Privacy Policy

1. Overview

Radius is a minimal, open-source desktop email client for Gmail. This Privacy Policy explains what data Radius accesses, how it is used, and how it is protected. We believe privacy is not a feature — it is the foundation.

2. Data We Access

Radius connects to your Gmail account using OAuth 2.0 with a read-only scope. This means Radius can:

• Read your email messages (subject, sender, body, attachments metadata)
• Read your Gmail labels and folder structure
• Sync your inbox to a local database on your device

Radius cannot and does not:

• Send, delete, or modify emails
• Access your Google Contacts, Calendar, or Drive
• Share your data with any third party

3. How Your Data Is Stored

All data accessed by Radius is stored locally on your device:

• Your emails are cached in a local SQLite database on your machine
• Your OAuth access token is stored in your system keychain (Keychain on macOS, Credential Manager on Windows, Secret Service on Linux)
• No data is transmitted to or stored on any server operated by Radius

You can delete all locally cached data at any time by uninstalling Radius or clearing the application data folder.

4. Data We Do Not Collect

Radius is designed to collect as little data as possible. We do not:

• Track usage analytics or behavior
• Send crash reports or telemetry
• Use cookies or web beacons
• Display advertisements
• Sell or share any user data
• Store data in the cloud

5. Third-Party Services

Radius communicates directly with Google's Gmail API. Your data passes through:

• Google Gmail API — for fetching and syncing your emails. Governed by Google's Privacy Policy.

No other third-party services are used. There are no analytics providers, advertising networks, or cloud storage services integrated into Radius.

6. Security

We take the following measures to protect your data:

• OAuth tokens are never written to disk in plain text — they are stored in your OS keychain
• All communication with Gmail's API uses HTTPS/TLS encryption
• HTML email bodies are sanitized before rendering to prevent XSS attacks
• The application is open source, allowing independent security audits

However, no system is 100% secure. You are responsible for keeping your device and operating system secure.

7. Your Rights

Because all your data stays on your device, you have full control:

• Access — Your data is always accessible in the local SQLite database
• Deletion — Uninstall Radius or delete the app data folder to remove all cached data
• Revocation — Revoke Radius's access anytime via your Google Account permissions
• Portability — Export your local SQLite database at any time

8. Children's Privacy

Radius is not intended for use by children under the age of 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has used Radius, please contact us so we can assist with removing access.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Since Radius is a desktop application, we recommend checking this page periodically for updates.

10. Contact Us

If you have questions about this Privacy Policy or how Radius handles your data, please open an issue on our GitHub repository.