Privacy Policy
Plain English summary: Pop3Fetch fetches your email from an external account and delivers it to your Gmail. To do this we need your external email credentials and Gmail access. We store only what's necessary, never sell your data, never read your emails, and you can delete your account at any time.
1. Who We Are
Pop3Fetch ("we", "us", "our") is a service that automatically fetches emails from external email accounts and delivers them to your Gmail inbox. We operate at pop3fetch.com.
2. What Data We Collect
To provide the service we collect and store the following information:
- Your Gmail address (used to identify your account)
- Your external email address and IMAP server details
- Your external email password (encrypted at rest)
- A Gmail OAuth access token (write-only access — we can only add emails, never read existing ones)
- Basic account information such as signup date and account status
We do not collect payment card details directly — payments are handled by Stripe, who have their own privacy policy.
3. How We Use Your Data
We use your data solely to provide the Pop3Fetch service:
- Your IMAP credentials are used only to fetch new emails from your external account
- Your Gmail OAuth token is used only to insert fetched emails into your Gmail inbox
- Your email address is used to identify your account and send service notifications
- We never read, analyze, index, or store the content of your emails
- We never sell your data to third parties
- We never use your data for advertising
4. Gmail Access
Pop3Fetch uses Google's official Gmail API with the gmail.insert scope. This is a write-only permission that allows us to add emails to your inbox — it does not allow us to read, search, modify, or delete any existing emails in your Gmail account.
You can revoke Pop3Fetch's access to your Gmail at any time by visiting Google Account Permissions and removing Pop3Fetch.
Pop3Fetch's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
5. Data Storage and Security
Your data is stored securely in an encrypted database. Specifically:
- External email passwords are encrypted at rest
- Gmail OAuth tokens are stored securely and refreshed automatically
- All data is transmitted over encrypted HTTPS/TLS connections
- We use industry-standard cloud infrastructure with regular security updates
6. Data Retention
We retain your account data for as long as your account is active. If you cancel your account or request deletion, we will permanently delete all your data — including your IMAP credentials and Gmail token — within 30 days.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct any inaccurate data
- Request deletion of your account and all associated data
- Revoke Gmail access at any time via Google Account settings
- Export your account data upon request
To exercise any of these rights, contact us at privacy@pop3fetch.com.
8. Third-Party Services
Pop3Fetch uses the following third-party services:
- Google Gmail API — for inserting emails into your Gmail inbox
- Stripe — for processing subscription payments
- Render — for hosting our application infrastructure
- MongoDB Atlas — for secure database storage
Each of these services has their own privacy policy and data practices.
9. Cookies
Pop3Fetch uses minimal cookies strictly necessary for authentication and session management. We do not use tracking cookies or advertising cookies.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by email and by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact Us
If you have any questions about this privacy policy or how we handle your data, please get in touch: