Privacy Policy

Last updated: March 2026

🔒 TurboMail is built on a simple principle: your emails never leave your device. The AI runs locally. Your data stays local. We don't want your emails — and we've engineered the app so we can't have them even if we wanted to.

1. What TurboMail collects

TurboMail is a desktop application that runs entirely on your computer. The core app collects nothing from your email content.

Email content — stored only on your local device (SQLite database in your user data folder). Never transmitted to TurboMail servers.
AI processing — all AI models run locally on your CPU/GPU. No email text is sent to any external AI service.
Account credentials — OAuth tokens and IMAP credentials are stored encrypted in your device's OS keychain. TurboMail never sees or stores your passwords.

2. Waitlist and website

When you join our waitlist at turbomail.ai, we collect:

Your email address — to notify you when TurboMail is available and send occasional product updates.
A one-time verification code (OTP) to confirm your email address.

We use Supabase to store waitlist entries and Resend to send emails. We do not sell, share, or rent your email address to any third party. You can request removal at any time by emailing support@turbomail.ai.

3. Google OAuth (Gmail)

When you connect a Gmail account, TurboMail uses Google's OAuth 2.0 flow. We request the following scopes:

gmail.readonly — to read your emails
gmail.send — to send emails on your behalf
gmail.modify — to mark emails as read / move to trash
calendar.readonly — to show your calendar events (if you enable it)

Your Google OAuth tokens are stored locally on your device and are never transmitted to TurboMail's servers. TurboMail's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. Microsoft OAuth (Outlook)

When you connect an Outlook or Microsoft 365 account, TurboMail uses Microsoft's OAuth 2.0 flow. OAuth tokens are stored locally on your device and are never transmitted to TurboMail's servers.

5. IMAP accounts (Yahoo, iCloud, etc.)

For IMAP-based accounts, your app password is stored in your operating system's secure keychain (macOS Keychain / Windows Credential Manager). It is never stored in plaintext or transmitted to TurboMail's servers.

6. Analytics and crash reporting

TurboMail currently collects no analytics or crash reports. The app does not phone home. No telemetry is sent.

7. Auto-updates

The app checks GitHub Releases (github.com/iamnmn9/turbomail) for available updates. This request includes your app version number but no personal information.

8. Data storage location

All app data is stored in your operating system's user data directory:

macOS: ~/Library/Application Support/TurboMail/
Windows: %APPDATA%\TurboMail\

You can delete all app data at any time by removing this folder. Uninstalling the app does not automatically delete this folder.

9. Children's privacy

TurboMail is not directed at children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of TurboMail after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this privacy policy? Email us at support@turbomail.ai.

TurboMail is built by a small team that genuinely believes your inbox is none of our business. If you find anything in this policy that contradicts that, please tell us.