MailMinion Privacy Policy

Version: 1.0.0
Last updated: August 15, 2025

Overview

MailMinion is a Chrome extension that builds a private, on-device Q&A knowledge base from your historical Gmail data to prompt a local language model to draft intelligent, automatic email replies.

Data We Access & Retain

Email content & headers (messages, threads, participants, subject lines) — accessed only after you grant permission; stored locally in your browser via chrome.storage and IndexedDB
Diagnostics (non-PII counters, timings, error flags) — local only. Diagnostics are stored locally and may be cleared when you delete local data or uninstall the extension
We do not collect data from any websites unless you click "Extract from this page" (this feature runs only after a user gesture and can request optional host permissions just-in-time). Any extracted content remains on your device and is never sent to external servers

We may process your Google Account email, thread/message/label IDs, and similar identifiers strictly to operate the extension; these are stored locally in chrome.storage and IndexedDB.

Retention: All data remains on your device until you delete it or uninstall the extension.

How We Use Data

Process Gmail content locally to identify Q&A pairs and categories
Improve the extension's functionality (local analytics and logs only)
Data is not used for advertising
We do not use your Gmail data to train or update machine-learning model parameters. Gmail data is only used as input context for local inference with pre-trained models
Data will never be sold or transferred to any third party

Data Sharing & Transfer

        We do not sell or share your data.

        Gmail content is processed locally and is not transmitted to our servers.

        We do not sell or "share" personal information as those terms are defined under the CCPA/CPRA.

Your Controls

Delete local data: Open the MailMinion popup → Settings → Delete all local data (this clears MailMinion's chrome.storage and IndexedDB)
Revoke Gmail access: Visit https://myaccount.google.com/permissions → find MailMinion → Remove access
Uninstall: Remove the extension from Chrome to delete its local data

Google API Services – Limited Use

MailMinion's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

We only use Gmail data to provide or improve user-facing features in this extension
We do not transfer Gmail data to third parties, except as necessary to comply with applicable law
We do not allow humans to read your Gmail data except (a) with your affirmative consent, (b) for security/debugging where access is strictly necessary, or (c) when required by law, and any such access is limited to the minimum necessary and logged
We do not use Gmail data for advertising or to build advertising profiles
We do not use your Gmail data to train or update machine-learning model parameters. Gmail data is only used as input context for local inference with pre-trained models
You may revoke MailMinion's access to your Gmail at any time

Permissions

identity — to obtain an OAuth token after you consent
storage — to store your settings and locally saved Q&A/analysis
scripting & activeTab — to extract Q&A from the current tab only when you click an extract button
offscreen — to run local machine-learning models efficiently in an isolated context
optional host permissions (e.g., https://mail.google.com/*) — requested just-in-time when needed

OAuth Tokens & Authentication

MailMinion uses the Chrome Identity API to obtain short-lived OAuth tokens after your consent. Tokens are cached by Chrome on your device and used only to call the Gmail API on your behalf. We do not transmit OAuth tokens to our servers or store them outside your device. Tokens are automatically expired/invalidated by Google and can be revoked by you at any time.

Children's Privacy

MailMinion is not directed to children under 13 (or 16 in some regions), and we do not knowingly collect personal information from children.

Security & Processing Location

MailMinion is a Manifest V3 extension. All machine-learning execution occurs on your device. The WebAssembly runtime and JavaScript code are packaged with the extension; we do not load or execute remote code from third-party domains. The extension may download model weights (data files) from a trusted CDN (e.g., Hugging Face) or a local file you provide; these downloads do not contain your personal data. Gmail content is never transmitted off your device. Downloading model weights may generate standard CDN request logs (e.g., IP address and timestamp). These requests contain no Gmail content.

International Transfers

We do not transmit your Gmail content to our servers. If you contact us for support and voluntarily share information, it may be processed in the country where our organization is based.

Your Privacy Rights

Depending on your location, you may have rights to access, correct, or delete your personal information. Because MailMinion stores Gmail-derived data locally in your browser, you can delete it directly using the controls above. For other requests (for example, information you voluntarily emailed to our support team), contact us at support@mailminion.co.

For EU/UK users, our lawful basis for processing Gmail data is your consent, which you grant when you authorize access; you may withdraw consent at any time by revoking access or uninstalling.

Changes

We may update this policy periodically. We will update the "Last updated" date at the top. Your continued use after changes means you accept the revised policy.

Policy Scope

This policy applies to the MailMinion Chrome extension. Our website or support tools may have separate policies.

Publisher

MailMinion Extension Team
Contact: support@mailminion.co
Site: https://mailminion.co