You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
FairEmail/PRIVACY.md

156 lines
7.8 KiB

# Privacy policy
<sub>[&#x1F30E; Google Translate](https://translate.google.com/translate?hl=&sl=en&u=https%3A%2F%2Fgithub.com%2FM66B%2FFairEmail%2Fblob%2Fmaster%2FPRIVACY.md)</sub>
<br />
## Overview
FairEmail **does not** collect any data.
FairEmail **does not** send data to or store data on third party servers.
FairEmail **does not** require unnecessary permissions.
For more information on permissions, see [this FAQ](https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq1).
FairEmail **does not** allow other apps access to messages and attachments without your approval.
FairEmail **does** follow the recommendations of [this EFF article](https://www.eff.org/deeplinks/2019/01/stop-tracking-my-emails).
FairEmail is 100 % **open source**, see [the license](https://github.com/M66B/FairEmail/blob/master/LICENSE).
Error reporting via Bugsnag **is opt-in**, see [here](https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq104) for more information.
FairEmail **will not** transfer data to other apps and services
and therefore adheres to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes),
including the Limited Use requirements.
Google API Services are used only to authenticate Gmail accounts through OAuth.
FairEmail **can use** these services if they are explicitly enabled (off by default) or are explicitly used by you:
* [ipinfo.io](https://ipinfo.io/) &#8211; [Privacy policy](https://ipinfo.io/privacy-policy)
* [Spamhaus](https://www.spamhaus.org/) &#8211; [Privacy policy](https://www.spamhaus.org/organization/privacy/)
* [Spamcop](https://www.spamcop.net/) &#8211; [Privacy policy](https://www.spamcop.net/fom-serve/cache/168.html)
* [Barracuda](https://www.barracudacentral.org/rbl/how-to-use) &#8211; [Privacy policy](https://www.barracuda.com/company/legal/trust-center/data-privacy/privacy-policy)
* [Thunderbird autoconfiguration](https://wiki.mozilla.org/Thunderbird:Autoconfiguration) &#8211; [Privacy policy](https://www.mozilla.org/privacy/)
* [LanguageTool](https://languagetool.org/) &#8211; [Privacy policy](https://languagetool.org/legal/privacy)
FairEmail **can access** the websites at the domain names of email addresses
if [Brand Indicators for Message Identification](https://en.wikipedia.org/wiki/Brand_Indicators_for_Message_Identification) (BIMI)
or [favicons](https://en.wikipedia.org/wiki/Favicon)
are explicitly enabled (off by default).
FairEmail obviously **will access** the configured email servers.
FairEmail **is** [GDPR compliant](https://gdpr.eu/) because no data is collected at all.
<br />
## Definitions of terms
This section defines some terms and words.
Knowing those terms will help you understand the following sections.
* *Data subject* &#8211; the user of the app
* *Personal data* &#8211; any data the data subject could be identified with
* *Data controller* &#8211; the person / entity providing the app
* *Data processor* &#8211; the person / entity providing the app
* *Sub-processor* &#8211; a third party processing data
* *Data protection officer* &#8211; the person responsible for any privacy related enquiries
<br>
## Contact details
```
Marcel Bokhorst
Van Doesburg-Erf 194
3315 RG Dordrecht
the Netherlands
marcel+fairemail@faircode.eu
```
As FairEmail is a personal project of a single developer, the developer is both the data controller as well as the data protection officer.
For any legal issues, the place of jurisdiction is Dordrecht, the Netherlands.
<br>
## A. General information on data processing
### I. Scope of personal data processing
This privacy policy / data protection declaration applies to the Android app FairEmail.
The data processor only processes personal data insofar as absolutely required for providing a functioning email client as well as the explicitly requested services.
Users' personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user's consent.
### II Purpose of data processing
The purpose of any data processed is to provide you with the service requested.
The app by default exclusively processes data that is necessary for the proper functioning of the app and its intended purpose of being an email client.
### III. Data storage and data deletion
By default, all data (both personal and non-personal) remains on the data subject's Android device for as long as not explicitly sent or shared by the data subject.
The data stored on the data subject's device can be deleted by the data subject at any time.
### IV. Sub-processors
The services of all sub-processors are disabled by default.
The data subject's data is sent to and processed by sub-processors if and only if explicitly enabled or requested by the data subject.
The sub-processors are:
* [ipinfo.io](https://ipinfo.io/) &#8211; [Privacy policy](https://ipinfo.io/privacy-policy)
* [Spamhaus](https://www.spamhaus.org/) &#8211; [Privacy policy](https://www.spamhaus.org/organization/privacy/)
* [Spamcop](https://www.spamcop.net/) &#8211; [Privacy policy](https://www.spamcop.net/fom-serve/cache/168.html)
* [Barracuda](https://www.barracudacentral.org/rbl/how-to-use) &#8211; [Privacy policy](https://www.barracuda.com/company/legal/trust-center/data-privacy/privacy-policy)
* [Thunderbird autoconfiguration](https://wiki.mozilla.org/Thunderbird:Autoconfiguration) &#8211; [Privacy policy](https://www.mozilla.org/privacy/)
* [LanguageTool](https://languagetool.org/) &#8211; [Privacy policy](https://languagetool.org/legal/privacy)
* The hoster of a domain the data subject has received an email from, if showing [favicons](https://en.wikipedia.org/wiki/Favicon) is enabled
* The hoster of a domain the data subject has received an email from, if [Brand Indicators for Message Identification](https://en.wikipedia.org/wiki/Brand_Indicators_for_Message_Identification) (BIMI) is enabled
* The data subject's email service provider, if an email account or identity is added
### V. Permissions
The app only requests permissions that are necessary for the expected behavior of an email app.
For more information on permissions, see [this FAQ](https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq1).
### VI. Logging
The app does not send any log entries to the data processor by default.
The error reporting system utilizes Bugsnag and is disabled by default.
See [this FAQ](https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq104) for more information.
### VII. Legal basis
FairEmail is fully [GDPR compliant](https://gdpr.eu/). The legal basis for any data processing is Art. 6 (1) a - c GDPR.
<br>
## B. Support requests
### I. Description and scope of data processing
The data subject may contact the data processor to request support through channels offered by the data processor.
When the data subject contacts the data processor, any provided personal data is stored by the data controller.
### II. Purpose of data processing
The personal data is exclusively processed for finding a specific solution to support queries whilst recording and/or processing them.
It is essential in this respect for the data controller to be able to contact the person requesting support.
### III. Sub-processors
The data processor utilizes the services of the following sub-processors in order to process support requests:
* Google LLC, if support request sent via email &#8211; [Privacy policy](https://policies.google.com/privacy?hl=en)
* XDA forums, if support requested via the FairEmail XDA forum thread &#8211; [Privacy policy](https://forum.xda-developers.com/help/privacy-policy/)
### IV. Legal basis
Any support requests are sent voluntarily by the data subject, including any personal data that might be attached.
As such, the explicit consent as outlined in Art. 6 (1) a GDPR forms the legal basis for processing.
Copyright &copy; 2018-2022 Marcel Bokhorst.