OAuth tokens revoked immediately
  • Local Data: Cleared when browser data is cleared

16. Children

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

17. Sensitive Personal Data

We do not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, or health information. If you provide such information, you consent to our processing of it in accordance with this Privacy Policy.

18. Your Rights

You have the following rights regarding your personal information:

  • Right to Opt-Out: You can opt-out of certain data processing activities
  • Right to Access: You can request access to your personal information
  • Right to Amend: You can request correction of inaccurate information
  • Right to Erase: You can request deletion of your personal information
  • Right to Data Portability: You can request a copy of your data in a portable format
  • Right to Account Management: You can add, remove, or modify connected Gmail accounts
  • Right to Storage Choice: You can choose between local-only or synced storage

To exercise these rights, please contact us at support@onlyone.email.

19. Complaints

If you have concerns about how we handle your personal information, you have the right to lodge a complaint with your local data protection authority.

20. Third Party Sites

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

21. Contact

If you have any questions about this Privacy Policy, please contact us at support@onlyone.email.

Copyright © 2024 Only One Email. All rights reserved. Version 1.0.0