Privacy Policy

1. Introduction

Pliego Mail (hereafter, "Pliego Mail", "the app", or "we") is a native iPhone email client that lets you manage IMAP/SMTP and Google (Gmail) accounts from a single place. This Privacy Policy describes what personal information we process when you use the app, the purposes for which we process it, and the rights available to you under the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), the Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD), and the laws applicable in your country of residence.

Data controller: the developer of Pliego Mail (contact details in section 12).

Summary in one sentence: Pliego Mail is a client app that runs on your iPhone. Your emails, credentials and derived data are stored on your device, not on our servers — because we don't operate any. We only mediate the encrypted connections between your device and your email provider's servers (your IMAP, Google, etc.).

2. Data we process

For the app to work, the following data is processed locally on your device:

• Account credentials: IMAP/SMTP passwords or Google OAuth tokens. Stored exclusively in the iOS Keychain, encrypted and protected by the operating system.
• Account metadata: email address, display name, assigned color, server configuration.
• Email messages: headers, bodies (plain text and HTML), attachments, labels, read state. Downloaded from your provider into the app's local SwiftData database.
• Contacts: sender and recipient email addresses you have interacted with (for autocomplete suggestions). Only what already exists in your emails.
• Rules, filters, signatures and vacation responders you configure.
• App settings: display preferences, color scheme, language, AI assistant settings, etc.

We do not process: location data, advertising identifiers, usage metrics, telemetry, or behavioural profiles. Pliego Mail contains no third-party analytics SDKs.

3. How we use the data

The data described above is used exclusively to:

• Show you your emails and let you read, reply, forward, archive, delete and organize messages.
• Send emails on your behalf when you ask us to.
• Sync state between your device and your email provider (mark read/unread, move between folders, etc.).
• Notify you of new email through the iOS notifications system.
• Run the features you enable (rules, vacation responder, search, AI assistant, etc.).

Legal basis for processing: performance of a contract (Article 6(1)(b) of the GDPR) — the processing is necessary to provide the service you request when you install and configure the app.

4. Google API data and "Limited Use"

When you connect a Google account to Pliego Mail, the app requests the following scopes (permissions) through Google's official OAuth flow:

• gmail.modify — to read your emails, mark them as read, move between labels (including archive and trash), and send emails from your account. The minimum permission required for any email client to function.
• gmail.settings.basic — to read and modify your account's signature and vacation responder when you configure them inside Pliego.
• userinfo.email and userinfo.profile — to identify the Google account being connected and display your name/email in the app.

Specific Limited Use commitments

In accordance with the requirements of the Google API Services User Data Policy, we expressly state that:

1. Pliego Mail's use of data obtained through Google's restricted scopes is limited to providing the user-facing features described on this page and within the app itself.
2. Use or transfer of the data to other apps or third parties is limited to cases necessary to provide and improve those user-facing features, comply with applicable law, or as part of a merger, acquisition or sale of assets with prior notice to the user.
3. We do not use Google data obtained through restricted scopes to serve advertising, including personalized, contextual or retargeting advertising.
4. We do not allow human beings to read user data unless: (a) the user has given explicit consent for specific data; (b) it is necessary for security reasons (such as investigating abuse); (c) it is required by law; or (d) the data has been aggregated and anonymized in a way that cannot be linked to an individual user.

Where Google data lives

Data obtained via the Gmail API (headers, bodies, attachments, labels, settings) is downloaded directly from Google's servers into the local SwiftData database of Pliego Mail on your iPhone. It does not transit through Pliego Mail servers — we operate no backend that receives or stores Gmail data.

OAuth tokens (refresh + access tokens) are stored exclusively in the iOS Keychain, encrypted by the operating system and tied to the unique account identifier inside the app.

Revoking access

You can revoke Pliego Mail's access to your Google account at any time from:

• Inside the app: Settings → Accounts → select the account → Remove account. This revokes the refresh token via Google's API and deletes all locally associated data.
• Directly from Google: myaccount.google.com/permissions.

5. Third-party services

Pliego Mail interacts with the following third parties only to deliver the service the user requests:

• Your IMAP/SMTP email provider — the servers you configure (cPanel, Yahoo, iCloud, Fastmail, etc.). The connection is direct between your device and those servers, over TLS/SSL.
• Google (Gmail API) — when you connect a Google account. Subject to Google's Privacy Policy.
• Gravatar and DuckDuckGo Icons — anonymous queries to fetch sender avatars and icons by domain. Only an email hash (Gravatar) or the domain (DuckDuckGo) is sent; no personally identifiable data. The user can disable these queries in Settings → Privacy.
• Apple Intelligence — all AI features available through Apple Intelligence run on-device or on Apple's Private Cloud Compute, subject to Apple's privacy policy. Pliego Mail does not transfer your email to other servers.
• OpenAI / Anthropic / Google Gemini — only when the user explicitly enables one of these providers in Settings → AI. In that case, the email content or prompt that the user submits to the assistant is transmitted to the selected provider for processing, subject to the provider's privacy policy. These features are off by default.

Pliego Mail does not share data with advertisers, ad networks, data brokers or analytics companies.

6. Storage and security

• All persistent data (messages, settings, rules) is stored in the app's local database using SwiftData (built on Core Data + SQLite). The iOS file system applies at-rest encryption per Apple's Data Protection policy.
• Downloaded attachments are saved in the app's cacheable directory with the complete protection class, meaning they are only readable when the device is unlocked.
• IMAP passwords and OAuth tokens are stored exclusively in the iOS Keychain — never in app files.
• Communications with external servers always use TLS/SSL. Pliego does not connect unencrypted.

7. Retention and deletion

Data remains on your device while the app is installed and the account is configured. The app applies a configurable eviction policy: by default, email bodies older than a certain age are purged from the local cache (the originals remain on your provider's server).

When you remove an account from Settings → Accounts:

• The OAuth refresh token is revoked (Google accounts).
• The Keychain entry is deleted (IMAP password or tokens).
• All messages, threads, rules and configuration associated with that account are deleted from SwiftData.
• The cached attachments tied to that account are removed from disk.
• Notifications scheduled for that account are cancelled.

When you uninstall Pliego Mail, iOS removes the entire app sandbox, including SwiftData and cached data. Keychain entries are also removed on uninstall.

8. Your rights

Under the GDPR, the LOPDGDD and equivalent laws in other jurisdictions, you have the right to:

• Access — know what data we process about you. Since all the information lives on your device, you have direct and continuous access through the app itself.
• Rectification — correct inaccurate data. You can edit your name, signature and settings from Settings at any time.
• Erasure ("right to be forgotten") — delete your data. Achieved by removing the account inside the app or uninstalling the app.
• Restriction of processing — disable specific features (AI, avatar downloads, etc.) in Settings.
• Objection to processing.
• Portability — your email always also lives on your provider's servers (Google, IMAP); portability is guaranteed by using any other client with the same credentials.
• Withdraw consent at any time.
• Lodge a complaint with the Spanish Data Protection Agency (AEPD) or the supervisory authority in your country of residence.

9. Minors

Pliego Mail is not directed at children under 14 (16 in some EU countries). We do not knowingly collect data from minors. If you are a parent or guardian and believe a minor in your care has provided us with data without your consent, please contact us and we will delete the relevant information.

10. International transfers

Pliego Mail does not transfer data to its own servers — we have none. The international transfers that may occur are those between your device and:

• Google's servers (Gmail API), located per Google's global policy.
• Your IMAP provider's servers, in whatever jurisdiction you choose when you configure them.
• External AI providers you explicitly enable (OpenAI, Anthropic, Google Gemini), all of them under Standard Contractual Clauses approved by the European Commission.

11. Changes to this policy

We may update this policy to reflect changes to the app or applicable law. The "Last updated" date in the header always indicates the current version. When changes materially affect your rights, we will notify you through the app or by email to the address associated with your primary account.

12. Contact

For any question about this policy, exercise of rights, or privacy concerns related to Pliego Mail:

• Email: [email protected]
• Web: pliegomail.com

We will respond within the applicable legal timeframe (normally 30 days).