1 Overview
ZeroIn ("we", "our", "the app") is an email client application developed and published by Bartosz Wójcik. This Privacy Policy explains how ZeroIn handles information when you install and use our application on your device.
ZeroIn is designed with a privacy-first, local-first architecture. The application operates by connecting directly from your device to your chosen email provider (such as Google, Microsoft, or any IMAP server). Your email data is stored locally on your device and is not routed through our servers.
2 Data we collect
ZeroIn distinguishes between data that stays on your device and information that may be transmitted elsewhere.
Data stored locally on your device
The following information is stored on your device only, in a local database created by the app. This data never leaves your device unless you explicitly export it:
- Email messages, threads, and attachments downloaded from your email provider
- Email account credentials (stored securely using platform keychain/keystore services)
- OAuth access tokens and refresh tokens for Gmail and Outlook API accounts
- Application settings and preferences
- Contacts built from your email interactions
- Email notes, labels, and project metadata
- Signatures, templates, and custom themes
Data we do not collect
Crash reports (optional, future)
A future version of ZeroIn may offer an optional crash reporting feature. If implemented, it will be strictly opt-in, clearly labelled, and any reports will be anonymised before transmission. This policy will be updated before such a feature is introduced.
| Data type | Stored where | Sent to us? | Purpose |
|---|---|---|---|
| Email messages & threads | Your device | No | Offline access, search |
| Account credentials | Device keychain | No | Authenticate with email provider |
| OAuth tokens | Device keychain | No | Authenticate with Gmail/Outlook API |
| App settings | Your device | No | Remember preferences |
| Contacts | Your device | No | Auto-complete, trusted senders |
| Usage analytics | — | No | Not collected |
| Advertising identifiers | — | No | Not used |
3 How data is stored
ZeroIn stores all email data in an Isar database on your local device. The database is located in a platform-appropriate directory:
- Windows:
%APPDATA%\ZeroIn\databases\ - macOS:
~/Library/Application Support/ZeroIn/databases/ - Linux:
~/.local/share/zeroin/databases/ - Android: App-specific storage directory (not accessible to other apps)
- iOS: App Documents directory (iCloud backup applies)
Optional encryption
ZeroIn provides optional AES-256 database encryption. When enabled, your entire local database is encrypted at rest with a key that you control. ZeroIn does not have access to your encryption key — if you forget it, the encrypted data cannot be recovered.
Secure credential storage
Account passwords and OAuth tokens are stored using your operating system's secure credential store (Windows Credential Manager, macOS Keychain, Android Keystore, or iOS Keychain). They are never stored in plain text.
4 How data is used
All data stored by ZeroIn is used exclusively to provide the app's functionality to you. Specifically:
- Email messages are stored locally to enable offline access, fast search, and thread grouping
- Account credentials are used to authenticate with your email provider when syncing
- Contacts are built from email headers to enable auto-complete and the trusted senders list
- Settings are stored to remember your preferences across app restarts
- OAuth tokens are used solely to access your email account on your behalf, within the permissions you granted
We do not use any of your data for profiling, advertising, machine learning, or any purpose other than running the app.
5 Third-party services
ZeroIn integrates with the following third-party services. These are configured and used directly by you — data flows between your device and the service, not through ZeroIn's infrastructure.
Google Fonts
The ZeroIn website (zeroin.email) loads the Inter typeface from Google Fonts. This involves a network request to Google's servers. Google's privacy policy applies to that request. The ZeroIn application itself does not use Google Fonts.
App stores
When you download ZeroIn from the Microsoft Store or Google Play, those platforms' terms and privacy policies apply to the download transaction. ZeroIn does not receive information about who downloads the app from the store.
Gravatar / avatar services (future)
A future version of ZeroIn may optionally query Gravatar or favicon services to retrieve contact avatars. This feature, if implemented, will be opt-in. Contact email addresses would be hashed before any request is made. This policy will be updated accordingly.
6 Email providers
ZeroIn connects to your email provider directly from your device using standard protocols (IMAP, SMTP) or official APIs (Gmail API, Microsoft Graph). Your relationship and data with that provider is governed by their privacy policies:
- Google accounts: Google Privacy Policy
- Microsoft / Outlook accounts: Microsoft Privacy Statement
- Other providers: governed by that provider's own terms
7 No advertising
ZeroIn does not display advertisements. We do not integrate any advertising SDK. We do not share your data with advertising networks. We do not use advertising identifiers (IDFA, Android Advertising ID).
We intend to sustain ZeroIn through a fair, transparent paid tier for advanced features in the future — not by monetising your data.
8 Children's privacy
ZeroIn is not directed at children under the age of 13. We do not knowingly collect any information from children. ZeroIn is an email client intended for individuals who have an existing email account with a third-party provider. If you believe a child under 13 has used ZeroIn in a way that raises privacy concerns, please contact us at the address below.
9 Your rights
Because all your data is stored locally on your device, you have complete control over it at all times:
Access
All data ZeroIn stores is accessible on your own device. You can browse your email database directly or export your contacts via the app's CSV/vCard export feature.
Correction
You can edit contact information and app settings directly within the app at any time.
Deletion
Uninstalling ZeroIn removes all data stored by the app on that device (subject to iOS/Android backup behaviours described above). You can also selectively delete accounts, contacts, or emails from within the app.
Portability
You can export your contacts in standard CSV and vCard formats. Your email data remains accessible through your email provider independently of ZeroIn.
GDPR and similar rights
If you are located in the European Economic Area, United Kingdom, or another jurisdiction with data protection rights, those rights apply to any personal data we do hold. Since ZeroIn holds essentially no personal data on our side (your data stays on your device), most GDPR requests would involve your email provider rather than us. For any concern, please contact us at the address in Section 13.
10 Data deletion
To fully remove all data associated with ZeroIn:
- Revoke app access — for Gmail accounts, go to myaccount.google.com/permissions and remove ZeroIn. For Outlook, go to account.live.com/consent/manage.
- Delete the local database — uninstall the app, or manually delete the database directory listed in Section 3.
- Remove from app store — remove ZeroIn from your device via the Microsoft Store or Google Play.
After these steps, no ZeroIn-stored data remains on your device. Your email data on the server is entirely unaffected and remains under the control of your email provider.
11 Security
ZeroIn takes security seriously, both in the application and in how we handle any information we do hold:
- Account credentials are stored in platform secure storage (Keychain/Credential Manager/Keystore)
- All connections to email servers are made over TLS/SSL
- OAuth flows use industry-standard PKCE for mobile platforms
- Optional AES-256 database encryption for local data at rest
- Incoming emails are validated for SPF, DMARC, and DKIM authenticity
- Unknown senders are automatically quarantined to prevent phishing and tracking
- Tracking pixels in email bodies are blocked by default
No method of transmission over the internet or electronic storage is 100% secure. While we implement commercially reasonable measures, we cannot guarantee absolute security of data transmitted to your email provider.
12 Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes — particularly anything that introduces new data collection or sharing — we will provide prominent notice within the application before the change takes effect.
We encourage you to review this policy periodically. Your continued use of ZeroIn after changes are posted constitutes your acceptance of the revised policy.
Previous versions of this policy will be archived and available on request.
13 Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or how ZeroIn handles your data, please contact us:
ZeroIn — Privacy enquiries
Developer: Bartosz Wójcik
Email: privacy@zeroin.email
Website: zeroin.email
We aim to respond to all privacy-related enquiries within 30 days.