Privacy Policy for Recipient Finder

Last Updated: October 10, 2025

Effective Date: October 10, 2025

      Privacy First: Recipient Finder stores all contact data
      locally on your device. Your email sender information never leaves your
      computer except for license verification.
    

1. What We Do

Recipient Finder helps you quickly find email recipients by indexing sender information from your inbox. Think of it as a fast search tool for "who has emailed me?"

2. What Data We Access and Store

2.1 Contact Index (Stored Locally Only)

What we read from your mailbox:

Email addresses from the "From" field
Display names (e.g., "John Smith")
Timestamps (when the email was received)

Where it's stored:

✅ On your device only (browser's local storage)
❌ Never sent to our servers
❌ Never uploaded to the cloud

Data Type	We Access	We Store Locally	Sent to Servers
Sender email addresses	Yes	Yes	No
Sender display names	Yes	Yes	No
Email timestamps	Yes	Yes	No
Email subjects	No	No	No
Email body content	No	No	No
Attachments	No	No	No

2.2 Authentication

What we collect:

Your Microsoft account email address
Basic profile information (name, photo)
Authentication tokens (issued by Microsoft, stored temporarily)

Why: To securely authenticate you with Microsoft Graph API.

Storage: Tokens stored in your browser session, expire automatically.

Note: We never see your password—authentication is handled by Microsoft.

2.3 License Information (Sent to Our Server)

What we send to our backend:

Your Microsoft account ID (unique identifier, not your email)
Trial activation and expiration dates
License status (trial/active/expired)

Why: To manage your 30-day trial and subscription.

Storage: Microsoft Azure servers (EU-West region).

Retention: 90 days after subscription ends.

3. Microsoft Graph Permissions

When you sign in, you'll be asked to approve these permissions:

Permission	What It Does
Mail.Read	Read sender information from your mailbox
User.Read	Read your basic profile (name, email)
openid, profile, email	Standard sign-in with Microsoft
offline_access	Keep you signed in between sessions

Important: All permissions are "Delegated"—the add-in only works when you're signed in. We have no background access to your mailbox.

4. How We Protect Your Data

Local Data (Contact Index)

Stored in your browser's secure storage
Protected by your device's security (OS encryption, account protection)
Never transmitted over the internet

Server Data (License Info Only)

All connections use HTTPS encryption (TLS 1.2+)
Data at rest encrypted with AES-256
Stored on Microsoft Azure (ISO 27001, SOC 2 certified)
Access restricted to authorized personnel only

5. Your Data Rights

View Your Data

All indexed contacts are visible within the add-in settings at any time.

Export Your Data

Click "Export Data" in settings to download your contact index as CSV or JSON.

Delete Your Data

Local data:

Click "Clear All Data" in add-in settings, OR
Uninstall the add-in (auto-clears local storage), OR
Clear your browser's site data

Server data (license info):

Email us to request deletion. We'll process it within 30 days.

Revoke Permissions

You can revoke Microsoft Graph permissions anytime:

Go to Microsoft Account Privacy
Find "Recipient Finder" under apps
Click "Remove permissions"

6. Data Sharing

We do NOT sell, rent, or trade your data. Ever.

We share data only with:

Microsoft: For authentication and mailbox access (governed by Microsoft's Privacy Policy)
Azure (Microsoft): For hosting license verification backend

We may disclose information if:

Required by law or court order
Necessary to protect our legal rights
Investigating fraud or security issues

7. Data Retention

Data Type	How Long We Keep It
Contact index (local)	Until you clear it or uninstall
License information	90 days after subscription ends
Authentication tokens	Session duration (~1 hour)

8. International Users

License data is stored in Microsoft Azure (EU-West region). We comply with GDPR for EU users and other applicable data protection laws.

GDPR Rights (EU Users):

Right to access your data
Right to correct inaccurate data
Right to delete your data
Right to export your data
Right to object to processing

To exercise these rights, email us using the contact information below.

9. Children's Privacy

Recipient Finder is designed for business and professional use. We do not knowingly collect data from users under 18.

10. Changes to This Policy

We may update this policy as we improve the add-in. You'll be notified via:

In-app banner when you next open Recipient Finder
Email (if we have your contact)
Updated date at the top of this page

This privacy policy was last updated on October 10, 2025.