Privacy Policy — mesSage

Last updated: June 20, 2026

mesSage is a desktop email client developed by DuWayne Caviness. This policy explains how the app handles your data.

1. Data Storage

All data — including email credentials, OAuth tokens, email content, and settings — is stored locally on your device. mesSage does not operate any servers and does not transmit your data to the developer or any third party, except as described below.

2. Google Gmail Data

mesSage connects to your Gmail account using Google's OAuth 2.0 authorization. The app requests the gmail.modify scope, which allows it to read, compose, send, archive, label, and trash emails on your behalf.

No Gmail data leaves your device except when explicitly sent via Gmail's own API (e.g., sending an email you composed). mesSage does not store, share, sell, or transmit your Gmail data to any external service operated by the developer. Gmail data is used solely to display and manage your email within the app.

mesSage's use of Gmail data complies with the Google API Services User Data Policy, including the Limited Use requirements.

3. Microsoft Outlook Data

mesSage connects to Outlook and Hotmail accounts via Microsoft's OAuth 2.0 authorization and the Microsoft Graph API. Email data is fetched directly from Microsoft's servers to your device and is not stored or transmitted elsewhere by the developer.

4. IMAP / SMTP Accounts

For accounts connected via IMAP/SMTP (Yahoo Mail, Fastmail, and others), your email address and app password are stored locally in your device's secure credential storage. Email content is fetched directly from the provider's servers to your device.

5. AI Features

mesSage includes an optional AI assistant. If you configure it to use Claude (Anthropic), your email content may be sent to Anthropic's API to generate responses. If you use Ollama (local model), all AI processing happens entirely on your device with no data leaving it. AI features are opt-in and require you to provide your own API key.

Please review Anthropic's Privacy Policy if you use the Claude integration.

6. Offline Cache

mesSage may cache email metadata and content in a local SQLite database on your device to enable offline access and faster loading. This cache is stored in your device's app data directory and is not accessible to the developer.

7. No Analytics or Advertising

mesSage does not collect analytics, telemetry, crash reports, or any usage data. It contains no advertising. The developer has no visibility into how you use the app.

8. Auto-Updates

mesSage checks GitHub Releases for software updates. This request includes your IP address as part of the standard HTTPS connection, but no personal data is sent. Update packages are cryptographically signed and verified before installation.

9. Children's Privacy

mesSage is not directed at children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

If this policy changes materially, the updated version will be posted at this URL with a new "Last updated" date.

11. Contact

Questions? Contact: admin@cavinessproducts.com