Privacy Policy

Last updated: March 1, 2026

This Privacy Policy describes how Massive Delete Gmail ("we", "us", "our") collects, uses, and protects information when you use our Gmail bulk-deletion tool (the "Service"). By using the Service, you agree to this policy.

1. Data Accessed via Google OAuth

To function, the Service requests the following OAuth scopes from your Google account:

• Gmail read-only metadata — to search and list emails matching your specified criteria (sender, keywords).
• Gmail modify / delete — to permanently delete emails you have explicitly confirmed for deletion.
• User email address — to display which account is currently connected.

We request only the minimum scopes necessary. We do not request access to Google Drive, Contacts, Calendar, or any other Google service.

2. How We Use Gmail API & Apps Script

The Service runs entirely within Google Apps Script, a server-side JavaScript platform hosted by Google. This means:

• All processing occurs on Google's infrastructure — not on third-party servers.
• The Service uses the Gmail API and GmailApp (Apps Script built-in service) to search, list, and delete email threads.
• No email data is transmitted to, or processed on, any external server.

3. Data Storage

We do not store the content of your emails. Specifically:

• Email bodies, attachments, headers, and metadata are never saved, copied, or cached by the Service.
• Emails are processed in real-time solely to execute the actions you request (search, preview, delete).
• Once a session ends, no email data is retained.

4. Minimal Logging

For operational reliability and debugging, we may log:

• Timestamps of operations (e.g., when a deletion batch ran).
• Aggregate metrics (e.g., total number of emails deleted, error counts).

These logs do not contain email content, subject lines, sender addresses, or any personally identifiable information. Logs are retained for a maximum of 90 days and are used solely for debugging and improving the Service.

5. Data Retention

• Email data: Not retained. Processed in real-time and discarded immediately.
• Account identifier (email address): Displayed during your session only; not stored persistently by the Service.
• Aggregate logs: Retained for up to 90 days, then automatically purged.

6. Data Sharing

We do not sell, rent, share, or disclose your data to third parties. Period.

The only parties with access to your data during processing are:

• Google — as the infrastructure provider (Apps Script, Gmail API).
• You — the authenticated account owner.

7. Security

We implement the following safeguards:

• All communication occurs over HTTPS/TLS encryption.
• Authentication is delegated to Google's OAuth 2.0 system — we never see your password.
• The Service runs within Google's secure Apps Script sandbox environment.
• No data is stored on external databases or servers.

8. Your Rights

You have the right to:

• Access: Know what data the Service processes (answer: only what's needed for real-time operations).
• Deletion: Request that any residual logs be deleted — contact us and we will comply promptly.
• Revocation: Revoke the Service's access to your Google account at any time (see below).
• Portability: Since we don't store your data, there is nothing to export.

9. How to Revoke Access

You can revoke the Service's access to your Gmail at any time:

1. Go to Google Account → Security.
2. Under "Third-party apps with account access", click "Manage third-party access".
3. Find "Massive Delete Gmail" (or "Gmail — Massive Delete") and click "Remove Access".

Once revoked, the Service will no longer be able to access your Gmail data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions or concerns about this Privacy Policy, please contact us:

Email: augustolima04@gmail.com