diff --git a/PRIVACY.md b/PRIVACY.md
index ca9bc57183..8695f320fa 100644
--- a/PRIVACY.md
+++ b/PRIVACY.md
@@ -9,14 +9,25 @@
+This privacy policy will be updated as needed, such as when there are changes in the app or when regulations or laws change.
+
+Last update: **May 24, 2024**
+
+
+
First of all, FairEmail's main goal is to help you protect your privacy.
-What follows is a complete overview of all the data that **can be** sent to the internet,
-which in the end is always your choice and therefore optional (except of course connecting to the email server).
+What follows is a complete overview of all the data that will be stored on the device and that **can be** sent to the internet.
+The latter is in the end always your choice and therefore optional.
Except for error reports (disabled by default), the app does not send any data to the developer.
Error reports will automatically be deleted after one month, or earlier upon request.
-Data will **never** be sold or shared in any way.
+Data collected on the device will **never** be sold or shared in any way.
+
+Data collected on the device will **never** be used for profiling, (AI) training or advertisements.
+
+You have the right to lodge a complaint with a supervisory data protection authority,
+please [see here](https://en.wikipedia.org/wiki/National_data_protection_authority) for a list.
@@ -76,6 +87,7 @@ FairEmail **can use** these services if they are explicitly enabled (off by defa
* [GitHub](https://github.com/) (GitHub version only) – [Privacy policy](https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement)
* [Have I Been Pwned?](https://haveibeenpwned.com/) – [Privacy policy](https://haveibeenpwned.com/Privacy)
* [Bugsnag](https://www.bugsnag.com/) – [Privacy policy](https://smartbear.com/privacy/)
+* [Google Play Billing](https://developer.android.com/distribute/play-billing) – [Privacy policy](https://wallet.google.com/files/privacy.html)
FairEmail **can access** the websites at the domain names of email addresses (username@domain.name)
if [Brand Indicators for Message Identification](https://en.wikipedia.org/wiki/Brand_Indicators_for_Message_Identification) (BIMI)
@@ -90,41 +102,63 @@ FairEmail **is** [GDPR compliant](https://gdpr.eu/).
+### Summary of stored (collected) data
+
+The following data is stored on the device or, in other words, collected, but not sent off the device:
+
+| Data stored (collected) | Purpose | Related Android permissions |
+| ----------------------------------------------------------------------------- | ------------------------------- | --------------------------- |
+| Names and email addresses (account and contact data) | To configure accounts | GET_ACCOUNTS |
+| | To suggest email addresses | READ_CONTACTS |
+| Email messages, including meta data (headers) | To list and display messages | |
+| | To search for messages | |
+| Attachment files (audio, sound, music, voice, photos, video, documents, etc.) | To play media (audio, video) | READ_EXTERNAL_STORAGE |
+| | To view images, documents, etc. | READ_EXTERNAL_STORAGE |
+
+By default, personal data as mentioned above will be stored on your device for 30 days.
+
+You can delete this data, and you can opt-out of storing this data by uninstalling the app.
+
+
+
### Summary of shared data
This table provides a complete overview of all shared data and the conditions under which data will be shared:
First of all, FairEmail’s main goal is to help you protect your privacy. What follows is a complete overview of all the data that can be sent to the internet, which in the end is always your choice and therefore optional (except of course connecting to the email server).
+This privacy policy will be updated as needed, such as when there are changes in the app or when regulations or laws change.
+Last update: May 24, 2024
+First of all, FairEmail’s main goal is to help you protect your privacy. What follows is a complete overview of all the data that will be stored on the device and that can be sent to the internet. The latter is in the end always your choice and therefore optional.
Except for error reports (disabled by default), the app does not send any data to the developer. Error reports will automatically be deleted after one month, or earlier upon request.
-Data will never be sold or shared in any way.
+Data collected on the device will never be sold or shared in any way.
+Data collected on the device will never be used for profiling, (AI) training or advertisements.
+You have the right to lodge a complaint with a supervisory data protection authority, please see here for a list.
The data safety in the Play Store says:
“The developer says this app doesn’t share user data with other companies or organizations.”.
@@ -69,12 +74,64 @@FairEmail can access the websites at the domain names of email addresses (username@domain.name) if Brand Indicators for Message Identification (BIMI) or favicons were explicitly enabled (off by default).
FairEmail will access the website at the link address if you tap the Fetch title button in the insert link dialog (from version 1.1905).
FairEmail obviously will access the configured email servers.
FairEmail is GDPR compliant.
The following data is stored on the device or, in other words, collected, but not sent off the device:
+Data stored (collected) | +Purpose | +Related Android permissions | +
---|---|---|
Names and email addresses (account and contact data) | +To configure accounts | +GET_ACCOUNTS | +
+ | To suggest email addresses | +READ_CONTACTS | +
Email messages, including meta data (headers) | +To list and display messages | ++ |
+ | To search for messages | ++ |
Attachment files (audio, sound, music, voice, photos, video, documents, etc.) | +To play media (audio, video) | +READ_EXTERNAL_STORAGE | +
+ | To view images, documents, etc. | +READ_EXTERNAL_STORAGE | +
By default, personal data as mentioned above will be stored on your device for 30 days.
+You can delete this data, and you can opt-out of storing this data by uninstalling the app.
+This table provides a complete overview of all shared data and the conditions under which data will be shared:
(*) Only available in the GitHub version of the app
+(**) Only available in the Play Store version of the app
All data is sent to improve the user experience in some way, like to simplify account setup, identify spam and malicious messages, display message and sender information, find bugs and errors, etc.
Note that any internet connection reveals your current network address. Also, when downloading content, like images and files, the browser’s user agent string will be sent. There is a privacy option to minimize the information being sent, but please be aware that this can result in problems in some cases.
+Under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), Lei Geral de Proteção de Dados (LGPD), and other regulations, you have the right to know whether your personal data is shared or sold to third parties, used for (targeted) advertising, profiling, etc., and you have the right to access, rectify and delete personal data. To exercise these rights, or if you have questions about data retention, etc., you can contact the service providers listed above.
+Under the Virginia Consumer Data Protection Act (VCDPA) and other regulations, you need to be told how to exercise your opt-out right for sharing or selling of your data, using your data for targeted advertising, and profiling your data that supports decisions that have legal or similarly significant implications for you. You can opt-out of having your data shared, sold, used for (targeted) advertising, profiling (for decision making), etc. by not using these optional services/functions.
This section defines some terms and words. Knowing those terms will help you understand the following sections.