Privacy Policy

Last updated: March 2025

This privacy policy describes how Gmail Campaign Sender (“the app”) collects, uses, and protects your information when you use the web app or Chrome extension and the backend service.

1. Information we collect and use

Account and Gmail access. When you sign in with Google, we receive your Google account email address and an OAuth refresh token. We store the email and an encrypted copy of the refresh token on our backend so we can send and schedule emails on your behalf. We do not store your Google password.

Session data. When you use the web app, we use a session cookie so your browser stays signed in. Session data is stored server-side and is tied to your device; it does not contain your email or tokens.

Templates and campaigns. Content you create (template names, subjects, bodies) and campaign data (recipient lists from your CSV, scheduled send times, optional attachment references) are stored on our backend to provide scheduling, sending, and dashboard features.

Sent logs. For each campaign we may store recipient email addresses, send timestamps, and Gmail message IDs for the dashboard and error reporting. We do not store the full body of sent emails.

2. How we use your information

We use the information above only to:

Send and schedule emails via the Gmail API using your linked account
Show you your templates, scheduled campaigns, and sent campaign history
Keep you signed in on the device you use
Operate and improve the service (e.g. debugging, security)

We do not sell your data or use it for advertising.

3. Where your data is stored

Data is stored on infrastructure used to run the backend (e.g. database and optional file storage). If the app is deployed with Supabase, your data is stored in Supabase’s systems. Database and storage providers may process and store data in accordance with their own terms and privacy policies.

4. Third parties

Google. Sign-in and sending use Google’s OAuth and Gmail API. Google’s privacy policy applies to that use: policies.google.com/privacy.

Hosting and database. The backend and database (e.g. Render, Supabase, or similar) process and store your data as necessary to run the service.

5. Security

We encrypt Gmail refresh tokens at rest. Communication with the backend should use HTTPS where available. You are responsible for keeping your Google account secure and for the content of emails you send through the app.

6. Your choices

Sign out. Use “Sign out” in the app to end your session on that device; we will no longer treat that browser as signed in.
Revoke Gmail access. You can revoke the app’s access to your Gmail at myaccount.google.com/permissions. After that, we will not be able to send or schedule mail for that account until you sign in again.
Data in our systems. Stored templates, campaign data, and sent logs remain in our database until you or the operator delete them or the service is discontinued. If you need help with deletion, contact the operator (see below).

7. Changes

We may update this policy from time to time. The “Last updated” date at the top will be revised when we do. Continued use of the app after changes means you accept the updated policy.

8. Contact

For questions about this privacy policy or your data, contact the person or team who operates this instance of Gmail Campaign Sender (e.g. the owner of the repository or the backend you connect to).

← Back to app