GmailKrypt
ENFR
Legal

Privacy Policy

Last updated: March 29, 2026

1. Introduction

GmailKrypt (“we”, “our”, or “us”) is a Chrome extension that provides end-to-end PGP encryption for Gmail. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

2. Data We Never Collect

GmailKrypt is built on a zero-knowledge architecture. We never collect, access, store, or transmit:

  • The content of your emails (encrypted or unencrypted)
  • Your private encryption keys
  • Your Gmail password or authentication tokens
  • Your browsing history or activity
  • Any analytics, telemetry, or usage tracking data

All encryption and decryption happens locally on your device. Email content never leaves your browser.

3. Data Stored Locally on Your Device

The extension stores the following data using Chrome's built-in storage APIs. This data remains on your device and is never sent to our servers:

  • PGP key pairs — your public and private keys, stored in chrome.storage.local
  • Contact public keys — public keys of people you communicate with
  • Usage counter — a daily count of encryptions (for free tier limits), reset each day
  • Preferences — your settings (encrypt by default, sign messages, auto-decrypt), synced across your Chrome browsers via chrome.storage.sync
  • License status — your subscription tier and expiration date

4. Data Sent to Our Servers

We only communicate with our API server (api.gmailkrypt.com) for licensing purposes. The following data may be transmitted:

  • Email address — only when you upgrade to Pro (via Stripe checkout) or restore an existing license on a new device
  • Coupon code — when you redeem a promotional code
  • License key — a Stripe customer ID or coupon reference, sent periodically to validate your subscription status

These requests are made over HTTPS. No email content, encryption keys, or browsing data is ever included.

5. Data Stored on Our Servers

Our API server stores the following for Pro subscribers:

  • Stripe customer ID and subscription ID
  • Email address associated with the subscription
  • Subscription status (active, canceling, expired) and expiration date
  • Coupon redemption status

This data is stored in an encrypted database (Upstash Redis) hosted on Vercel's infrastructure.

6. Third-Party Services

We use the following third-party services:

  • Stripe — for payment processing. Stripe collects payment information directly. We never see or store your credit card details. See Stripe's Privacy Policy.
  • Vercel — for hosting our API server and website. See Vercel's Privacy Policy.
  • Google Chrome APIs — for the identity permission, used solely to retrieve your email address for key pair association. No authentication tokens are requested.

7. Data Retention

  • Local data — remains on your device until you uninstall the extension or clear Chrome storage
  • Server data — subscription records are retained while your account is active and for 90 days after cancellation, then deleted
  • Stripe data — retained by Stripe per their data retention policies

8. Your Rights

You have the right to:

  • Access your data — all local data is visible in the extension; contact us for server-side data
  • Delete your data — uninstall the extension to remove local data; contact us to delete server records
  • Export your keys — export your PGP keys from the extension popup at any time
  • Cancel your subscription — manage or cancel via the Stripe customer portal in the extension

9. Security

All communication with our servers uses HTTPS/TLS encryption. Server infrastructure is hosted on Vercel with encrypted storage. Private keys are stored exclusively on your device and are never transmitted. We undergo regular security reviews of our codebase.

10. Children's Privacy

GmailKrypt is not intended for use by children under 13. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the extension after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this privacy policy or your data, contact us at info@gmailkrypt.com.