msb-public
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Code Issues Projects Releases Wiki Activity

Updated privacy policy

Browse Source
master
M66B 1 month ago
parent ecfc14f044
commit 4ba5a6ef91
2 changed files with 143 additions and 30 deletions
Show Stats Download Patch File Download Diff File

102
PRIVACY.md
Unescape View File

@ -9,14 +9,25 @@
<br />
This privacy policy will be updated as needed, such as when there are changes in the app or when regulations or laws change.
Last update: **May 24, 2024**
<br />
First of all, FairEmail's main goal is to help you protect your privacy.
What follows is a complete overview of all the data that **can be** sent to the internet,
which in the end is always your choice and therefore optional (except of course connecting to the email server).
What follows is a complete overview of all the data that will be stored on the device and that **can be** sent to the internet.
The latter is in the end always your choice and therefore optional.
Except for error reports (disabled by default), the app does not send any data to the developer.
Error reports will automatically be deleted after one month, or earlier upon request.
Data will **never** be sold or shared in any way.
Data collected on the device will **never** be sold or shared in any way.
Data collected on the device will **never** be used for profiling, (AI) training or advertisements.
You have the right to lodge a complaint with a supervisory data protection authority,
please [see here](https://en.wikipedia.org/wiki/National_data_protection_authority) for a list.
<br>
@ -76,6 +87,7 @@ FairEmail **can use** these services if they are explicitly enabled (off by defa
* [GitHub](https://github.com/) (GitHub version only) &#8211; [Privacy policy](https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement)
* [Have I Been Pwned?](https://haveibeenpwned.com/) &#8211; [Privacy policy](https://haveibeenpwned.com/Privacy)
* [Bugsnag](https://www.bugsnag.com/) &#8211; [Privacy policy](https://smartbear.com/privacy/)
* [Google Play Billing](https://developer.android.com/distribute/play-billing) &#8211; [Privacy policy](https://wallet.google.com/files/privacy.html)
FairEmail **can access** the websites at the domain names of email addresses (username@domain.name)
if [Brand Indicators for Message Identification](https://en.wikipedia.org/wiki/Brand_Indicators_for_Message_Identification) (BIMI)
@ -90,41 +102,63 @@ FairEmail **is** [GDPR compliant](https://gdpr.eu/).
<br />
### Summary of stored (collected) data
The following data is stored on the device or, in other words, collected, but not sent off the device:
| Data stored (collected) | Purpose | Related Android permissions |
| ----------------------------------------------------------------------------- | ------------------------------- | --------------------------- |
| Names and email addresses (account and contact data) | To configure accounts | GET_ACCOUNTS |
| | To suggest email addresses | READ_CONTACTS |
| Email messages, including meta data (headers) | To list and display messages | |
| | To search for messages | |
| Attachment files (audio, sound, music, voice, photos, video, documents, etc.) | To play media (audio, video) | READ_EXTERNAL_STORAGE |
| | To view images, documents, etc. | READ_EXTERNAL_STORAGE |
By default, personal data as mentioned above will be stored on your device for 30 days.
You can delete this data, and you can opt-out of storing this data by uninstalling the app.
<br />
### Summary of shared data
This table provides a complete overview of all shared data and the conditions under which data will be shared:
<div class="table-wrapper">
| Service/function | Data sent | When the data will be sent |
| ------------------ | ------------------------------------------------------------------ | --------------------------------------------------------------------------- |
| Mozilla autoconfig | Domain name of email address of email accounts | Upon configuring an email account with the quick setup wizard |
| Email server | Login credentials (email address/password), messages sent | Upon configuring and using an account or identity and upon sending messages |
| ipinfo.io | IP (network) address of domain names of links or email addresses | Upon pressing a button in the link confirmation dialog |
| Spamhaus | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| Spamcop | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| Barracuda | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| DeepL | Received or entered message text and target language code | If translating is enabled, upon pressing a translate button |
| LanguageTool | Entered message texts | If LanguageTools is enabled, upon long pressing the save draft button |
| VirusTotal | [SHA-256 hash](https://en.wikipedia.org/wiki/SHA-2) of attachments | If VirusTotal is enabled, upon long pressing a scan button (*) |
| VirusTotal | Attached file contents | If VirusTotal is enabled, upon long pressing an upload button (*) |
| OpenAI/ChatGPT | Received and entered message texts | If configured and upon pressing a button or using a menu item |
| Google Gemini | Received and entered message texts | If configured and upon pressing a button or using a menu item |
| Gravatar | [MD5 hash](https://en.wikipedia.org/wiki/MD5) of email addresses | If Gravatars are enabled, upon receiving a message (*) |
| Libravatar | [MD5 hash](https://en.wikipedia.org/wiki/MD5) of email addresses | If Libravatars are enabled, upon receiving a message (*) |
| GitHub | None, but see the remarks below | Upon downloading AdGuard tracking parameter list |
| | | Upon downloading Disconnect's Tracker Protection lists |
| | | Upon checking for updates (*) |
| Have I Been Pwned? | The first 5 characters of the SHA1 hash of passwords | Upon checking for being pwned |
| BIMI | Domain name of email addresses | If BIMI is enabled, upon receiving a message (*) |
| Favicons | Domain name of email addresses | If favicons are enabled, upon receiving a message |
| Link title | Link address | Upon pressing a download button in the insert link dialog |
| Bugsnag | Information about warnings and errors | If error reporting is enabled, upon detecting an abnormal situation |
| Service/function | Data sent | When the data will be sent |
| ------------------- | ------------------------------------------------------------------ | --------------------------------------------------------------------------- |
| Mozilla autoconfig | Domain name of email address of email accounts | Upon configuring an email account with the quick setup wizard |
| Email server | Login credentials (email address/password), messages sent | Upon configuring and using an account or identity and upon sending messages |
| ipinfo.io | IP (network) address of domain names of links or email addresses | Upon pressing a button in the link confirmation dialog |
| Spamhaus | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| Spamcop | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| Barracuda | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| DeepL | Received or entered message text and target language code | If translating is enabled, upon pressing a translate button |
| LanguageTool | Entered message texts | If LanguageTools is enabled, upon long pressing the save draft button |
| VirusTotal | [SHA-256 hash](https://en.wikipedia.org/wiki/SHA-2) of attachments | If VirusTotal is enabled, upon long pressing a scan button (*) |
| VirusTotal | Attached file contents | If VirusTotal is enabled, upon long pressing an upload button (*) |
| OpenAI/ChatGPT | Received and entered message texts | If configured and upon pressing a button or using a menu item |
| Google Gemini | Received and entered message texts | If configured and upon pressing a button or using a menu item |
| Gravatar | [MD5 hash](https://en.wikipedia.org/wiki/MD5) of email addresses | If Gravatars are enabled, upon receiving a message (*) |
| Libravatar | [MD5 hash](https://en.wikipedia.org/wiki/MD5) of email addresses | If Libravatars are enabled, upon receiving a message (*) |
| GitHub | None, but see the remarks below | Upon downloading AdGuard tracking parameter list |
| | | Upon downloading Disconnect's Tracker Protection lists |
| | | Upon checking for updates (*) |
| Have I Been Pwned? | The first 5 characters of the SHA1 hash of passwords | Upon checking for being pwned |
| BIMI | Domain name of email addresses | If BIMI is enabled, upon receiving a message (*) |
| Favicons | Domain name of email addresses | If favicons are enabled, upon receiving a message |
| Link title | Link address | Upon pressing a download button in the insert link dialog |
| Bugsnag | Information about warnings and errors | If error reporting is enabled, upon detecting an abnormal situation |
| Google Play Billing | "insight into API usage and service connection issues" | Not disclosed by Google (**) (endpoint: firebaselogging.googleapis.com) |
</div>
(*) Only available in the GitHub version of the app
(**) Only available in the Play Store version of the app
All data is sent to improve the user experience in some way,
like to simplify account setup, identify spam and malicious messages, display message and sender information, find bugs and errors, etc.
@ -132,6 +166,20 @@ Note that any internet connection reveals your current [network address](https:/
Also, when downloading content, like images and files, the [browser's user agent string](https://en.wikipedia.org/wiki/User_agent) will be sent.
There is a privacy option to minimize the information being sent, but please be aware that this can result in problems in some cases.
Under the General Data Protection Regulation (GDPR),
the California Consumer Privacy Act (CCPA),
the Virginia Consumer Data Protection Act (VCDPA),
Lei Geral de Proteção de Dados (LGPD), and other regulations,
you have the right to know whether your personal data is shared or sold to third parties, used for (targeted) advertising, profiling, etc.,
and you have the right to access, rectify and delete personal data.
To exercise these rights, or if you have questions about data retention, etc., you can contact the service providers listed above.
Under the Virginia Consumer Data Protection Act (VCDPA) and other regulations,
you need to be told how to exercise your opt-out right for sharing or selling of your data,
using your data for targeted advertising,
and profiling your data that supports decisions that have legal or similarly significant implications for you.
You can opt-out of having your data shared, sold, used for (targeted) advertising, profiling (for decision making), etc. by not using these optional services/functions.
<br />
### Definitions of terms

71
privacy/index.html
Unescape View File

@ -32,9 +32,14 @@
<h2 id="privacy-policy">Privacy policy</h2>
<p><a href="https://translate.google.com/translate?hl=&amp;sl=en&amp;u=https%3A%2F%2Fraw.githubusercontent.com%2FM66B%2FFairEmail%2Fmaster%2FPRIVACY.md">🌎 Google Translate</a></p>
<p><br /></p>
<p>First of all, FairEmails main goal is to help you protect your privacy. What follows is a complete overview of all the data that <strong>can be</strong> sent to the internet, which in the end is always your choice and therefore optional (except of course connecting to the email server).</p>
<p>This privacy policy will be updated as needed, such as when there are changes in the app or when regulations or laws change.</p>
<p>Last update: <strong>May 24, 2024</strong></p>
<p><br /></p>
<p>First of all, FairEmails main goal is to help you protect your privacy. What follows is a complete overview of all the data that will be stored on the device and that <strong>can be</strong> sent to the internet. The latter is in the end always your choice and therefore optional.</p>
<p>Except for error reports (disabled by default), the app does not send any data to the developer. Error reports will automatically be deleted after one month, or earlier upon request.</p>
<p>Data will <strong>never</strong> be sold or shared in any way.</p>
<p>Data collected on the device will <strong>never</strong> be sold or shared in any way.</p>
<p>Data collected on the device will <strong>never</strong> be used for profiling, (AI) training or advertisements.</p>
<p>You have the right to lodge a complaint with a supervisory data protection authority, please <a href="https://en.wikipedia.org/wiki/National_data_protection_authority">see here</a> for a list.</p>
<p><br></p>
<p>The <a href="https://play.google.com/store/apps/datasafety?id=eu.faircode.email">data safety</a> in the Play Store says:</p>
<p><em>The developer says this app doesnt share user data with other companies or organizations.</em>”.</p>
@ -69,12 +74,64 @@
<li><a href="https://github.com/">GitHub</a> (GitHub version only) <a href="https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement">Privacy policy</a></li>
<li><a href="https://haveibeenpwned.com/">Have I Been Pwned?</a> <a href="https://haveibeenpwned.com/Privacy">Privacy policy</a></li>
<li><a href="https://www.bugsnag.com/">Bugsnag</a> <a href="https://smartbear.com/privacy/">Privacy policy</a></li>
<li><a href="https://developer.android.com/distribute/play-billing">Google Play Billing</a> <a href="https://wallet.google.com/files/privacy.html">Privacy policy</a></li>
</ul>
<p>FairEmail <strong>can access</strong> the websites at the domain names of email addresses (username@domain.name) if <a href="https://en.wikipedia.org/wiki/Brand_Indicators_for_Message_Identification">Brand Indicators for Message Identification</a> (BIMI) or <a href="https://en.wikipedia.org/wiki/Favicon">favicons</a> were explicitly enabled (off by default).</p>
<p>FairEmail <strong>will access</strong> the website at the link address if you tap the <em>Fetch title</em> button in the insert link dialog (from version 1.1905).</p>
<p>FairEmail obviously <strong>will access</strong> the configured email servers.</p>
<p>FairEmail <strong>is</strong> <a href="https://gdpr.eu/">GDPR compliant</a>.</p>
<p><br /></p>
<h3 id="summary-of-stored-collected-data">Summary of stored (collected) data</h3>
<p>The following data is stored on the device or, in other words, collected, but not sent off the device:</p>
<table>
<colgroup>
<col style="width: 57%" />
<col style="width: 22%" />
<col style="width: 20%" />
</colgroup>
<thead>
<tr class="header">
<th>Data stored (collected)</th>
<th>Purpose</th>
<th>Related Android permissions</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td>Names and email addresses (account and contact data)</td>
<td>To configure accounts</td>
<td>GET_ACCOUNTS</td>
</tr>
<tr class="even">
<td></td>
<td>To suggest email addresses</td>
<td>READ_CONTACTS</td>
</tr>
<tr class="odd">
<td>Email messages, including meta data (headers)</td>
<td>To list and display messages</td>
<td></td>
</tr>
<tr class="even">
<td></td>
<td>To search for messages</td>
<td></td>
</tr>
<tr class="odd">
<td>Attachment files (audio, sound, music, voice, photos, video, documents, etc.)</td>
<td>To play media (audio, video)</td>
<td>READ_EXTERNAL_STORAGE</td>
</tr>
<tr class="even">
<td></td>
<td>To view images, documents, etc.</td>
<td>READ_EXTERNAL_STORAGE</td>
</tr>
</tbody>
</table>
<p>By default, personal data as mentioned above will be stored on your device for 30 days.</p>
<p>You can delete this data, and you can opt-out of storing this data by uninstalling the app.</p>
<p><br /></p>
<h3 id="summary-of-shared-data">Summary of shared data</h3>
<p>This table provides a complete overview of all shared data and the conditions under which data will be shared:</p>
<div class="table-wrapper">
@ -82,7 +139,7 @@
<colgroup>
<col style="width: 11%" />
<col style="width: 41%" />
<col style="width: 47%" />
<col style="width: 46%" />
</colgroup>
<thead>
<tr class="header">
@ -202,12 +259,20 @@
<td>Information about warnings and errors</td>
<td>If error reporting is enabled, upon detecting an abnormal situation</td>
</tr>
<tr class="odd">
<td>Google Play Billing</td>
<td>“insight into API usage and service connection issues”</td>
<td>Not disclosed by Google (**) (endpoint: firebaselogging.googleapis.com)</td>
</tr>
</tbody>
</table>
</div>
<p>(*) Only available in the GitHub version of the app</p>
<p>(**) Only available in the Play Store version of the app</p>
<p>All data is sent to improve the user experience in some way, like to simplify account setup, identify spam and malicious messages, display message and sender information, find bugs and errors, etc.</p>
<p>Note that any internet connection reveals your current <a href="https://en.wikipedia.org/wiki/Network_address">network address</a>. Also, when downloading content, like images and files, the <a href="https://en.wikipedia.org/wiki/User_agent">browsers user agent string</a> will be sent. There is a privacy option to minimize the information being sent, but please be aware that this can result in problems in some cases.</p>
<p>Under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), Lei Geral de Proteção de Dados (LGPD), and other regulations, you have the right to know whether your personal data is shared or sold to third parties, used for (targeted) advertising, profiling, etc., and you have the right to access, rectify and delete personal data. To exercise these rights, or if you have questions about data retention, etc., you can contact the service providers listed above.</p>
<p>Under the Virginia Consumer Data Protection Act (VCDPA) and other regulations, you need to be told how to exercise your opt-out right for sharing or selling of your data, using your data for targeted advertising, and profiling your data that supports decisions that have legal or similarly significant implications for you. You can opt-out of having your data shared, sold, used for (targeted) advertising, profiling (for decision making), etc. by not using these optional services/functions.</p>
<p><br /></p>
<h3 id="definitions-of-terms">Definitions of terms</h3>
<p>This section defines some terms and words. Knowing those terms will help you understand the following sections.</p>

Write Preview
Loading…
Cancel
Save