InboxFerry
Privacy Policy
Privacy information for the InboxFerry website and desktop application.
Last updated: 2026-05-11
InboxFerry is a local-first desktop application. Its core design principle is that your mail data never passes through any server controlled by InboxFerry or its operator. Data flows directly between your device and the IMAP servers you configure.
The data controller for this website and software is Florian Müller. Full contact and address details are on the Imprint page.
1. Website
This is a static product site with no embedded advertising networks, social-media widgets, or client-side analytics scripts.
Your browser may transmit a standard HTTP request log entry (IP address, browser string, timestamp, requested URL) to the hosting provider as part of normal web delivery. InboxFerry has no access to those logs; they are retained and processed by the hosting provider solely for security and operational purposes.
Legal basis (GDPR Art. 6(1)(f)): The hosting provider’s log processing is a legitimate interest of network security and delivery. No personal data is collected by InboxFerry from website visitors.
2. Desktop application — data stored on your device
The application stores the following data locally on your device. None of it is transmitted to InboxFerry or Florian Müller unless you voluntarily send it when contacting support.
| Category | Examples | Purpose |
|---|---|---|
| Account configuration | IMAP hostname, port, username | Connect to your mail server |
| Credentials | IMAP password, OAuth 2.0 access and refresh tokens | Authenticate to your mail server |
| Backup state | Folder list, message UID index, last-run timestamp | Resume and deduplicate incremental backups |
| Schedule data | Configured run interval | Run automated backups |
| License data | License key, activation status | Verify a purchased license |
| Message data (in transit) | Email headers, bodies, attachments | Transfer between your device and IMAP servers only |
Message data is never stored persistently by InboxFerry beyond what your chosen backup destination (a local folder or a destination IMAP server) holds. No copy is kept by the operator.
Legal basis (GDPR Art. 6(1)(b)): Processing is necessary to perform the service you requested (IMAP backup and migration).
3. Google account access (Gmail / Google OAuth 2.0)
When you connect a Gmail or Google Workspace account, InboxFerry uses Google OAuth 2.0. You will be redirected to Google’s sign-in flow in your browser; InboxFerry never sees your Google password.
Scope requested: https://mail.google.com/ — this is the IMAP-access scope required to read and write mail via the Gmail IMAP interface.
What InboxFerry does with Google account data:
- The OAuth access token and refresh token are stored only on your local device.
- The token is used exclusively to authenticate IMAP connections to
imap.gmail.comon your behalf. - InboxFerry does not read, cache, index, or store your email content on any server.
- Google account data is not sold, rented, or shared with any third party.
- Google account data is not used for advertising or to build user profiles.
- Google account data is not used for any purpose other than IMAP backup or migration as described here.
InboxFerry’s use of Google account data complies with the Google API Services User Data Policy, including the Limited Use requirements.
Revoking access: You can revoke InboxFerry’s access to your Google account at any time by visiting Google Account Permissions and removing InboxFerry. Revoking access removes the authorization; any locally stored backup files are not affected and remain under your control.
Legal basis (GDPR Art. 6(1)(a)): Google OAuth connection is based on your explicit consent given during the OAuth authorization flow. You may withdraw consent at any time as described above.
4. Purchases
Direct-download purchases are processed by Paddle, an independent payment processor. When you complete a purchase, Paddle collects and processes your payment and personal details under Paddle’s own privacy policy. InboxFerry does not receive or store your payment card data.
The license key issued after purchase is stored locally on your device.
5. Support communications
If you contact support by email, the information you include (email address, described issue, any log excerpts you attach) is used only to diagnose and answer your request. It is not used for any other purpose and is not shared with third parties.
Emails are retained for as long as needed to resolve the request and for a reasonable follow-up period. You may request deletion of your support correspondence at any time.
Legal basis (GDPR Art. 6(1)(b) / (f)): Processing is necessary to handle the support request you initiated.
6. Data location and transfers
All mail data that InboxFerry processes flows exclusively between your device and the IMAP servers you configure. InboxFerry does not route mail data through any intermediary server.
Support emails are handled via email infrastructure based in the EU or with appropriate transfer safeguards. No personal data is deliberately transferred to third countries outside the EEA by InboxFerry.
7. Your rights under GDPR
If you are in the European Economic Area, you have the following rights regarding personal data that InboxFerry processes (principally support correspondence, since app data stays on your device):
- Access — request a copy of data InboxFerry holds about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data.
- Restriction — request that processing be restricted while a dispute is resolved.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent (Google OAuth), you may withdraw at any time without affecting the lawfulness of prior processing.
To exercise these rights, contact support@inboxferry.com.
You also have the right to lodge a complaint with a supervisory authority. The competent authority for Germany (Schleswig-Holstein) is:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98, 24103 Kiel, Germany
https://www.datenschutzzentrum.de
Alternatively, you may contact the federal authority: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), https://www.bfdi.bund.de.
8. Changes to this policy
Material changes will be reflected by updating the “Last updated” date at the top of this page. The current version is always available at https://www.inboxferry.com/privacy/.
Contact
Privacy questions: support@inboxferry.com
Data controller contact details: Imprint