Mailcue Privacy Policy
Last updated: February 26, 2026
Mailcue is a Chrome extension that lets you upload a CSV and schedule bulk email sends through your own Gmail account. This policy explains what data we access, how we use it, and how we protect it.
What we access
When you sign in with Google, Mailcue requests permission to:
- Send emails on your behalf (gmail.send) — this is how your scheduled emails get delivered through your Gmail account.
- Read your email address (gmail.readonly) — solely to display your email address in the extension and identify your account.
What we do with your data
- CSV data — Your uploaded CSV (email addresses, subject lines, email bodies) is processed locally in your browser and on our scheduling server. It is used only to send emails at the times you choose. We do not analyse, share, or sell this data.
- Gmail credentials — Your OAuth tokens are stored securely on our server solely to send emails on your behalf at scheduled times. We never access your inbox, read your emails, or use your credentials for any purpose other than sending the emails you schedule.
- Scheduling data — We store your scheduled email content (recipients, subjects, bodies, send times) on our server temporarily so emails can be sent at the right time, even if your browser is closed. This data is automatically deleted after your batch is complete.
What we do NOT do
- We do not read, scan, or access your inbox or existing emails.
- We do not sell, share, or transfer your data to third parties.
- We do not use your data for advertising, analytics profiling, or AI model training.
- We do not allow humans to read your email content.
- We do not track email opens, clicks, or recipient behaviour.
Google API Services User Data Policy: Mailcue's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Data storage and security
Scheduling data is stored on Google Cloud infrastructure (Firestore) with encryption at rest. OAuth refresh tokens are stored securely and used only to send your scheduled emails. All data transmission uses HTTPS encryption.
Data retention
Completed batch data (sent emails, timestamps) is retained for 24 hours after completion for your reference, then automatically deleted. OAuth credentials are retained until you revoke access or delete your account.
Your rights
You can revoke Mailcue's access to your Gmail at any time by visiting Google Account Permissions and removing Mailcue. This immediately stops all scheduled sends and deletes your stored credentials.
Contact
If you have questions about this privacy policy or your data, contact us at: fourmama449@gmail.com