MailSearch privacy policy
Summary. MailSearch indexes your email locally on your Mac. To do that it has to fetch your mail from your provider (Gmail, Outlook, iCloud, IMAP) — those connections go directly from your Mac to the provider, with no Whiteforge servers in the path. Your mail content, search index, authentication tokens, and search queries never leave your device. There are no Whiteforge analytics or telemetry — ever.
1. Introduction
This policy explains how MailSearch handles your data. MailSearch is a macOS application published by Whiteforge Technologies Ltd (“Whiteforge”, “we”), a company registered in England and Wales (company number 17224707). It connects to mail accounts you authorise (Gmail, Outlook / Microsoft 365, iCloud Mail, generic IMAP) and builds a full-text search index of the messages on your Mac.
Unlike the other Whiteforge apps, MailSearch does make outbound network connections by design — it has to, to fetch your email. Those connections go to your mail provider, not to Whiteforge.
This policy is for the MailSearch app. The whiteforgetech.co.uk website has its own privacy policy.
2. What MailSearch holds on your Mac
While MailSearch is running it holds, locally on this device only:
- For each connected account: the account’s identifier (typically your email address), the provider type (Gmail / Outlook / iCloud / IMAP), the server hostname for IMAP accounts. Persisted to
~/Library/Application Support/uk.co.whiteforgetech.mailsearchmac/accounts.json. - OAuth access + refresh tokens (Gmail, Outlook) or app-specific passwords (iCloud, generic IMAP). Stored in your macOS Keychain, never on disk in plain text. See section 5.
- An on-device SQLite full-text index containing your messages’ subjects, senders, recipients, body text (up to 50 KB per message), and text extracted from PDF / RTF / plain-text attachments (up to 20 KB per message). At
~/Library/Application Support/uk.co.whiteforgetech.mailsearchmac/mailsearchmac.db. - Optionally, a cached HTML body for messages you’ve recently opened in the in-app viewer, in the same database file. Discarded when the row is deleted (via disconnect or wipe).
- Your current search query while you’re typing.
None of this leaves your device.
3. Data Whiteforge receives
None. MailSearch does not send your email, your tokens, your search queries, or your usage to Whiteforge. There are no Whiteforge servers in the mail-fetching data path. The app contains no analytics SDKs, no crash-reporting SDKs, no advertising SDKs, no third-party tracking libraries.
The single optional exception is the auto-update check described below, which (when enabled) makes one HTTPS request per launch to GitHub. That request still does not pass through Whiteforge servers.
4. Network activity
MailSearch makes the following kinds of network connections:
4.1 Mail-fetching (per connected account)
When you click Sync now or open the app with auto-sync enabled, MailSearch connects to the mail provider you authorised:
- Gmail — HTTPS to
oauth2.googleapis.com(token refresh) andgmail.googleapis.com(message list + content + attachments). - Outlook / Microsoft 365 — HTTPS to
login.microsoftonline.com(token refresh) andgraph.microsoft.com(message list + content + attachments). - iCloud Mail — TLS IMAP to
imap.mail.me.com:993using the app-specific password you generated at appleid.apple.com. - Generic IMAP — TLS IMAP to the server / port you supplied during account setup.
These requests deliver the bytes of your mail to your Mac. Whiteforge is not on this path. We do not see your mail or any aspect of it.
4.2 OAuth consent (one-off per Gmail / Outlook account)
When you click + Add Gmail or + Add Outlook, MailSearch opens the provider’s consent page in your default browser. That page is hosted by Google / Microsoft respectively. After you grant access, the browser redirects to a one-shot loopback HTTP listener on 127.0.0.1 / localhost running inside MailSearch on your Mac. The listener picks up the authorisation code, MailSearch swaps it for access + refresh tokens via the provider’s token endpoint, and the loopback server shuts down. The whole exchange happens on your machine; Whiteforge is not involved.
4.3 Optional auto-update check
MailSearch can optionally check for newer versions on launch. This is off by default. If you enable it in Settings → Updates (or via the first-run modal), the app makes one HTTPS request per launch to https://github.com/whiten1968/MailSearchMac-downloads/releases/latest/download/latest.json. The request contains no mail content, no tokens, no telemetry. GitHub sees your IP address and the fact that something is requesting the manifest. You can revoke consent at any time.
5. How authentication tokens are stored
Credentials for each connected account live in the macOS Keychain — the OS-managed encrypted credential store, the same place Mail.app, Safari, and other native apps store passwords. Specifically:
- OAuth tokens (Gmail, Outlook) live under the Keychain service
uk.co.whiteforgetech.mailsearchmac.oauth. - IMAP passwords (iCloud, generic IMAP) live under
uk.co.whiteforgetech.mailsearchmac.imap.
Tokens are accessed by MailSearch when it needs to authenticate to your provider. They are never written to log files or to disk outside the Keychain. Disconnecting an account (Settings → the account’s Disconnect button) deletes the Keychain entry, deletes that account’s indexed messages from the local store, and best-effort revokes the OAuth token at the provider (for Gmail; Microsoft Graph has no public revoke endpoint).
6. Your mail provider's role
MailSearch reads your mail from your provider; your provider therefore sees that you’re reading it. Each provider has its own privacy policy and visibility into your account:
- Google (Gmail): policies.google.com/privacy. Google logs API requests as part of normal Gmail use; MailSearch’s reads are visible to you in your Google Account → Security → Third-party apps with account access.
- Microsoft (Outlook / Microsoft 365): privacy.microsoft.com. Visible in your Microsoft account’s sign-in activity.
- Apple (iCloud Mail): apple.com/legal/privacy/. App-specific passwords show up under your Apple ID’s Sign-In and Security page.
- Other IMAP providers: see your provider’s own privacy policy.
Revoking MailSearch’s access at the provider side will end its ability to fetch new mail from that account.
7. Where data is stored on this Mac
- Search index + body cache:
~/Library/Application Support/uk.co.whiteforgetech.mailsearchmac/mailsearchmac.db(and its-wal/-shmsidecar files). - Connected-account list:
~/Library/Application Support/uk.co.whiteforgetech.mailsearchmac/accounts.json. Contains the account id (typically your email), provider kind, display name, and the IMAP server hostname for IMAP accounts. No passwords, no tokens. - Tokens + IMAP passwords: macOS Keychain (see section 5).
- Settings preferences (auto-update toggle, last-used UI state): browser-style
localStorageinside MailSearch’s WebView, scoped to MailSearch only.
8. Deletion
- Disconnect a single account: deletes its OAuth token / IMAP password from Keychain, deletes its indexed messages + cached bodies from the local store, removes its entry from
accounts.json. Best-effort revoke against the provider for Gmail. - Uninstall MailSearch: move MailSearch.app to Trash and empty. To also remove your local data: delete
~/Library/Application Support/uk.co.whiteforgetech.mailsearchmac/. Keychain entries persist until you remove them in Keychain Access.app → search formailsearchmac. (Or disconnect every account before uninstalling, which deletes them cleanly.)
9. Children
MailSearch is not directed at children under 13. We do not knowingly collect personal information from children.
10. Your rights
If you are in the UK or the EU, you have rights under the UK GDPR and the EU GDPR — including the rights of access, rectification, erasure, restriction, objection, and the right to lodge a complaint. Because MailSearch does not transmit your data to Whiteforge, these rights are largely exercised through the app itself + your mail provider. You can complain to the UK Information Commissioner’s Office at ico.org.uk.
11. Changes to this policy
If we change this policy we will update the “Last updated” date at the top. Material changes will be summarised at the top of the policy for a reasonable period.
12. Contact
For privacy questions about MailSearch:
Whiteforge Technologies Ltd
support@whiteforgetech.co.uk