Email Ruler — Privacy Policy

1. Data We Collect

Account Information: When you sign in with Apple or Google, we receive your name and email address to create your account. This is stored securely in Firebase Authentication.

Email Metadata: When you scan your inbox, we access message headers (sender, subject, date) through Gmail API or Microsoft Graph API. We do not read email bodies or attachments.

AI Analysis: If you choose AI analysis, sender names and subject lines are sent to our Cloud Function, which uses AI services to classify senders. Subjects are redacted (emails, URLs, and long numbers are removed) before processing. Results are cached in Firebase Firestore with hashed sender identifiers.

Purchase Information: Subscription status is managed by Apple through StoreKit. We do not collect or store payment details.

Usage Data: Firebase Analytics may collect anonymous usage data such as app opens and feature usage. No personal email content is included.

2. Data We Do NOT Collect

• We do not read, store, or transmit the body content of your emails
• We do not access your contacts, calendar, or files
• We do not sell, share, or rent your personal data to third parties
• We do not use your data for advertising

3. How We Use Your Data

• To authenticate you and maintain your account
• To scan your inbox and display sender statistics
• To create blocking rules in your email account (Gmail filters or Outlook rules)
• To provide AI-powered sender classification (optional)
• To manage your subscription status

4. Third-Party Services

• Firebase (Google) — Authentication, Cloud Functions, Firestore, Analytics
• Google Gmail API — Reading email headers and managing filters
• Microsoft Graph API — Reading Outlook email headers and managing rules
• AI Services — Sender classification (optional, processed via our Cloud Function)
• Apple StoreKit — Subscription management

Each service has its own privacy policy. We encourage you to review them.

5. Data Storage & Security

• Your account data is stored in Firebase (Google Cloud) with encryption at rest and in transit
• AI scoring results are cached in Firestore with HMAC-hashed sender identifiers for privacy
• Local data (accounts, history, preferences) is stored on your device using UserDefaults and Keychain
• Free action tokens are stored in iOS Keychain for tamper resistance

6. Data Retention & Deletion

• You can delete your account at any time from the app menu (Menu > Delete Account). This permanently removes your Firebase account and all associated data
• AI score caches expire automatically after 45 days
• Local data is removed when you delete the app

7. Your Rights

• Access: You can view all data the app has collected within the app itself
• Deletion: You can delete your account and all associated data at any time
• Portability: Your email data remains in your email provider's systems; we only access headers temporarily during scans
• Opt-out: AI analysis is optional. You can skip it and use the app with email counts only

8. Children's Privacy

Email Ruler is not intended for use by children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy from time to time. Changes will be reflected in the "Last updated" date above. Continued use of the app after changes constitutes acceptance.