Privacy Policy

Last updated: March 1, 2026

Overview

Spondr ("the App") is a native Linux desktop email client developed by Stepmatic LLC ("we", "us", "our"). We are committed to protecting your privacy. This policy explains how the App handles your data.

Data We Access

Spondr connects to your Gmail account via the Gmail API. When you sign in, the App may access:

Your email messages, labels, and threads
Your email address and basic profile information
Your contacts (for address autocompletion)

How We Use Your Data

All email data is processed locally on your device. Spondr uses a local SQLite database to index and cache your mail for fast search and a responsive experience.

We do not store your email data on any external server.
We do not sell, share, or transfer your data to third parties.
We do not use your email content for advertising or analytics.

Authentication & Credentials

Spondr uses OAuth 2.0 with PKCE via your system browser to authenticate with Google. We never see, store, or transmit your Google password. OAuth tokens are stored securely on your local machine.

Google API Limited Use Disclosure

Spondr's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer this data to any other applications, except as necessary to provide or improve the App's features with your explicit consent.

Third-Party Services

Spondr communicates directly with Google's Gmail API to sync your email. No other third-party services have access to your data.

Data Retention

Email data cached locally is retained on your machine only while you use the App. You can delete all local data at any time by removing the App's data directory. Uninstalling Spondr removes all locally cached data.

How to Delete Your Data

To delete all local data, use the "Remove Account" feature within the Spondr settings menu. This will wipe your local SQLite database and configuration files. To fully revoke the App's access to your Google account, visit the Google Security Settings page.

Security

We implement industry-standard security measures including OAuth 2.0 PKCE authentication, encrypted token storage, and a local-only data architecture that minimizes attack surface.

Children's Privacy

Spondr is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, contact us at privacy@stepmatic.co.