BlackMail Privacy Policy

Last updated: [insert date] · Questions? Email us at info@blackmail.email.

BlackMail is an email client focused on privacy and control. This Privacy Policy explains what information we (the BlackMail app and its related services) collect, how we use it, and what rights you have.

If you have any questions, you can always contact us at: info@blackmail.email.

1. Quick summary (in plain language)

In short:

We do not collect or sell your email content or inbox data.
Your email accounts are added directly in the app on your device. We never store your email password or mailbox tokens on our servers.
The BlackMail iOS app uses Apple’s Keychain and iCloud-based secure storage (tied to your device and Apple ID) to store account details and tokens securely and to help you move to new devices more easily. These stay in your private iCloud/Keychain; we don’t see those passwords or tokens.
BlackMail uses access-less notification mechanisms: our servers receive minimal “new mail” event data for supported providers, and your device may perform occasional background checks for other providers. In both cases, your passwords and long-lived tokens are never transmitted to our servers.
Our notification services and background sync design do not give our servers full mailbox access. Even if we became malicious or were legally compelled, the notification system itself does not allow us to log in and read your inbox.
AI-assisted replies are generated locally on your device using Apple’s on-device Foundation models. Neither we nor Apple receive the email text or the AI-generated replies from these features.
We only sell BlackMail through the Apple App Store. Apple, not us, handles your purchase details and payment methods.
You can opt into an email list to hear about new features and updates. If you join, we only store the email address you give us, and you can unsubscribe anytime.
You can send us comments through an in-app feedback button, which opens an email. We only receive what you choose to send in that email (including any logs you manually choose to paste and submit).
We do not run in-app advertising or sell your data to third-party marketers.
Our liability is limited to at most the total subscription fees you paid for BlackMail in the 12 months before any claim, to the extent allowed by law.

2. Who we are

“BlackMail,” “we,” “our,” or “us” refers to the developers and operators of the BlackMail iOS application and its related backend notification services.

We provide a mobile email client that connects to your existing email accounts and helps you manage them more efficiently. We do not provide email hosting.

3. What information we collect (and what we don’t)

3.1 Information we do not collect

BlackMail is designed so that your email data stays primarily between your device and your email provider.

We do not:

Store full copies of your inbox on our servers.
Store the content of your emails (subject lines, bodies, attachments) on our servers.
Store your email account passwords or mailbox tokens on our servers.
Scan your emails for marketing or advertising.
Sell or rent your data to third parties.

Any mailbox data the BlackMail iOS app downloads as part of normal usage is stored locally on your device, under your control, and handled by the app itself.

3.2 Information handled by Apple

Because BlackMail is sold exclusively through the Apple App Store:

Purchases and payments (including your payment method) are processed by Apple, not by us.
Apple may provide us with aggregated information such as total sales, regions, and crash analytics. This is typically not enough for us to identify you personally unless you contact us directly and share more details.

To understand how Apple handles your data, please refer to Apple’s own privacy policies.

3.3 Email accounts, credentials, and secure storage (on your device)

When you add an email account in BlackMail:

Your email address, server settings, and access tokens/passwords are stored locally on your device.
The BlackMail iOS app uses Apple’s Keychain and iCloud-linked secure storage to hold these credentials and account details. This may include:
- iOS Keychain for secure, encrypted storage on your device.
- Your private iCloud data (for example, via iCloud Keychain or similar secure Apple mechanisms) to keep credentials and account configuration in sync across your own devices signed in with the same Apple ID.

What this means in practice:

Your device uses these credentials to connect directly to your email provider (for example, via IMAP/SMTP or OAuth-based sign-in).
The secure storage and sync are managed by Apple’s systems as part of your private iCloud environment.
We do not have direct access to your passwords, tokens, or account details stored in this way on Apple’s infrastructure.
The BlackMail iOS app does not transmit your passwords or long-lived mailbox tokens to our servers. They are used only on your device to talk directly to your email provider.

In other words: your device talks to your email provider using credentials the BlackMail app keeps in Keychain/iCloud; our servers never see those credentials.

3.4 Notifications and background sync (access-less design, no mailbox access)

BlackMail uses notifications to let you know when new emails arrive or when your inbox changes. On iOS, notifications are controlled by the operating system:

You can allow or deny notifications in iOS settings at any time.
We do not require any separate “marketing notifications opt-in” beyond the standard system permission.

Because different email providers work differently, BlackMail uses two approaches. In both cases, your passwords and long-lived tokens are not sent to our servers, and the notification system does not give our backend full mailbox access.

3.4.1 Providers that support access-less push or events

Some providers (for example, modern hosted services like Microsoft 365 / Exchange Online or other advanced platforms) support mailbox event notifications or similar mechanisms. For these providers, we use an “access-less” push model:

Our backend subscribes to mailbox events in a way that is designed to avoid storing full inbox-reading credentials and does not require us to download your message content.
When a new message or mailbox change occurs, the provider sends our backend a minimal event, such as:
- “New message arrived in folder X”
- A technical identifier like a folder ID or message ID.
Our backend then:
- Uses your device’s Apple Push Notification service (APNS) token to ask Apple to deliver a push notification to your iPhone or iPad.
- Does not fetch, store, or index the message body or attachments.
- Does not receive your password or long-lived mailbox tokens.

In this model:

Your full mailbox credentials stay on your device in Apple’s Keychain/iCloud-secured storage, managed by the BlackMail iOS app, not on our servers.
The notification service does not have the technical ability to log in to your mailbox and read messages.
Even if we became malicious, or were legally compelled to try, the notification service by itself does not give us the keys or direct mailbox access needed to download your email content.

We use the limited notification metadata only to decide that “this account/folder has new activity” and to trigger the appropriate APNS notification. We do not use this data for advertising, profiling, or resale.

All communication involving our notification services is protected with encryption in transit (for example, TLS), so data is encrypted while it moves between systems.

3.4.2 Providers that do not support access-less events (e.g., many cPanel / generic IMAP hosts)

Some email providers (for example, many cPanel-based or generic IMAP hosts) do not offer a safe way to send us new-mail events without also giving our servers full mailbox access.

For these providers, we take a more device-centric approach:

Only the BlackMail iOS app on your device stores the credentials needed to access your inbox, in Apple’s Keychain/iCloud-secured storage.
Your device uses those credentials directly to talk to your email provider; they are not sent to our servers.
The BlackMail app uses iOS’s background fetch and background task mechanisms to check for new mail when the system allows it. These checks are:
- Opportunistic and scheduled by iOS (not continuous).
- Limited in how often they can run, to protect battery life.
When new mail is detected during one of these background syncs:
- The BlackMail app creates a local notification on your device, using iOS’s notification framework.
- No information about the content of your messages is sent to our servers in order to notify you.

In this model, our servers do not need, and do not have, the credentials required to log in to your inbox. All message fetching and detection happens on your device, directly between the BlackMail app and your email provider.

If you disable notifications at the system level, the app will no longer show alerts for new mail.

3.4.3 What this means for access and compulsion

Because of the designs described above:

For providers that support access-less events, our backend sees limited technical event data and APNS tokens, but not your full credentials or message bodies.
For providers that do not support such events, new mail detection happens on-device and notifications are generated locally, without server involvement.

In both cases:

Our systems are not designed to function as a general-purpose inbox reader.
We do not operate a service that can simply log in and read your email from our side using the notification infrastructure.
Your passwords and long-lived mailbox tokens are never transmitted to our servers.

Even if we were to become nefarious, or if we were legally compelled to try to access your content:

We do not have full mailbox credentials stored in our notification service, and
We do not have a technical interface in that service that lets us download and read all of your messages.

In most cases, the only information available from our own systems is limited to technical metadata (for example, logs showing that a notification event was processed), not the actual contents of your email.

3.5 Optional email distribution list (marketing emails)

If you choose to opt in to our email distribution list (for example, to hear about new features, betas, or tips), we may collect:

Your email address.
Optionally, your name or any information you choose to include when you sign up.

We use this only to:

Send you feature announcements, updates, or occasional surveys.
Track basic engagement (e.g., whether an email was opened) in aggregate, if our email provider supports it.

You can unsubscribe at any time using the link at the bottom of these emails or by contacting us at info@blackmail.email.

We may use a third-party email service provider to send these messages, and that provider will process your email address strictly for this purpose.

3.6 Feedback and support communications

BlackMail includes a feedback button in the app’s settings. When you tap it:

The BlackMail app opens an email addressed to us (for example, info@blackmail.email or a dedicated support address).
You choose what to write and whether to include any screenshots or other information.

When you contact us via that feedback button or any other email, we may receive:

Your email address.
The content of your message and any details you provide (e.g., device model, iOS version, screenshots, connection details you chose to paste, or other diagnostic information).

We use this only to:

Respond to your inquiry.
Troubleshoot issues and improve the app.

Except for Apple-provided crash reports (described below), we do not automatically send diagnostic logs to our servers. When logs are involved, you see them first and decide whether to send them to us.

We may keep records of support emails (including any logs you choose to send) to help with future debugging and to spot recurring issues.

3.7 Technical logs and user-submitted diagnostics

The BlackMail ecosystem involves two kinds of technical information that may relate to logs:

Apple-provided crash reports and diagnostics
Depending on your system settings and Apple’s own privacy controls, Apple may send us crash reports or diagnostic information for the BlackMail app. These reports are handled under Apple’s terms and are typically used to:
- Understand crashes or hangs.
- Improve stability and performance.
The content and level of detail in these reports are determined by Apple and your system preferences, not by us.
User-submitted connection and setup logs (manual, opt-in)
When you have trouble setting up an account or connecting to a provider in BlackMail, the app may offer a “Copy Logs” button on the account setup or troubleshooting screens. This is designed to help you share detailed diagnostics only if you choose to do so.
- When you tap “Copy Logs”, the BlackMail app:
  - Generates a diagnostic log related to the connection or setup attempt (for example, server names, ports, protocol responses, and error messages).
  - Intentionally removes your password from the log and may redact other obviously sensitive credential strings where practical.
  - Copies the log text to your device’s clipboard.
- The log is not automatically sent anywhere. You remain in full control of it.
- You can then:
  - Paste the log into an email to us, or
  - Paste it into a contact form on our website, or
  - Choose not to send it to anyone at all.
This design has two important privacy properties:
- You see exactly what you send. Because the log is copied to your clipboard, you can read it before you paste it, and you decide whether and where to send it.
- We only receive what you choose to share. We do not automatically collect these logs on failures. We only receive diagnostic log content if you actively paste and submit it to us via email or our website.
If you do send us such a log, we may retain it alongside your support request to help diagnose compatibility issues with different email providers and to improve the app. These logs may include technical details such as:
- Email provider hostnames and ports.
- Error codes or protocol responses.
- Non-content metadata about connection attempts.
They are intended for troubleshooting only and are not used for advertising or profiling.

3.8 On-device AI features (Apple Foundation models)

BlackMail includes AI-assisted reply features that help you draft responses more quickly. These are designed with privacy in mind:

AI processing happens locally on your device, using Apple’s on-device Foundation models (or equivalent on-device models provided by Apple).
When you ask BlackMail to suggest a reply, the text of your email and the generated reply stay on your device.
Neither we nor Apple receive the email text or the AI-generated reply as part of this on-device process.
We do not send your message content to our servers or to any third-party AI service for these AI reply features.

In simple terms: the AI that helps you write emails runs on your iPhone/iPad itself, not in our cloud.

4. How we use your information

We use the limited information we collect to:

Operate, maintain, and improve the BlackMail app and its notification services.
Provide customer support and respond to your requests and feedback emails (including any logs you explicitly choose to submit).
Send you optional product update emails if you opt into our distribution list.
Maintain security, prevent abuse, and troubleshoot technical issues.
Comply with legal obligations where applicable.

We do not sell your data and do not use it to serve ads.

5. How we share information

We may share information only with:

Service providers
For example, providers that:
- Send email on our behalf (our mailing list provider).
- Host our backend notification or logging infrastructure.
These providers are allowed to use your information only to perform services on our behalf and must handle it securely.
Apple and platform providers
- To deliver push notifications (via Apple Push Notification service).
- As part of App Store transactions, crash reports, and related services.
- To store and sync your credentials via Apple’s Keychain/iCloud mechanisms, under their own privacy and security controls.
Legal and safety reasons
We may disclose information if we believe it is reasonably necessary to:
- Comply with a law, regulation, legal process, or government request.
- Protect the safety, rights, or property of our users, ourselves, or the public.
Even where we are legally required to disclose information, the scope of what we can provide is limited by our technical design. For example, our notification services either (a) receive only minimal event data from providers that support access-less events, or (b) are not involved at all when notifications are generated locally on your device. They do not store full mailbox credentials or email content, so we are not able to provide access to your inbox or message bodies through those systems, even if asked or compelled to do so. In most cases, the only information we can provide from our own systems is limited technical metadata (such as logs indicating that a notification was triggered), not the content of your email.
Business transfers (if applicable)
If we are involved in a merger, acquisition, or sale of assets, we may transfer relevant data as part of that transaction, subject to continuing privacy protections.

We do not sell, rent, or trade your personal information for marketing purposes.

6. Data security

We take reasonable technical and organizational measures to protect the information we handle, including:

Encryption in transit (such as TLS) between your device, our servers, and Apple’s notification services.
The BlackMail iOS app uses Apple’s Keychain and iCloud secure storage to manage credentials and account data with strong encryption on your device and in your private iCloud.
Limiting what data our servers ever see in the first place (no email content, and no passwords or long-lived mailbox tokens).
Restricting access to operational systems to authorized personnel.

No system is perfectly secure, but our design goal is to minimize what we collect and store so there’s less to protect in the first place.

7. Data retention

Because BlackMail is primarily a client-side app:

Most of your email data is stored locally on your device and follows your own device backup and deletion choices.
Credentials and account information stored in Keychain or iCloud are governed by Apple’s systems and your Apple ID settings.
Notification and technical logs on our servers are retained only as long as reasonably necessary for:
- Operating the service.
- Troubleshooting.
- Security and compliance requirements.

For our email distribution list, we keep your email address until you unsubscribe or we no longer need to send communications. You can unsubscribe at any time.

Support emails and any diagnostic logs you choose to send us may be retained as long as reasonably necessary to:

Understand and fix issues.
Keep historical context for recurring problems.
Comply with legal or regulatory obligations.

8. Your choices and rights

8.1 In the app and on your device

You can:

Add or remove email accounts at any time.
Adjust notification settings in iOS system settings at any time.
Turn off AI reply features if you choose not to use them.
Choose whether to generate and send diagnostic logs to us; you always see them before sending.
Delete the app, which removes the app’s local data stored on your device (subject to any device backups you control).

8.2 Email updates

You can:

Opt in or out of our feature announcement list.
Unsubscribe from marketing or update emails at any time using the link in the email or by contacting us at info@blackmail.email.

8.3 Privacy rights by region

Depending on where you live, you may have additional rights (for example, access, correction, deletion, or portability of certain data). If you believe you have such a right and want to exercise it, you can contact us at info@blackmail.email, and we’ll do our best to respond consistent with applicable laws.

Because we intentionally collect very little personal data, in many cases we may not have much (or any) personally identifiable information to provide or delete.

9. Children’s privacy

BlackMail is not intended for children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us at info@blackmail.email so we can take appropriate steps.

10. International users

Our services may be operated from servers located in countries other than your own. By using BlackMail, you understand that your information may be processed in these locations, which may have different data protection laws than your country.

Regardless of where processing occurs, we handle your information as described in this Privacy Policy.

11. Limitation of liability

To the maximum extent permitted by law, our total liability for any claims arising out of or related to your use of BlackMail (including privacy or data-related claims) is limited to the total amount of subscription fees you paid for BlackMail in the twelve (12) months immediately before the event giving rise to the claim.

This limitation:

Applies to all types of claims (contract, tort, negligence, etc.).
Does not exclude liability where such exclusion is prohibited by law (for example, certain consumer protection rights or liability for intentional misconduct).

Some jurisdictions do not allow certain limitations of liability, so this section may not fully apply to you. In that case, the limitation applies only to the extent allowed in your area.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time as the app evolves or legal requirements change. If we make a material change, we will:

Update the “Last updated” date at the top of this page, and
Where appropriate, notify you in the app or via email.

Your continued use of BlackMail after changes are posted means you accept the updated policy.

13. Contact us

If you have questions, comments, or concerns about this Privacy Policy, or about how we handle data, please contact us:

Email: info@blackmail.email

Important note (not legal advice): This document is a template based on how BlackMail is intended to work technically and from a privacy perspective. Laws differ by country and region, and app store requirements can change. A qualified attorney should review and adapt this policy for your specific business and jurisdictions before you treat it as final.