LEGAL
Privacy Policy
Last updated: 2026-06-04
Tolomail is a Chrome extension that helps you navigate Gmail by visualizing thread structure, tracking awaiting replies, and browsing attachments. This privacy policy explains what data Tolomail accesses, what it does with that data, and what choices you have.
Summary
- Tolomail reads your Gmail in your browser to render visualizations.
- All thread data, attachments, and notes are stored locally on your device in your browser's IndexedDB and Chrome storage.
- An optional Drive backup feature (OFF by default) can mirror your notes, awaiting list, and favorites to your own Google Drive (
appdatafolder — invisible to you outside Tolomail). You enable it in Tolomail's Settings; you can disable it or delete the Drive copy at any time from the same page. - No data is sent to Tolomail's servers. We do not operate any server that receives your data.
- No third-party analytics, advertising, or tracking SDKs.
What permissions Tolomail uses, and why
| Permission | Why |
|---|---|
gmail.readonly (OAuth) | Read message bodies and headers to render thread maps + extract attachment metadata. Tolomail never writes, sends, deletes, or modifies your Gmail. |
drive.appdata (OAuth) | Used only when you turn on the optional "Drive backup" feature in Settings. Backup is OFF by default — no Drive writes happen unless you explicitly enable it. When enabled, Tolomail writes one JSON file per account to a private folder in your own Google Drive that only Tolomail can see. You can disable backup or delete the Drive file from Settings ("Delete my Drive backup" button); existing Drive data is left untouched on disable. |
openid (OAuth) | Used solely to obtain your Google Account ID for correctly namespacing multi-account data. No additional profile information is requested. |
storage | Save your Tolomail settings, notes, awaiting-reply state, and account list in your browser's local storage. |
sidePanel | Render the Tolomail attachments and thread-map views in Chrome's side panel. |
downloads | Save attachments you choose to download via the Attachments panel's Download button. Tolomail never writes to Downloads without an explicit click. |
alarms | Schedule periodic Drive backup runs. |
identity, identity.email | Identify which Google account you're using so per-account data stays isolated. |
Host permissions: mail.google.com, gmail.googleapis.com, www.googleapis.com/drive/v3, www.googleapis.com/upload/drive/v3, www.googleapis.com/oauth2/v3, oauth2.googleapis.com | Required to make authorized requests to Google's Gmail, Drive (appdata only), and OAuth userinfo endpoints on your behalf. Narrowed in v0.9.68 to the specific endpoints actually used. |
Where your data lives
| Data | Location |
|---|---|
| Thread maps, message metadata | Your browser's IndexedDB (gtv database) |
| Attachment metadata + cached blobs | Your browser's IndexedDB (gmail-attachments database) |
| Notes (per thread) | Your browser's chrome.storage.local |
| Awaiting-reply state | Your browser's chrome.storage.local |
| Account registry | Your browser's chrome.storage.local |
| Optional Drive backup (OFF by default) | Your own Google Drive (appdata folder — only Tolomail can access). Created only after you enable backup in Settings. |
| OAuth tokens | Chrome's built-in chrome.identity token cache (encrypted at rest by Chrome) |
Tolomail does not transmit any of this data to any third party. Tolomail operates no server.
Multi-account support
If you register more than one Google account in Tolomail, each account's data is stored under a separate namespace keyed by your Google account ID. Tolomail does not share data between your registered accounts.
Data deletion
| To delete | Action |
|---|---|
| One registered account + its local data | In Tolomail's popup, click "Remove" next to the account. This clears IndexedDB + storage entries for that account. |
| All Tolomail data | Uninstall the extension. Chrome automatically clears all chrome.storage.local and IndexedDB entries owned by the extension. |
| The Drive backup file | In Tolomail's Settings, click "Delete my Drive backup." Or go to drive.google.com → Settings → Manage apps → find Tolomail → Disconnect. Either deletes the appdata folder. |
| Revoke OAuth grant | Go to myaccount.google.com/permissions → find Tolomail → Remove. |
Children's privacy
Tolomail is not directed at children under 13. We do not knowingly collect data from children under 13.
Changes to this policy
We may update this policy when Tolomail adds new features. Material changes will be reflected in the "Last updated" date at the top. Continued use of Tolomail after a change constitutes acceptance.
Contact
Questions or concerns: [email protected]
Compliance
Tolomail's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.