MailSearch privacy policy

For the MailSearch iOS / iPadOS app · Last updated 18 May 2026

Summary. MailSearch indexes and searches your mail entirely on your device. Whiteforge Technologies has no servers that receive your email content, attachments, addresses, contacts, OAuth tokens, IMAP credentials, search queries, or telemetry. The rest of this policy describes that arrangement in detail.

1. Introduction

This policy explains how MailSearch handles your data. MailSearch is an app for iPhone and iPad published by Whiteforge Technologies Ltd (“Whiteforge”, “we”), a company registered in England and Wales (company number 17224707). It indexes and searches the email messages in the accounts you connect.

This policy is for the MailSearch app. The whiteforgetech.co.uk website has its own privacy policy.

2. Data MailSearch accesses on your device

To index and search your mail, MailSearch needs access to the mail in the accounts you connect. On your device, it accesses:

Email messages — subject, body, sender, recipients, and date for the accounts you connect. Used to build a full-text search index on your device.
Attachment metadata — filename, size, and MIME type. Attachment bodies are not indexed.
OAuth tokens — for Gmail and Microsoft accounts, MailSearch holds the access and refresh tokens issued to it by the provider. Tokens are stored in the iOS Keychain.
IMAP credentials — for iCloud and other IMAP accounts, MailSearch stores the password (or app-specific password) you supply. It is stored in the iOS Keychain.

All of this stays on your device.

3. Data Whiteforge receives

None. MailSearch does not send your mail, attachments, contacts, OAuth tokens, IMAP credentials, search queries, search results, or telemetry to Whiteforge. There are no Whiteforge servers in the data path. The app does not contain analytics SDKs, advertising SDKs, or third-party tracking libraries.

4. Gmail (Google accounts)

If you connect a Gmail account, MailSearch uses Google’s OAuth 2.0 to obtain permission to read your mail.

4.1 OAuth scopes requested

https://www.googleapis.com/auth/gmail.readonly — read-only access to your Gmail messages and metadata. Used to fetch your messages so MailSearch can index them on your device.

This is the only Google scope MailSearch requests. MailSearch does not request mail.google.com or any other Google scope.

4.2 Google API Services User Data Policy

MailSearch’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

MailSearch uses Gmail data only to provide and improve the user-facing search feature that the gmail.readonly scope is requested for.
MailSearch does not transfer Gmail data to others, except as necessary to provide that user-facing feature (for example, displaying your messages within the app’s user interface on your device), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with your explicit prior consent.
MailSearch does not use or transfer Gmail data for serving advertising, including personalised advertising.
MailSearch does not allow any human — including Whiteforge employees and contractors — to read your Gmail data, except where you have given explicit consent for specific messages (for example, when you forward a message to us as part of a support request), where it is necessary for security purposes (such as investigating abuse), where required by applicable law, or where the data has been aggregated and is used for internal operations in compliance with applicable privacy and confidentiality requirements.

4.3 Revoking access

You can disconnect a connected Gmail account from inside MailSearch at any time (Settings → the account → Disconnect). When you do, MailSearch revokes the OAuth token with Google and deletes the local index for that account.

You can also revoke MailSearch’s access at any time from your Google Account at myaccount.google.com/permissions.

5. Outlook / Microsoft 365 (Microsoft accounts)

If you connect a Microsoft account (personal, work, or school), MailSearch uses Microsoft’s OAuth 2.0 (Microsoft Graph) to obtain permission to read your mail.

5.1 OAuth scopes requested

Mail.Read — read-only access to messages in your mailbox. Used to fetch your messages so MailSearch can index them on your device.
User.Read — used at connection time to look up your display name and primary email address, so MailSearch can label the account in its user interface.
offline_access — provides a refresh token so MailSearch can re-sync your mail without prompting you to sign in again.

5.2 Use of Microsoft data

The same on-device-only arrangement applies as for Gmail: your mail stays on your device. Whiteforge does not receive Microsoft mail content, attachments, addresses, contacts, or tokens. MailSearch does not use Microsoft data for advertising and does not allow humans to read it, subject to the same narrow exceptions described in section 4.2.

5.3 Revoking access

Disconnect the account from inside MailSearch to delete the local index and discard the tokens. You can also revoke MailSearch’s access from your Microsoft account dashboard at account.microsoft.com.

6. iCloud Mail and other IMAP accounts

If you connect an iCloud Mail or other IMAP account, MailSearch connects directly from your device to the provider’s IMAP server over TLS using the credentials you supply. For iCloud, this is an app-specific password generated at appleid.apple.com.

Mail is fetched and indexed on your device. No Whiteforge server is involved. The credentials are stored in the iOS Keychain on your device. Removing the account from MailSearch deletes the credentials and the local index.

7. Where data is stored

Mail content and the search index — on your device, inside the app’s sandboxed container. Subject to standard iOS device backups (e.g., iCloud Backup or encrypted iTunes/Finder backups) if you have those enabled for the device.
OAuth tokens and IMAP credentials — in the iOS Keychain on your device.
Diagnostic logs — brief logs may be kept on your device to help with troubleshooting. They do not include message bodies. They are not sent to Whiteforge.

Whiteforge does not receive any of the above.

8. Deletion

Disconnecting an account — removes the OAuth token (and revokes it with Google or Microsoft, where applicable) or IMAP credentials, and deletes the local index for that account.
Uninstalling MailSearch — removes the app’s container and Keychain entries. Everything held by the app goes with it.

You can do either at any time, without contacting us.

9. Children

MailSearch is not directed at children under 13. We do not knowingly collect personal information from children.

10. Your rights

If you are in the UK or the EU, you have rights under the UK GDPR and the EU GDPR — including the rights of access, rectification, erasure, restriction, objection, and the right to lodge a complaint. Because MailSearch does not transmit your data to us, most of these rights are effectively under your direct control through the app, the iOS settings on your device, and your account with the mail provider. If you have a question about your data in MailSearch, email us at the address below.

You can complain to the UK Information Commissioner’s Office at ico.org.uk.

11. Changes to this policy

If we change this policy, we will update the “Last updated” date at the top. Material changes will be summarised at the top of the policy for a reasonable period.

12. Contact

For privacy questions about MailSearch:

Whiteforge Technologies Ltd
support@whiteforgetech.co.uk