Skip to content

Privacy and Data

Jump to bottom
mrdulasolutions edited this page May 13, 2026 · 1 revision

Privacy & Data

What AOS Mail stores, where it stores it, and what it sends to whom.

Short version

  • Mail bodies stay local in SQLite at ~/Library/Application Support/AOS Mail/data/aos-mail.db. We never upload your mailbox in bulk.
  • The agent sends individual messages to your chosen LLM provider (Anthropic or OpenRouter) on a per-call basis when triaging/drafting/summarizing. Subject, sender, body, recent thread context — whatever the prompt requires.
  • Secrets (API keys, OAuth refresh tokens, IMAP passwords) live in macOS Keychain. Never in plaintext on disk.
  • No telemetry beyond optional opt-in PostHog analytics (off by default). No third-party trackers, no fingerprinting, no analytics SDKs embedded in the renderer.

Where data lives

All app state is under ~/Library/Application Support/AOS Mail/:

Path What it is Sensitivity
data/aos-mail.db SQLite — emails, threads, accounts, drafts, learned rules, audit log, FTS5 index High (mail content)
credentials.json Gmail OAuth client config (per-install) Low (client ID/secret, not user-specific)
tokens-<account>.json OAuth refresh tokens (also mirrored to Keychain) High — but encrypted at the user level by Filevault if enabled
imap-creds-<account>.json IMAP server config (host, port, username only — never passwords) Low
preferences.json UI prefs, feature toggles Low
splits.json, snippets.json User-defined splits and snippets Low
sidecar.log Append-only log. Bodies, subjects, prompts are auto-redacted. Low

macOS Keychain holds the actual secrets:

  • anthropicApiKey
  • openRouterApiKey
  • googleClientId, googleClientSecret
  • imapPassword:<account> (one entry per IMAP account)

All under service com.mrdulasolutions.aosmail. Inspectable in Keychain Access.app.

What gets sent to LLM providers

The agent makes API calls to whichever LLM you configured — Anthropic or OpenRouter. Each call sends a prompt that includes:

Feature What gets sent
Email analysis Subject, sender (name+email), body, last 2-3 thread messages for context
Draft generation The thread we're replying to + your style profile (sentence patterns, common phrases) extracted from your sent mail
Thread summary All message bodies in the thread
Sender lookup Sender's name + email + (optionally) Anthropic's web_search tool result
Archive-ready analysis Last few messages of the thread
Learned rules classification Sender, subject, top of body

What is NOT sent:

  • Your full mailbox.
  • Mail from accounts you haven't actively triaged.
  • Attachments (the agent doesn't read attachments yet).
  • Your other accounts' mail when working on a different account.
  • Your config or preferences.

Anthropic specifically

Calls go to api.anthropic.com. Per Anthropic's policy:

  • Claude API traffic is not used for training.
  • Calls are retained for up to 30 days for trust & safety review, then deleted.
  • If you flagged "do not log" with your Anthropic account (Zero Data Retention), even that 30-day retention is skipped.

OpenRouter specifically

OpenRouter is a proxy. Your calls land at openrouter.ai/api, which forwards to whichever upstream provider you selected (Anthropic, DeepSeek, Google AI Studio, Mistral, etc.).

  • OpenRouter's privacy policy documents their retention.
  • Each upstream provider has their own policy — clicking through to the provider's model page on OpenRouter shows their data-use terms.
  • Free models on OpenRouter are typically the more aggressive ones for data retention. Paid tiers usually offer better privacy.

Web search (Sender Lookup feature only)

When the agent runs Sender Lookup, it uses Anthropic's web_search_20250305 tool. The query (typically the sender's name + email + company guess) is sent to Anthropic, which forwards it to their search backend. Results are summarized by Claude and returned. The query and result both pass through Anthropic; OpenRouter does not have an equivalent and Sender Lookup is gated to Anthropic-only.

What gets sent to your email provider

Standard IMAP/SMTP/Gmail API calls:

  • Read: AOS Mail fetches mail via your provider's standard APIs. Nothing unusual.
  • Write: when you reply, archive, label, snooze, or send — those are written back via the provider's API.
  • OAuth scopes (Gmail): read, modify, send, labels. The minimum to function. We do NOT request:
    • https://mail.google.com/ (full access)
    • Settings, contacts, drive, anything cross-product.

Standard mail provider terms apply (Google, Apple, Fastmail, etc.).

What does NOT leave your machine

  • Your full mailbox.
  • Any account credentials beyond the OAuth flow with your provider.
  • Mail bodies in bulk to any third party.
  • Telemetry about usage, clicks, time-spent, etc. (unless you opted in to PostHog analytics).
  • Crash reports automatically — there is no crash reporter.

Telemetry / analytics

AOS Mail has an optional PostHog integration that's off by default. If you opt in (Settings → Privacy → Analytics):

  • Anonymous usage events: feature-used counters, app version, macOS version.
  • No mail content. No personal info. No identifiers tied to your accounts.
  • The PostHog instance is self-hosted; data does not go to PostHog Cloud unless explicitly configured.

Opt-in is per-install; no default-on.

How to wipe your data

Just clear the local database

# Quit AOS Mail first.
rm ~/Library/Application\ Support/AOS\ Mail/data/aos-mail.db

Next launch will re-create the DB and re-sync from your provider. Accounts and settings persist.

Clear everything except Keychain

rm -rf ~/Library/Application\ Support/AOS\ Mail

Next launch is a fresh first-launch — you'll re-add accounts. Keychain entries (API keys, OAuth tokens, IMAP passwords) survive, so re-adding the same accounts skips re-auth.

Full nuke

rm -rf ~/Library/Application\ Support/AOS\ Mail
# Then clear all Keychain entries under com.mrdulasolutions.aosmail:
security find-generic-password -s com.mrdulasolutions.aosmail 2>&1 | grep '"acct"' | sort -u
# For each one shown, run:
security delete-generic-password -s com.mrdulasolutions.aosmail -a <account>

After full nuke, drag AOS Mail to Trash. Reinstalling is a clean first-launch from there.

Data export

Not currently supported in-app. The local SQLite database is standard SQLite; you can query it with any SQLite tool. To dump everything to JSON:

sqlite3 ~/Library/Application\ Support/AOS\ Mail/data/aos-mail.db \
  'SELECT json_object("subject", subject, "from", "from", "to", "to", "date", date, "body", body) FROM emails;' \
  > my-mail.ndjson

A proper export feature (per-account mbox/JSON dump) is on the roadmap.

Reporting a security issue

Email matt@mrdula.solutions (or open a private security advisory at https://github.com/mrdulasolutions/AOS-Mail/security/advisories). Do not file a public issue for security problems.

Home

Users

Developers

Issues · Releases · License

Clone this wiki locally