Privacy Policy

Bulk Forward for Gmail

Last updated: January 2025

Summary: Bulk Forward for Gmail does not collect, store, or transmit any of your personal data to external servers. All data stays on your device, and you control your own Google Cloud credentials.

Our Privacy-First Approach

Bulk Forward for Gmail is built with a unique "Bring Your Own Credentials" (BYOC) model that maximizes your privacy and control.

🔐 What BYOC Means For You

  • You create your own Google Cloud project — Your credentials, your control
  • We never see your OAuth tokens — Authentication happens between you and Google
  • No middleman servers — Your browser talks directly to Gmail's API
  • You can revoke access anytime — From your own Google Cloud Console

Information We Do NOT Collect

We want to be absolutely clear about what we don't do:

  • We do NOT collect your email content, subjects, or attachments
  • We do NOT collect your Google account credentials
  • We do NOT collect your OAuth tokens or API keys
  • We do NOT collect your recipient email addresses
  • We do NOT track your usage or browsing activity
  • We do NOT operate any servers that receive your data
  • We do NOT use analytics or tracking scripts

Data Stored Locally

The extension stores the following data locally in your browser using Chrome's secure storage API:

  • Your Client ID — The Google Cloud OAuth Client ID you create and provide
  • Saved recipients — Email addresses you choose to save for quick access
  • Forward history — A log of your forwards (subject lines and recipients)
  • Preferences — Theme choice, sound settings, and other options

This data is stored only on your device and is never transmitted anywhere. Uninstalling the extension removes all stored data.

How Email Forwarding Works

When you forward emails using this extension:

  • The extension detects which emails you've selected in Gmail
  • Using YOUR Google Cloud credentials, it calls Gmail's official API
  • Gmail's servers (operated by Google) process the forward request
  • The emails are sent from YOUR Gmail account

All communication is directly between your browser and Google's servers. We are not involved in the data flow.

Gmail API Permissions

The extension requests the following Gmail API scopes through your own Google Cloud project:

  • gmail.readonly — Read emails you select for forwarding
  • gmail.send — Send the forwarded emails
  • gmail.modify — Apply labels and mark as read (optional features)
  • userinfo.email — Show which account is connected

You can view and revoke these permissions anytime from your Google Account settings or your Google Cloud Console.

Third-Party Services

The extension includes an optional "Buy me a coffee" donation feature powered by Ko-fi. If you choose to use it:

  • Ko-fi's own privacy policy applies to donations
  • This feature is entirely optional
  • No data is shared unless you actively make a donation

Data Security

Your data is protected by multiple layers:

  • Chrome's extension sandboxing — Isolated from other extensions and websites
  • OAuth 2.0 — Industry-standard secure authentication
  • HTTPS only — All API communication is encrypted
  • Local storage only — Data never leaves your device

Your Rights

You have complete control:

  • View — See all stored data in the extension's History and Settings
  • Export — Download your forward history as CSV
  • Delete — Clear history in the extension or uninstall to remove everything
  • Revoke — Remove API access from your Google Cloud Console anytime

Children's Privacy

This extension is not intended for children under 13 years of age. We do not knowingly collect information from children.

Changes to This Policy

If we make changes to this privacy policy, we will update the "Last updated" date at the top. For significant changes, we'll include a note in the extension's update changelog.

Contact

Questions about this privacy policy or the extension?

Email: bulkforwardforg@gmail.com