Privacy Policy
Last updated: May 2026
Your Data Stays on Your Device
SagaMail is a native macOS application. Your emails, contacts, account credentials, and preferences are stored locally on your Mac in an SQLCipher-encrypted database. We do not operate cloud servers that relay, store, or process your email content. Your emails never leave your Mac, except when sent or received through your own email provider.
What We Collect
When you purchase a license or create an account on app.sagamail.app, we collect:
- Email address (for license delivery and account management)
- Name (optional, for personalization)
- License key and activation status
- Payment information (processed by Stripe — we never see your full card number)
What We Don't Collect
- Email content, attachments, or metadata
- Contact lists or address books
- Email account passwords or OAuth tokens
- Usage analytics or telemetry from the desktop app
- Browsing history or IP-based tracking
OAuth Authentication (Google & Microsoft)
When you sign in to a Gmail or Microsoft 365 account, OAuth 2.0 happens directly between your Mac and the provider. SagaMail receives the access token and refresh token from Google or Microsoft and stores them exclusively in the macOS Keychain on your device. These tokens are never transmitted to or stored on SagaMail servers.
During OAuth, the provider returns:
- An access token (short-lived) used to call the provider's API
- A refresh token (long-lived) used to renew the access token
- The authenticated account's email address
We store only those three values, locally, in the Keychain. You can revoke SagaMail's access at any time through your Google Account or Microsoft Account security settings, which immediately invalidates the tokens.
Gmail API use. When you connect a Gmail account, SagaMail uses the Gmail API to: read and display your messages and threads; read and manage labels; send email on your behalf; and update message state (read/unread, starred, archived, trash). SagaMail's use of Gmail API data is limited solely to providing the in-app email client experience. Gmail data is never used for advertising, profiling, training AI models on our behalf, or any purpose unrelated to delivering email management features directly to you. No Gmail content is transmitted to or processed on SagaMail servers at any time.
AI Features (Bring Your Own Key)
All AI features in SagaMail are BYOK (Bring Your Own Key). You supply your own API key from Anthropic, OpenAI, or Google. When you use an AI feature (summarization, AI Chat, Smart Compose, writing assistant, calendar extraction, PHIPA scanning), the relevant email content is sent directly from your Mac to your chosen AI provider using your own API key.
SagaMail does not intermediate, proxy, log, or store this data. The conversation is governed entirely by the privacy and retention policies of the AI provider you have chosen, under the account you control.
Email Open Tracking
Email open tracking (read receipts via tracking pixel) is opt-in only and disabled by default. When you explicitly enable it for a specific outgoing email, SagaMail embeds a 1×1 transparent image referencing a per-email URL.
We do not store recipient behavior data, IP addresses, or open/read timestamps on any SagaMail server. If a tracking pixel is loaded, the result is delivered back to your local Mac and visible only to you. You can disable tracking globally at any time from Settings.
Third-Party Services
Sender logos and avatars. When the "Allow Sender Logos & Avatars" setting is enabled (opt-in), SagaMail may fetch sender brand logos from Clearbit, Google favicon service, or DuckDuckGo's icon API. These requests are made directly from your Mac. When the setting is off, no external requests are made for logos.
Breach monitoring. Optional breach checks use the Have I Been Pwned (HIBP) API. SagaMail sends only the first 5 characters of a SHA-1 hash of the email address (k-anonymity model), so the full address is never transmitted.
Hosting and payments. Cloudflare provides hosting and DDoS protection for our marketing site and license server. Payment processing is handled by Stripe. Neither service has access to your email content.
PHIPA & Healthcare Accounts
For users in regulated healthcare environments, SagaMail offers an optional outgoing email scanner that flags potential Personal Health Information (PHI) before sending. This scanner is opt-in via Settings → AI → PHIPA.
No PHI is transmitted to SagaMail servers. When using a local-only scanning model, content stays on your Mac. When configured to use a cloud AI provider for scanning, content is sent to that provider under your own API key (see the AI Features section above) — SagaMail still does not see, store, or log the content.
Web App (app.sagamail.app)
The web app portal is used for license management and account settings. Authentication uses secure, HTTP-only cookies. Session data is encrypted at rest. The web portal does not have access to your local email database.
Data Deletion & Uninstalling
Uninstalling SagaMail by dragging the app to the Trash removes the application but leaves your local data behind. To fully remove all SagaMail data from your Mac:
- Quit SagaMail.
- Move
/Applications/SagaMail.appto the Trash. - Delete the data folder:
~/Library/Application Support/Saga/ - Open Keychain Access, search for "SagaMail" or your account email, and delete any matching entries (these are your OAuth tokens and IMAP/SMTP passwords).
- Optionally, remove preferences:
~/Library/Preferences/com.vohux.SagaMail.plist
To delete your license account on app.sagamail.app, contact us and we will permanently erase your account record within 30 days.
Contact
Questions about privacy? Email info@vohux.com.