Privacy Policy

Last Updated: February 10, 2026

1. What Data We Access

ThunderSweep requires the following permissions to function:

• Gmail Access: Read and modify your Gmail messages to scan attachments and delete emails you select.
• Identity: Authenticate your Google account using OAuth 2.0.
• Storage: Store your preferences and scan history locally in your browser.

2. How We Process Your Data

100% Local Processing:

• All email scanning happens in your browser using JavaScript
• Attachment analysis is performed locally on your device
• Pattern matching for sensitive data occurs entirely client-side
• No email content is ever sent to our servers or any third-party servers

3. What Data We Store

Locally in Your Browser (Chrome Storage API):

• OAuth tokens for Gmail API access
• Your scan history (dates and counts only, not email content)
• User preferences and settings
• License key (if you purchase the paid version)

We Do NOT Store:

• Email content or subject lines
• Attachment files or their contents
• Sender or recipient information
• Any personally identifiable information from your emails

4. Data Sharing

We do not share, sell, rent, or trade your data with anyone. Period.

• No third-party analytics: We don't use Google Analytics or similar tools
• No advertising: We don't share data with advertisers
• No data brokers: We don't sell or provide data to third parties

5. OAuth and Gmail API

ThunderSweep uses Google's OAuth 2.0 for secure authentication:

• You explicitly grant permission through Google's official consent screen
• We only request the minimum necessary permissions (read and modify Gmail)
• You can revoke access at any time through your Google Account settings
• OAuth tokens are stored securely in your browser's local storage

6. Payment Information

If you purchase the paid version:

• Payment processing is handled by our payment provider (Stripe/Gumroad)
• We do not store or have access to your credit card information
• We only receive a license key to activate your extension
• Your email address may be collected solely for sending the license key

7. Security

We take security seriously:

• All communication with Gmail API uses HTTPS encryption
• OAuth tokens are stored securely using Chrome's storage API
• No server-side database means no risk of data breaches
• Source code is open source and available for security review

8. Your Rights

You have complete control over your data:

• Access: All your data is stored locally - you can inspect it in Chrome DevTools
• Deletion: Uninstall the extension to remove all local data
• Revoke Access: Disconnect your Gmail account at any time through the extension or Google Account settings
• Export: Export your scan results as CSV before deletion

9. Children's Privacy

ThunderSweep is not intended for children under 13. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the "Last Updated" date at the top of this page. Continued use of ThunderSweep after changes constitutes acceptance of the updated policy.

11. Open Source Transparency

ThunderSweep's source code is available for review on GitHub. You can verify that we do what we say:

• Review the scanning logic
• Verify no data is sent to external servers
• Audit the security implementation
• Contribute improvements or report issues

12. Contact Us

If you have questions about this privacy policy or how we handle data:

• Email: support@thundersweep.com
• GitHub Issues: [Repository URL]

13. Legal Compliance

GDPR Compliance: Since we don't collect or process personal data on servers, most GDPR requirements don't apply. However, we respect user rights and provide full transparency.

California Privacy Rights (CCPA): We do not sell personal information. All processing is local.

© 2026 ThunderSweep. All rights reserved.