Last updated: June 5, 2026
Serif ("we", "our", or "the app") is an email client for Gmail, available on macOS and iOS. This policy explains what Google user data we access, how we use it, how we store it, and whether we share it.
When you sign in with your Google account, Serif requests the following OAuth 2.0 scopes. Each scope is listed below with the specific data it grants access to:
https://mail.google.com/ — full access to your Gmail account, including reading, composing, sending, deleting, and organizing emails, threads, labels, drafts, and attachments.https://www.googleapis.com/auth/gmail.settings.basic — read access to your Gmail settings, including your email signature.https://www.googleapis.com/auth/userinfo.email — your email address, used to identify your account.https://www.googleapis.com/auth/userinfo.profile — your name and profile picture, used to display your identity within the app.https://www.googleapis.com/auth/contacts.readonly — read-only access to your Google contacts, used for recipient autocomplete when composing emails.https://www.googleapis.com/auth/contacts.other.readonly — read-only access to your "Other contacts" (people you've interacted with), used for recipient autocomplete.Serif uses your Google user data exclusively to provide email client functionality. Specifically:
Serif does not use Google user data for advertising, marketing, analytics, market research, or any purpose unrelated to providing email client functionality. Serif does not use Google user data to build user profiles or for any form of tracking.
All Google user data is stored locally on your device. Serif does not transmit your data to any server we operate. The specific storage mechanisms are:
~/Library/Application Support/com.genyus.serif.app/mail-cache/ on macOS). This cache enables fast loading and offline access.All locally stored Google user data is deleted when you sign out of the app or remove it from your device.
Serif treats your Gmail data — messages, threads, attachments, contacts, OAuth tokens, and account metadata — as restricted scope sensitive data. The following protections apply:
All communication between Serif and Google's servers (Gmail API, People API, OAuth 2.0 endpoints) occurs over HTTPS with TLS 1.2 or higher, enforced by the operating system's networking stack. OAuth tokens, request payloads, and response bodies are never transmitted in cleartext. Certificate validation is performed by URLSession with the system trust store; no custom or relaxed trust evaluators are used.
OAuth refresh and access tokens are encrypted on-device using AES-256-GCM. The symmetric key is generated locally on first launch and never leaves your device. Cached email bodies, metadata, threads, labels, attachments, and avatars live inside the app's sandboxed container, which both iOS and macOS encrypt at rest using the platform's data protection (when a device passcode or FileVault is enabled).
Your Gmail content (messages, drafts, threads, attachments, contacts) is never sent to Serif servers (we operate none), nor to any third party, advertising network, data broker, or generalized analytics provider. The only network destinations that receive any data derived from your Google account are Google's own APIs and Firebase Cloud Messaging (push tokens only, no email content — see Section 6).
Serif does not use your Gmail data, contacts, or any other Google user data to train or fine-tune generalized artificial intelligence or machine learning models. Any on-device AI features (Apple Intelligence-powered quick reply suggestions, label suggestions, summaries) process the relevant message locally on your device using Apple's on-device foundation models. No Gmail content is sent to OpenAI, Anthropic, Google Gemini, or any other third-party AI provider.
Because Serif has no backend servers and no internal database storing your data, no Serif developer, employee, contractor, or operator has access to your Gmail data. The only party who can read your messages through Serif is you, on your signed-in device. Sign-in tokens are device-bound and not synchronized across devices by Serif.
In the unlikely event of a security incident affecting user data (e.g., a vulnerability in the app's local storage that could expose tokens), we will: (1) publish a security advisory on our website, (2) ship a patched app update via the App Store / TestFlight / GitHub Releases as soon as a fix is available, and (3) notify affected users in-app and by email within 72 hours of discovery. Users can report suspected vulnerabilities responsibly to dev.genyus@gmail.com.
Serif is signed with an Apple Developer ID, distributed exclusively through the Apple App Store (iOS), Apple-notarized DMGs (macOS), and the official GitHub Releases page. All releases are reproducible from the open commit history. We do not ship binary blobs of unknown provenance. Third-party dependencies are pinned and reviewed; we minimize their number to reduce supply-chain attack surface.
Serif does not share, sell, rent, or transfer Google user data to any third parties, except in the following limited cases necessary to provide the service:
Serif does not share Google user data with any other third-party services, advertisers, data brokers, or information resellers. Serif's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
On iOS, Serif uses the Gmail push notification API (users.watch) combined with Firebase Cloud Messaging to notify you of new emails. To enable this:
This data is used solely for delivering notifications and is deleted when you sign out.
Serif includes a built-in email tracker blocker that detects and removes tracking pixels, redirect links, and CSS-based trackers from known email marketing and analytics services. This processing runs entirely on your device. No data about detected trackers is collected or transmitted.
On macOS, Serif checks for updates via the Sparkle framework. This involves a standard HTTP request to download the update feed. No personal data or Google user data is transmitted during this process.
Serif does not collect analytics, usage data, or telemetry. There are no advertisements in the app. We do not use any third-party analytics, crash reporting, or tracking services. Google Analytics and Google Ads SDKs are explicitly disabled.
Serif does not operate its own backend servers. We do not have a database that stores your emails, contacts, or personal information. All communication happens directly between the Serif app on your device and Google's APIs. The developer has no ability to access, view, or retrieve your Google user data.
Google user data is retained on your device only as long as you are signed in to Serif. All locally cached data — including emails, tokens, account metadata, attachments, and drafts — is deleted when you:
On iOS, Firebase notification data (device token, preferences) is also cleaned up on sign-out.
You can revoke Serif's access to your Google account at any time from your Google Account permissions. Once revoked, Serif can no longer access your Google data, and any cached data will become inaccessible on next app launch.
Serif's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
Serif is not directed at children under 13. We do not knowingly collect personal information from children.
We may update this policy from time to time. Changes will be posted on this page with an updated date.
If you have any questions about this privacy policy or how Serif handles your data, contact us at dev.genyus@gmail.com.