Privacy Policy
Effective date: May 2026
Spindle is a self-hosted, personal email client. This policy describes what information
Spindle collects, how it is stored, and how it is used when you connect email accounts
through the application.
//information we collect
Spindle collects only the information required to operate as an email client:
- Account credentials — your Spindle username and a bcrypt hash of your password. The original password is never stored.
- Email account data — IMAP/SMTP hostnames, ports, and usernames you enter when adding an inbox. Passwords are encrypted with AES-256-GCM before being written to disk.
- OAuth tokens — when you connect a Gmail account, Google issues an access token and a refresh token. Both are encrypted with AES-256-GCM and stored locally in the Spindle database. They are never transmitted to any party other than Google.
- Email content — messages are fetched on demand from your email provider and displayed in the browser. Spindle does not store, cache, or index the body of any email.
- Session data — a session cookie is set to keep you logged in. Sessions are stored in the application database and expire after seven days.
- Invite codes — registration requires a one-time invite code issued by an administrator. The code used is recorded against your account for auditing purposes.
//how we use your information
All data collected by Spindle is used exclusively to provide the core email-client functionality:
- Authenticating you into the application.
- Connecting to your email providers (via IMAP/SMTP or the Gmail API) to fetch, display, send, and manage your email.
- Maintaining your session between page loads.
Spindle does not use your data for analytics, advertising, profiling, or any purpose beyond operating the application.
//google user data
Spindle's use of data obtained from Google APIs complies with the
Google API Services User Data Policy
, including the Limited Use requirements.
Specifically:
- Spindle requests access to your Gmail data solely to read, send, and manage your email within the application.
- Gmail data is not transferred to third parties except as necessary to provide the email-client service (i.e., communicating directly with Google's servers on your behalf).
- Gmail data is not used to serve advertisements or for any purpose unrelated to email management.
- Spindle does not allow humans to read your Gmail data unless you have explicitly shared it or Spindle is legally required to do so.
- OAuth tokens are stored encrypted on the server running Spindle and are used only to authenticate requests to the Gmail API on your behalf.
//microsoft user data
When you connect an Outlook account, Spindle uses the Microsoft Graph API to access
your mail on your behalf. OAuth tokens issued by Microsoft are encrypted with
AES-256-GCM and stored locally. They are never transmitted to any party other than
Microsoft. Spindle requests only the permissions required to read, send, and manage
your mail (Mail.ReadWrite, Mail.Send,
offline_access).
//administrator access
Each Spindle instance has at least one administrator. Administrators can view the
list of registered users, generate and revoke invite codes, change user roles, and
permanently delete user accounts. If your account is on a shared Spindle instance,
the administrator of that instance may take these actions on your account.
//data storage and security
- All data — including user accounts, email credentials, sessions, and invite codes — is stored in a single SQLite database on the server where Spindle is deployed.
- Passwords (Spindle account and IMAP) are never stored in plaintext. Spindle account passwords use bcrypt (12 rounds); IMAP passwords use AES-256-GCM encryption.
- OAuth tokens (access and refresh) for Gmail and Outlook are encrypted with AES-256-GCM using a key you control via the ENCRYPTION_KEY environment variable.
- Sessions are stored in the database and expire after seven days. No session files are written to disk.
- Because Spindle is self-hosted, the security of the stored data depends on the security of the server you operate it on.
//data sharing
Spindle does not sell, rent, or share your personal data with third parties. The only
external services your data touches are the email providers you explicitly connect
(e.g., Google for Gmail accounts) — and only to fulfil your requests within the application.
//data retention and deletion
Your data is retained for as long as your Spindle account exists. You can delete your
account at any time from the settings panel. Deleting your account permanently removes
your user record and all associated email account credentials from the database.
Revoking Spindle's access to your Google account via
Google Account Permissions
will invalidate the stored OAuth tokens and prevent Spindle from accessing your Gmail
until you reconnect.
//contact
Spindle is a self-hosted application. If you have questions about this policy or
about how your data is handled on a specific deployment, please contact the person
or organisation operating that instance.