Privacy Policy

Last updated: February 2026

This privacy policy describes how Midnight Inventions ("we," "us," or "our"), a product label of Horizon Refined Designs LLC, handles information in connection with our products and services, including VaultMail.

1. Overview

VaultMail is designed with privacy as a core principle. Your data stays on your device and is transmitted only to your email provider. We do not operate servers that process or store your email data.

2. Data We Do Not Collect

  • Usage analytics or telemetry
  • Crash reports
  • Personal information
  • Email content or metadata
  • Contact information (beyond what you voluntarily provide through our contact form)

3. Data Stored Locally on Your Device

  • Email credentials — stored securely in the macOS Keychain
  • Email messages — cached locally for offline access
  • Attachments — downloaded to your local cache directory
  • App preferences — stored in local app storage
  • Spotlight index — managed by macOS, stored locally

4. Data Transmission

VaultMail connects directly to your email provider (Gmail, iCloud, Outlook, etc.) using secure IMAP/SMTP protocols over TLS/SSL encryption. No email data passes through any Midnight Inventions servers or intermediaries.

5. Google OAuth and API Services

When you connect a Google account to VaultMail, we use Google OAuth 2.0 to authenticate your identity and access your email. Here is exactly what happens:

  • What we access: VaultMail requests access to your Gmail messages via the IMAP and SMTP protocols using your OAuth token. We access your email address for account identification and display purposes only.
  • How we use it: Your email data is used solely to display your messages within the VaultMail application on your device. We do not copy, store, analyze, or transmit your email data to any external server.
  • What we do not do: We do not read, scan, or index your email content for advertising, analytics, profiling, or any purpose other than displaying it to you. We do not share, sell, or transfer your Google user data to any third party.
  • Token storage: Your OAuth tokens are stored securely in the macOS Keychain and are never transmitted to Midnight Inventions servers.
  • Revocation: You can revoke VaultMail's access to your Google account at any time through your Google Account permissions.

VaultMail's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Contacts Access

If you grant permission, VaultMail can access your macOS Contacts to provide email address autocomplete. This data is only used locally and is never transmitted.

7. Third-Party Services

VaultMail does not integrate with any third-party analytics, advertising, or tracking services. The only external connections are to your email provider(s) and, for Google accounts, to Google's OAuth servers.

8. Data Deletion

To delete all VaultMail data from your device:

  1. Remove your accounts in VaultMail Settings
  2. Delete the app
  3. Optionally, remove Keychain entries (Keychain Access > search "VaultMail")

9. Security

  • All credentials are stored in the macOS Keychain
  • All network connections use TLS/SSL encryption
  • No plain-text passwords are stored on disk
  • OAuth tokens are stored in the system keychain, not in app files

10. Children's Privacy

VaultMail is not directed at children under 13. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date above. Continued use of VaultMail after changes constitutes acceptance of the revised policy.

12. Contact

For privacy questions or concerns, please use our contact form.