Privacy Policy for MailAPI VIP Gmail Backup

Last updated: October 15, 2025

1. Overview

MailAPI VIP Gmail Backup is a personal Gmail backup utility that allows you to download and archive your email messages and attachments. This Privacy Policy explains how we collect, use, protect, retain, and delete your data, including how session data is automatically cleared when your login expires.

2. Information We Access

When you authorize our app, we access the following data from your Google account:

  • Gmail messages: Full email content including headers, body, and metadata across all labels and folders
  • Attachments: All file attachments associated with your emails
  • Email address: Your primary Gmail address for identification and session management
3. How We Use Your Data

Your Gmail data is used exclusively for the following purposes:

  • Backup creation: Reading and downloading email messages in RFC822 (.eml) format
  • Attachment extraction: Downloading and storing email attachments locally
  • Optional deletion: Permanently deleting backed-up emails from Gmail (bypassing Trash) when explicitly requested by you
  • Session management: Displaying your email address to confirm active login

We do NOT:

  • Send emails on your behalf
  • Modify email content or labels (except deletion when requested)
  • Share, sell, or transfer your data to any third parties
  • Use your data for marketing, advertising, or analytics
  • Train AI/ML models with your data
4. Data Storage and Protection

Where your data is stored:

  • Email backups: Stored locally on our server in the gmail_backup/ directory, organized by year
  • OAuth tokens: Temporarily stored in encrypted session cookies during active login (automatically deleted on logout or session expiry)
  • Application logs: Activity logs stored in gmail_backup.log containing timestamps and email IDs (no email content)

Security measures:

  • HTTPS encryption: All data transmission between your browser and our app uses TLS/SSL encryption
  • Session security: OAuth tokens are stored in secure, HTTP-only session cookies with a limited lifetime
  • Access control: Only the authenticated user can access their own backup data during an active session
  • No cloud storage: Backups remain on our hosting server; we do not store data in external cloud services
  • Server-side protection: Our server environment controls physical and logical access to backup files
5. Data Retention and Deletion

OAuth tokens and session data:

  • Retained only for the duration of your active login session
  • Automatically deleted when you sign out or when the session times out (typically within 24 hours)
  • No OAuth tokens or session data are stored once the session has ended
  • You can revoke access at any time via your Google Account permissions page

Email backups and attachments:

  • Temporarily written to the gmail_backup/ directory on our server while your session is active
  • Automatically deleted from our server when you sign out or when the session times out
  • You may download a ZIP export before the session ends if you want to keep a local copy
  • When you trigger the “Delete Backed-Up Emails” action, the corresponding Gmail messages are permanently removed from your Google account without passing through Trash

Application logs:

  • Logs are retained for operational troubleshooting and do not contain email content
  • You may contact us to request deletion of log files (gmail_backup.log) from our server at any time

Complete data deletion:

All backups and session data are automatically removed when the session expires. If you also want to clear diagnostic logs:

  1. Contact us to delete the gmail_backup.log file from our server
  2. Revoke app access at Google Account permissions if you no longer plan to use the app
6. Third-Party Disclosure

We do not share, sell, rent, or disclose your Gmail data to any third parties under any circumstances. Your data remains exclusively on our server and is never transmitted to external services, analytics platforms, or advertising networks.

7. Your Rights and Choices
  • Access: You can access your backup data directly from the gmail_backup/ folder on our server while your session is active
  • Download: Use the "Download Backup ZIP" feature to export your backups before the session ends if you wish to retain a copy
  • Deletion: Backups are automatically removed from our server at session timeout; you can also use the optional "Delete Backed-Up Emails" feature to permanently remove messages from Gmail without routing them to Trash
  • Revocation: Revoke app access at any time through Google Account settings
  • Sign out: Log out from the app to immediately clear OAuth tokens from your session
8. Children's Privacy

This app is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with data, please contact us immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of the app after changes indicates acceptance of the updated policy.

10. Compliance

This app complies with Google's API Services User Data Policy, including the Limited Use requirements. Your Gmail data is used only to provide and improve user-facing features, and is not transferred to third parties except as necessary to provide the service, comply with applicable law, or as part of a merger or acquisition.

11. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your data: