Privacy Policy

Last updated: April 28, 2026

This privacy policy describes how the Email desktop application by OverclockedApps ("the app", "we", "us") handles your data. Email is a Windows desktop client that connects directly to mail, calendar, and contacts servers you configure. We do not run any backend service that handles your messages.

What the app accesses

Email (IMAP / SMTP)

With your explicit setup of an account, the app connects to the IMAP and SMTP servers you specify (Gmail, Fastmail, your self-hosted server, etc.) using either:

• The username and password you supply, or
• OAuth 2.0 access and refresh tokens (for Google accounts).

The app reads message envelopes and bodies you have permission to read; it sends messages you compose; and it sets/clears flags and moves messages between folders you act on. Nothing else.

Calendar (CalDAV) and Contacts (CardDAV)

If you trigger "Sync calendars" or "Sync contacts", the app reaches the same providers' CalDAV/CardDAV endpoints to fetch your calendar events and contacts. For Google accounts, this requires the https://www.googleapis.com/auth/calendar and https://www.googleapis.com/auth/contacts scopes, which you grant during sign-in.

Google user data, specifically

When you sign in with Google, the app accesses:

• Email address and basic profile (openid, email scopes) — used only to label the account inside the app.
• Gmail messages (https://mail.google.com/) — read, send, and modify mail in your inbox, the same as any IMAP/SMTP client.
• Google Calendar (https://www.googleapis.com/auth/calendar) — read and modify your calendars and events.
• Google Contacts (https://www.googleapis.com/auth/contacts) — read and modify your contacts.

This Google user data is used only to provide the user-facing functionality of the app on your own device. We do not transmit it to any server controlled by OverclockedApps, we do not share it with third parties, we do not use it for advertising, we do not analyze it for any secondary purpose, and we do not allow humans (including OverclockedApps employees) to read it. The app's compliance with Google's API Services User Data Policy — including the Limited Use requirements — applies in full.

Where data is stored

All synced data lives on your device:

• Message metadata, bodies, and attachment metadata: SQLite database at %APPDATA%\com.overclockedapps.emailapp\store.db.
• Cached attachment files (≤ 5 MB each): %APPDATA%\com.overclockedapps.emailapp\attachments\.
• Calendar events and contacts (when synced): same SQLite database.
• Account passwords and OAuth tokens: Windows Credential Manager, under service names com.overclockedapps.emailapp and com.overclockedapps.emailapp.oauth.

None of this data leaves your device except in the form of standard IMAP / SMTP / CalDAV / CardDAV traffic to the mail, calendar, or contacts server you configured.

What we do NOT do

• We do not host any server that processes your email, calendar, or contact data.
• We do not collect analytics, usage statistics, crash reports, or telemetry.
• We do not display ads, sell user data, or use it to train any model.
• We do not have any login, account, or subscription on our side. The app is not gated by any service we run.

Network requests the app makes to overclockedapps.com

The only requests the app makes to overclockedapps.com are to https://overclockedapps.com/email/latest.json for update checks. That request includes your IP address and a standard User-Agent string (Tauri's HTTP client). We do not log those requests beyond standard web-server access logs, which are rotated and not cross-referenced with any other data.

Third-party services

The app communicates with whatever providers you configure. Their privacy policies apply to their servers' handling of your data:

• Google Privacy Policy (when you connect a Google account)
• The privacy policy of any other IMAP / SMTP / CalDAV / CardDAV provider you use

Data deletion

To delete all data:

• Inside the app: ⚙ Accounts → click each account → Remove. This deletes the cached messages and removes the credentials from Windows Credential Manager.
• Or uninstall the app: Windows Settings → Apps → Email → Uninstall.
• To wipe completely without uninstalling, delete %APPDATA%\com.overclockedapps.emailapp\.

To revoke the Google OAuth grant: visit Google Account → Third-party apps with account access and remove "Email by OverclockedApps".

Children

The app is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

If this policy changes materially, we'll update the "Last updated" date above. Substantive changes will be noted on the app's main page.

Contact

Questions about privacy or this policy? Email overclocked.apps.tx@gmail.com.