Privacy Policy

Status: DRAFT

This policy describes how Geary collects, uses, transmits and stores personal information. In general, Geary attempts to minimise the amount of personal information required, aiming to use just enough for it to function as a usable, fully featured email application, and takes proactive steps to protect your personal information from third parties.

As a Free Software application, Geary has no need for personal information beyond simply providing a great email experience for the people using it. Personal information is not provided to any third parties except as specified in this policy. As an email application, Geary is required to connect to network-based services via the Internet to exchange email, which has intrinsic implications for personal information. Further, Geary uses standard GNOME desktop services, which may also cause personal information to be collected, used, transmitted and stored.

This policy applies only to the current stable release of Geary, please ensure you are running the most recent version to ensure best compliance. If you find instances where Geary is not acting in accordance with this policy, please file an issue so we are aware of it.

This policy is subject to change and may be updated at any time. Updates will generally be announced on Discourse and Matrix. Please subscribe to this page for immediate notification of any changes.

If you have questions about this policy, please ask on GNOME Discourse and tag the question as geary, or on the Geary Matrix channel.

Important note: Due to the inherent nature of both email and network communications, some information that might personally identify you will be always be exposed to third parties when exchanging email, including your IP address, your email provider's IP addresses, and so on. Although Geary by default uses encryption when exchanging email with your email service provider, email transmission between email service providers may not be encrypted. For these reasons, it is not recommended to transmit private or sensitive personal information via email. Use a secure channel such as Signal instead.

Displaying email

Geary will make all possible attempts to protect you from forgery, tracking and other efforts to obtain your personal information by third-parties based on the content of email messages when displaying them.

Current approaches to this include:

  • Email messages containing sender and recipient email addresses or links that attempt to appear as forgeries are flagged as being deceptive when displayed and/or clicked on.
  • Images and videos in email messages that are loaded from remote third-party services are not retrieved by default, to prevent third-party tracking via these "web bugs". If you choose to selectively allow remote resource loading for a specific email or for a specific sender, then in the future remote resources for those will be loaded by default and may allow you to be tracked.
  • JavaScript in email messages is always disabled so as to avoid many possible ways to track you and leak information via cookies, local storage, remote script loading, and so on.

Additional work to improve this is planned.

Accessing email

Geary requests and stores personal information such as your name, email address, email signature, and account information including the login name and password for each email account that is added to Geary, so as to be able to access and exchange email with these services. Geary exchanges personal information with respective email service providers via the Internet only when adding new accounts, or when existing accounts are currently enabled and Geary is visible or running in the background.

Geary will use email accounts configured via GNOME Online Accounts, which will request, transmit and store such personal information that it requires to access these services. Certain email providers require that GNOME Online Accounts periodically updates its access credentials via the Internet.

Geary uses secure forms of network transmission between your device and your email providers so as to prevent third parties eavesdropping to obtain access to your personal information and email, unless Geary is explicitly configured by you or a third party to do otherwise. However Geary is subject (as are all other email applications) to the issue described in the note above in the first section of this policy regarding secure network transmission and encryption of email.

Geary downloads email that you have sent and received from your email provider via the Internet and stores it on your device. This allows it to quickly access and display your email at all times, including when offline. The Download Mail option in the settings for each added account controls how much email is downloaded. Any email older than the selected option will be removed from your device periodically, but not from your email provider.

When you organise and annotate email by creating labels (also known as folders or mailboxes), labelling/moving/copying email, marking email as important or read, flagging messages as junk, and so on, Geary will update this same information with your email provider by transmitting it to them via the Internet, so that other email applications that you use to access your email will reflect the same organisation and annotations.

When marking email as trash or junk, Geary moves the email into the respective folders. When emptying these folders, the email is marked as deleted on your device. Marked email is removed periodically from your device. Such email is also marked as deleted with your email service provider, and deleted or retained in accordance with their privacy policy and practice.

When sending email, the sender, recipients, subject and contents of your message will be transmitted to your email provider for both re-transmission and storage. The email will then be stored and re-transmitted by your email provider in accordance with their privacy policy and practices. Geary will include information in sent email identifying it and its current version as the originating email application.

Contacts

Geary uses your default GNOME desktop-wide address book to access and store contact information, including name, photo and email addresses. This will be accessed and stored on your device and may be further transmitted to third parties, depending on your device's settings and in particular if you have services added to GNOME Online Accounts with Contacts enabled.

Other applications on your device may be able to access contact information stored in the GNOME desktop-wide address book.

Geary also collects the sender and recipient email addresses for each email in each account and saves these on your device, for providing automatic completion ("auto-complete") of recipient email addresses when composing new email messages.

Data storage

Geary uses three data storage locations; configuration, cache and data, the locations of which are described in the FAQ. These are used by both Geary and by software libraries it uses to store or cache personal information, email, contacts, and other data.

For accounts added via GNOME Online Accounts, it and any services it contacts is responsible for storage of the personal information that it requests from you, including your password and access token. For other accounts added directly via Geary, passwords will be stored via the FDO Secret Service API, which is typically handled by the GNOME keyring daemon but which may vary depend on you device's settings.

When you remove an account from Geary, all data Geary explicitly collects and stores for the account is also deleted. Any data collected and stored by GNOME Online Accounts, the GNOME desktop address book, data saved outside of Geary (for example, attachments or documents opened in other applications) and other software libraries used by Geary will not be deleted.

Geary will not attempt to encrypt locally stored data except for passwords. If you require on-disk encryption, please configure your device to use encrypted home directories or full-disk encryption.

We recommend installing Geary and other applications using Flatpak from Flathub to minimise the ability of other applications running on your computer from accessing your personal information and email stored by Geary.

See also

Apps/Geary/PrivacyPolicy (last edited 2020-09-15 23:31:25 by MichaelGratton)