# Privacy Policy
_Last updated: January 9, 2025_
Your privacy matters to us. This Privacy Policy explains how **BulkAttachmentDownloader** ("we", "our", "us") handles your information when you use **https://www.bulkattachmentdownloader.com/** (the "Service").
---
## 1. Overview
BulkAttachmentDownloader is a client-side tool. All processing happens **in your browser**.
We do not store your emails, attachments, or personal Gmail data on our servers.
We never sell, rent, or share your Gmail content with third parties.
---
## 2. Google API and Gmail Data Access
Our Service uses the **Gmail API** only after you explicitly log in with your Google account and grant permission.
We request the following Gmail scope:
- **`https://www.googleapis.com/auth/gmail.readonly`** – To read your email messages, view attachments, and download attachments you select.
We use this scope only to:
- Identify emails containing attachments.
- Display and filter attachments for you to view.
- Download attachments you choose.
---
## 3. Data Protection Mechanisms
### Encryption and Security
- **All data transmission is encrypted** using HTTPS/TLS protocols between your browser, our application, and Google's servers.
- We use **OAuth 2.0** for authentication, ensuring we never see or store your Google password.
- Access tokens are stored only in your browser's session memory and are automatically expired when you close the application or log out.
### Data Processing Location
- **100% client-side processing**: All Gmail data is processed exclusively in your browser.
- **No server-side storage**: We do not upload, store, or cache any email content, attachments, or metadata on our servers.
- **Real-time processing only**: Data is accessed in real-time from Google's servers and is immediately discarded after display or download.
### Data Minimization
- We only access the minimum data necessary to provide the service.
- We do not create profiles or analyze your email patterns.
- We do not retain any Gmail data after your session ends.
---
## 4. Limited Use Policy Compliance
Our use and transfer of information received from Google APIs will adhere to the
[Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the **Limited Use** requirements:
- We only use Gmail data to provide the features you requested.
- We do not use Gmail data for advertising or marketing.
- We do not share Gmail data with any third party.
- We do not store Gmail data on our servers.
- All data is processed in your browser's memory and is discarded after the session ends.
---
## 5. Data Retention and Deletion
### No Data Retention
- **We do not retain any Gmail data** on our servers at any time.
- All email content and attachments exist only temporarily in your browser's memory during active use.
- When you log out or close the application, all Gmail data is immediately removed from browser memory.
### User Control
- You can revoke our app's access at any time through your [Google Account permissions](https://myaccount.google.com/permissions).
- Revoking access immediately prevents any further data access by our application.
- No deletion request is needed since we never store your data.
---
## 6. Third-Party Services
### Authentication
- We use **Google OAuth 2.0** for secure authentication.
- Google's authentication service handles your login credentials directly.
- We never receive or store your Google password.
### Payments
All payments are processed by **Stripe Checkout**. We do not collect or store your payment details.
For Stripe's privacy practices, see [Stripe's Privacy Policy](https://stripe.com/privacy).
---
## 7. Data Security Measures
While no Gmail data is stored on our systems, we implement the following security measures:
- **Secure Authentication**: OAuth 2.0 with limited scope access.
- **Session Security**: Tokens expire automatically and are never persisted.
- **HTTPS Only**: All connections use encrypted HTTPS protocol.
- **No Cross-Origin Requests**: Data stays within the secure browser environment.
- **Regular Security Updates**: We maintain and update our application to address any security vulnerabilities.
You are responsible for:
- Maintaining the security of your Google account credentials.
- Ensuring your device and browser are secure.
- Logging out when using shared devices.
---
## 8. Compliance and User Rights
### GDPR Compliance (for EU Users)
- **Right to Access**: You can view all data the app accesses during your session.
- **Right to Deletion**: No deletion needed as we don't store data.
- **Right to Portability**: All data remains in your Google account.
- **Right to Object**: You can revoke access at any time.
### CCPA Compliance (for California Users)
- We do not sell personal information.
- We do not create consumer profiles.
- You have full control over your data access permissions.
---
## 9. No Unauthorized Sharing
We explicitly commit that:
- We **do not sell, rent, or share** any user data with third parties.
- Access is strictly limited to the authenticated user's account.
- No Gmail data is used for any purpose other than providing the service you requested.
- We do not use Gmail data to train AI models or for analytics.
---
## 10. Your Consent
By using the Service, you consent to this Privacy Policy and our data handling practices as described above.
---
## 11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date will reflect the latest version.
Material changes will be notified through the application or via email if you have a registered account.
---
## 12. Contact Us
If you have questions about this Privacy Policy or our data protection practices, please contact us:
**Email:** support@bulkattachmentdownloader.com
---
## 13. Data Protection Officer
For privacy-related inquiries or to exercise your rights:
**Email:** privacy@bulkattachmentdownloader.com
**Response Time:** Within 30 days of your request
_Last updated: January 9, 2025_
Your privacy matters to us. This Privacy Policy explains how **BulkAttachmentDownloader** ("we", "our", "us") handles your information when you use **https://www.bulkattachmentdownloader.com/** (the "Service").
---
## 1. Overview
BulkAttachmentDownloader is a client-side tool. All processing happens **in your browser**.
We do not store your emails, attachments, or personal Gmail data on our servers.
We never sell, rent, or share your Gmail content with third parties.
---
## 2. Google API and Gmail Data Access
Our Service uses the **Gmail API** only after you explicitly log in with your Google account and grant permission.
We request the following Gmail scope:
- **`https://www.googleapis.com/auth/gmail.readonly`** – To read your email messages, view attachments, and download attachments you select.
We use this scope only to:
- Identify emails containing attachments.
- Display and filter attachments for you to view.
- Download attachments you choose.
---
## 3. Data Protection Mechanisms
### Encryption and Security
- **All data transmission is encrypted** using HTTPS/TLS protocols between your browser, our application, and Google's servers.
- We use **OAuth 2.0** for authentication, ensuring we never see or store your Google password.
- Access tokens are stored only in your browser's session memory and are automatically expired when you close the application or log out.
### Data Processing Location
- **100% client-side processing**: All Gmail data is processed exclusively in your browser.
- **No server-side storage**: We do not upload, store, or cache any email content, attachments, or metadata on our servers.
- **Real-time processing only**: Data is accessed in real-time from Google's servers and is immediately discarded after display or download.
### Data Minimization
- We only access the minimum data necessary to provide the service.
- We do not create profiles or analyze your email patterns.
- We do not retain any Gmail data after your session ends.
---
## 4. Limited Use Policy Compliance
Our use and transfer of information received from Google APIs will adhere to the
[Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the **Limited Use** requirements:
- We only use Gmail data to provide the features you requested.
- We do not use Gmail data for advertising or marketing.
- We do not share Gmail data with any third party.
- We do not store Gmail data on our servers.
- All data is processed in your browser's memory and is discarded after the session ends.
---
## 5. Data Retention and Deletion
### No Data Retention
- **We do not retain any Gmail data** on our servers at any time.
- All email content and attachments exist only temporarily in your browser's memory during active use.
- When you log out or close the application, all Gmail data is immediately removed from browser memory.
### User Control
- You can revoke our app's access at any time through your [Google Account permissions](https://myaccount.google.com/permissions).
- Revoking access immediately prevents any further data access by our application.
- No deletion request is needed since we never store your data.
---
## 6. Third-Party Services
### Authentication
- We use **Google OAuth 2.0** for secure authentication.
- Google's authentication service handles your login credentials directly.
- We never receive or store your Google password.
### Payments
All payments are processed by **Stripe Checkout**. We do not collect or store your payment details.
For Stripe's privacy practices, see [Stripe's Privacy Policy](https://stripe.com/privacy).
---
## 7. Data Security Measures
While no Gmail data is stored on our systems, we implement the following security measures:
- **Secure Authentication**: OAuth 2.0 with limited scope access.
- **Session Security**: Tokens expire automatically and are never persisted.
- **HTTPS Only**: All connections use encrypted HTTPS protocol.
- **No Cross-Origin Requests**: Data stays within the secure browser environment.
- **Regular Security Updates**: We maintain and update our application to address any security vulnerabilities.
You are responsible for:
- Maintaining the security of your Google account credentials.
- Ensuring your device and browser are secure.
- Logging out when using shared devices.
---
## 8. Compliance and User Rights
### GDPR Compliance (for EU Users)
- **Right to Access**: You can view all data the app accesses during your session.
- **Right to Deletion**: No deletion needed as we don't store data.
- **Right to Portability**: All data remains in your Google account.
- **Right to Object**: You can revoke access at any time.
### CCPA Compliance (for California Users)
- We do not sell personal information.
- We do not create consumer profiles.
- You have full control over your data access permissions.
---
## 9. No Unauthorized Sharing
We explicitly commit that:
- We **do not sell, rent, or share** any user data with third parties.
- Access is strictly limited to the authenticated user's account.
- No Gmail data is used for any purpose other than providing the service you requested.
- We do not use Gmail data to train AI models or for analytics.
---
## 10. Your Consent
By using the Service, you consent to this Privacy Policy and our data handling practices as described above.
---
## 11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date will reflect the latest version.
Material changes will be notified through the application or via email if you have a registered account.
---
## 12. Contact Us
If you have questions about this Privacy Policy or our data protection practices, please contact us:
**Email:** support@bulkattachmentdownloader.com
---
## 13. Data Protection Officer
For privacy-related inquiries or to exercise your rights:
**Email:** privacy@bulkattachmentdownloader.com
**Response Time:** Within 30 days of your request