[🌎 Google Translate](https://translate.google.com/translate?hl=&sl=en&u=https%3A%2F%2Fraw.githubusercontent.com%2FM66B%2FFairEmail%2Fmaster%2FPRIVACY.md)
FairEmail **does** use modern and secure transport protocols by default.
Android [encrypts all user data by default](https://source.android.com/docs/security/features/encryption), so all data, including account credentials, is stored encrypted by default.
FairEmail **adheres** to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy),
including the [Limited Use requirements](https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes).
Google API Services are used only to authenticate Gmail accounts through OAuth.
The use of information received from Gmail APIs will adhere to the Google User Data Policy, including the Limited Use requirements."
| Mozilla autoconfig | Domain name of email address of email accounts | Upon configuring an email account with the quick setup wizard |
| Email server | Login credentials (email address/password), messages sent | Upon configuring and using an account or identity and upon sending messages |
| ipinfo.io | IP (network) address of domain names of links or email addresses | Upon pressing a button in the link confirmation dialog |
| Spamhaus | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| Spamcop | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| Barracuda | IP (network) address of domain names of links or email addresses | If spam blocklists are enabled, upon receiving a message |
| DeepL | Received or entered message text and target language code | If translating is enabled, upon pressing a translate button |
| LanguageTool | Entered message texts | If LanguageTools is enabled, upon long pressing the save draft button |
| VirusTotal | [SHA-256 hash](https://en.wikipedia.org/wiki/SHA-2) of attachments | If VirusTotal is enabled, upon long pressing a scan button (*) |
| VirusTotal | Attached file contents | If VirusTotal is enabled, upon long pressing an upload button (*) |
| OpenAI/ChatGPT | Received and entered message texts | If configured and upon pressing a button or using a menu item |
| Google Gemini | Received and entered message texts | If configured and upon pressing a button or using a menu item |
| Gravatar | [MD5 hash](https://en.wikipedia.org/wiki/MD5) of email addresses | If Gravatars are enabled, upon receiving a message (*) |
| Libravatar | [MD5 hash](https://en.wikipedia.org/wiki/MD5) of email addresses | If Libravatars are enabled, upon receiving a message (*) |
| GitHub | None, but see the remarks below | Upon downloading AdGuard tracking parameter list |
| | | Upon downloading Disconnect's Tracker Protection lists |
| | | Upon checking for updates (*) |
| Have I Been Pwned? | The first 5 characters of the SHA1 hash of passwords | Upon checking for being pwned |
| BIMI | Domain name of email addresses | If BIMI is enabled, upon receiving a message (*) |
| Favicons | Domain name of email addresses | If favicons are enabled, upon receiving a message |
| Link title | Link address | Upon pressing a download button in the insert link dialog |
| Bugsnag | Information about warnings and errors | If error reporting is enabled, upon detecting an abnormal situation |
| Google Play Billing | "insight into API usage and service connection issues" | Not disclosed by Google (**) (endpoint: firebaselogging.googleapis.com) |
Under the General Data Protection Regulation (GDPR),
the California Consumer Privacy Act (CCPA),
the Virginia Consumer Data Protection Act (VCDPA),
Lei Geral de Proteção de Dados (LGPD), and other regulations,
you have the right to know whether your personal data is shared or sold to third parties, used for (targeted) advertising, profiling, etc.,
and you have the right to access, rectify and delete personal data.
To exercise these rights, or if you have questions about data retention, etc., you can contact the service providers listed above.
Under the Virginia Consumer Data Protection Act (VCDPA) and other regulations,
you need to be told how to exercise your opt-out right for sharing or selling of your data,
using your data for targeted advertising,
and profiling your data that supports decisions that have legal or similarly significant implications for you.
You can opt-out of having your data shared, sold, used for (targeted) advertising, profiling (for decision making), etc. by not using these optional services/functions.
This privacy policy / data protection declaration applies to the Android app FairEmail.
The data processor only processes personal data insofar as absolutely required for providing a functioning email client as well as the explicitly requested services.
Users' personal data is usually only processed if required for fulfilling contractual or legal obligations or with the user's consent.
The purpose of any data processed is to provide you with the service requested.
The app by default exclusively processes data that is necessary for the proper functioning of the app and its intended purpose of being an email client.
By default, all data (both personal and non-personal) remains on the data subject's Android device for as long as not explicitly sent or shared by the data subject.
The data stored on the data subject's device can be deleted by the data subject at any time.