The Most Important Points
- 100% LOCAL PROCESSING - All operations happen in your browser
- NO REMOTE SERVERS - We don't operate any servers or cloud infrastructure
- NO DATA TRANSMISSION - Your data is never sent anywhere except Gmail's official API
- NO DATA COLLECTION - We collect zero user data
- NO ANALYTICS - We don't track how you use the extension
- NO THIRD PARTIES - We don't share anything with anyone
Overview
SweepYourMail is a free Chrome extension that helps users clean and organize their Gmail inbox by grouping emails by sender and enabling bulk actions. This privacy policy explains what data we access, how we use it, and how we protect your privacy.
Data We Access
Email Metadata (Read-Only Access)
When you use SweepYourMail, we access the following email metadata through the official Gmail API:
| Data Type | Purpose |
|---|---|
| Sender name | To group emails by sender |
| Sender email address | To identify unique senders |
| Email subject lines | For category detection (newsletters, promotions, etc.) |
| Email dates | To show date ranges and sorting |
| Email labels | To understand inbox organization |
| Email size | To show storage usage statistics |
| Message IDs | To perform actions on specific emails |
What We NEVER Access
- Email body content - We never read your actual messages
- Attachments - We don't access any attached files
- Contacts - We don't access your contact list
- Calendar, Drive, Photos - We don't access any other Google services
How We Use Your Data
Local Processing Only
All email metadata is processed entirely within your browser:
- Fetching: Email metadata is fetched directly from Gmail API to your browser
- Processing: Analysis and grouping happens in browser memory
- Storage: Only aggregated statistics are cached in your browser's IndexedDB
- Display: Results are shown in the extension sidebar
- Actions: Your commands are sent directly to Gmail API
At no point does any data pass through our infrastructure, because we have no infrastructure.
Actions We Perform
When you explicitly request it, SweepYourMail can perform these actions through the Gmail API:
| Action | What Happens | User Confirmation |
|---|---|---|
| Delete | Moves emails to Gmail's Trash | Required - modal confirmation |
| Archive | Removes Inbox label from emails | Required - modal confirmation |
| Mark as Spam | Moves emails to Gmail's Spam folder | Required - modal confirmation |
| Block Sender | Creates a Gmail filter to auto-delete future emails | Required - modal confirmation |
| Mark as Read | Sets email status to read | Required - modal confirmation |
| Empty Spam | Permanently deletes all spam emails | Required - warning modal with "cannot be undone" |
| Empty Trash | Permanently deletes all trash emails | Required - warning modal with "cannot be undone" |
OAuth Scopes Explained
SweepYourMail requests the following Google OAuth scopes to function:
gmail.readonly
Purpose: Read email metadata (sender, date, labels, size) to group and display emails by sender.
What we read: Only email headers and metadata. We NEVER read email body content.
Why needed: Users need to see which senders have the most emails to decide what to clean.
gmail.modify
Purpose: Perform user-initiated bulk actions on emails.
Actions enabled: Archive, mark as spam, move to trash, add/remove labels, mark as read/unread.
Why needed: Users need to perform cleanup actions on their emails. Every action requires explicit user confirmation via a modal dialog.
https://mail.google.com/ (Full Access)
Purpose: Required ONLY for permanent deletion operations.
Actions enabled: "Empty Spam" and "Empty Trash" - permanently delete all emails in these folders.
Why needed: Gmail's batchDelete API requires this scope. The gmail.modify scope only allows moving to trash, not permanent deletion.
Safeguards:
- Permanent deletion is ONLY available for Spam and Trash folders
- Users must confirm via a warning modal before any permanent deletion
- The modal explicitly states "This action cannot be undone"
Chrome Extension Permissions
| Permission | Why We Need It |
|---|---|
identity | To authenticate with Google OAuth 2.0 securely |
storage | To save your preferences locally in Chrome |
alarms | For optional background sync of new emails |
notifications | To notify you when background operations complete |
offscreen | To enable background indexing when Gmail tab is not active |
Third-Party Services
SweepYourMail communicates with only these services:
- Gmail API (gmail.googleapis.com) - Email operations
- Google OAuth (accounts.google.com) - Authentication
We do not use:
- Analytics services (no Google Analytics, no Mixpanel, nothing)
- Crash reporting services
- Advertising networks
- Any other third-party services
Data Flow Diagram
Your Browser ↔ Gmail API (googleapis.com)
That's it. Nothing else. No intermediary servers.
Data Security
- All communication with Gmail uses HTTPS/TLS encryption
- OAuth tokens are managed securely by Chrome's identity API
- Tokens are never stored in plain text or accessible to websites
- Data in IndexedDB is protected by Chrome's security model and isolated per-origin
- Each Google account's data is stored separately and isolated
Your Rights and Controls
Access Your Data
View locally stored data via Chrome DevTools (F12 → Application → IndexedDB → SweepYourMail)
Delete Your Data
- Clear extension data: Right-click extension icon → Manage extension → Clear data
- From extension settings: Open sidebar → Settings → Export/Clear Data → Clear All Data
- Uninstall: All local data is automatically deleted when you uninstall the extension
Revoke Gmail Access
Remove SweepYourMail's access to your Google account at any time:
myaccount.google.com/permissions
Children's Privacy
SweepYourMail is not intended for use by children under 13 years of age. We do not knowingly collect any information from children.
Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated through extension update notes in the Chrome Web Store. The "Last Updated" date at the top of this policy indicates when it was last revised.
Open Source Philosophy
While SweepYourMail is not open source, we operate with transparency principles. Our architecture is deliberately simple and local-only, making it verifiable that no data leaves your browser.
Contact
For questions, concerns, or requests regarding this privacy policy:
- Email: casblasvic@gmail.com
- GitHub: github.com/casblasvic
- Website: sweepyourmail.com
Summary
SweepYourMail processes your email metadata 100% locally to help you organize your inbox.
- ✓ We have NO servers - zero infrastructure
- ✓ We collect NO data - nothing is sent to us
- ✓ We share NOTHING with third parties
- ✓ Your emails NEVER leave your browser
- ✓ Every action requires your explicit confirmation
- ✓ You can delete all data instantly by uninstalling
- ✓ Extension is FREE with no monetization of user data
Your privacy is not just a feature - it's our architecture.