Privacy Policy
Our core promise: SeekerMail is a local-first desktop email client. Your email, attachments, semantic index, AI drafts, and settings live only on your own device. SeekerMail's servers do not receive, store, or relay any of your email content. We do not sell your data, do not serve ads, and do not train any model on your mail.
You may — but need not — create a SeekerMail ID by signing in with Google. Even then, our servers hold only identity and account information (your sign-in email, entitlement status, device list) and, only if you tick the box, a marketing consent used to send you product emails. Sending you product email is first-party communication between us and you, and you can unsubscribe in one click anytime.
1. What we collect
- Email content, contacts, attachments, index: not collected. These exist only on your device (local database, local vector store, local attachment files).
- Account credentials (IMAP/SMTP passwords, OAuth tokens, AI API keys): stored in your operating system's Keychain / Credential Manager — never written to the app database, never uploaded, never logged.
- SeekerMail ID (optional): only if you choose to create a SeekerMail ID by signing in with Google do we collect, on our servers, identity and account data: your sign-in email, the stable user identifier Google provides (
sub), an email-verified flag, display name, entitlement/subscription status, and your list of signed-in devices; plus — only if you tick "consent to product emails" — a marketing-consent flag with consent time and source. Even with an ID, we still do not collect your mail bodies, attachments, contacts, or semantic index. Without an ID, none of this collection happens. - Update check: the client queries the update server for new versions, sending only the app version and OS platform — no account or mail data. If you have not created a SeekerMail ID, this is the only network request SeekerMail itself initiates to a SeekerMail-controlled server.
- Diagnostics / telemetry: not collected by default. If crash reporting is offered in future, it will be strictly opt-in and will never include email content.
2. Identity scope
When you create a SeekerMail ID, we request only the identity scopes openid, email, and profile from Google. We never request any mail scope (such as Gmail access). The SeekerMail ID confirms who you are for licensing and sync — it is fully decoupled from your mailbox, and your email connections are configured separately by you.
3. Where your data flows
Your mail flows over only three kinds of connections, none through SeekerMail's servers:
- Your mail servers (IMAP/SMTP — e.g. Gmail, Outlook, or your own): the inherent connection for sending and receiving.
- Your chosen AI provider (bring-your-own AI): when you enable AI features, the relevant mail content is sent directly from your device to the provider you configured (cloud such as OpenAI or Anthropic, or local such as Ollama). SeekerMail neither proxies nor taps these requests. Before switching to a cloud provider, we clearly disclose what will be sent and where, and require your confirmation. The vectorization used for semantic search runs locally with a bundled model and is never sent to any provider.
- The update server: version check only, as described above.
Only if you create a SeekerMail ID does the client talk to the SeekerMail identity server, carrying account data — identity, entitlement, devices, and, if you consented, the marketing flag — never any mail content. Without an ID there is no such connection.
4. Your rights and controls
- Export: export all data as mbox + JSON at any time, for migration or backup.
- Delete: permanently delete local data with one action — database, vector store, attachment files, and the Keychain credential entries. Deletion is irreversible.
- Turn AI off: AI features can be disabled; with them off, nothing leaves the device other than sending and receiving mail.
- GDPR / CCPA and similar: because data lives on your device, you inherently have full control to access, correct, export, and delete it.
- Unsubscribe & withdraw consent: product emails carry a one-click unsubscribe, and you can turn off "receive product emails" in Settings anytime. Withdrawing marketing consent does not affect necessary transactional notices such as security alerts, account, and billing information.
- Delete your SeekerMail ID: you can delete the cloud identity and marketing record at any time. Deleting the identity does not affect your local mail.
5. Retention and security
SeekerMail's servers retain none of your mail data, so there is no server-side retention period. Local data is under your control and persists or disappears with your device and your delete actions. Account credentials are isolated in your operating system's secure credential store, and connections to your mail and AI providers use encrypted transport.
6. Children
SeekerMail is a productivity tool for professionals. It is not directed to children under 13 (or the age set by local law), and does not knowingly collect their information.
7. Third parties
When you choose an AI provider or mail host, data handling between you and that third party is governed by their privacy policy. SeekerMail does not control these third parties but discloses the data flow clearly before you enable it. We recommend providers with an explicit no-training, no-long-retention stance. If we use an email service provider to send you product emails, that provider acts as our processor, handling only your contact email on our instructions under contract; we do not sell or share your data with any third party for their own marketing.
8. Changes and contact
SeekerMail is operated by Vivbase LLC, a company organized in the United States. Material changes to this policy will be announced via an in-app notice. For privacy inquiries, contact [email protected].