Privacy Policy

1. Data controller

2. Chrome Extension for Gmail

Available on Chrome Web Store · ID: libceamdlacklkcnedklmhcjeeffmnao

Browser permissions

• storage — preferences and minimal local state (counters, last stamp shown). Never contains email content.
• unlimitedStorage — durably stores your private cryptographic key (non-extractable CryptoKey in IndexedDB) to read end-to-end encrypted emails (Confidential Mail). The key never leaves your device.
• notifications — alerts when a blocked or high-risk sender is detected (possible phishing).
• identity — obtains a Google OAuth token (chrome.identity) to call the Gmail API. The token is issued by Google, held in memory, and not stored on our servers.
• Host (mail.google.com, googleapis.com, securestamp.online) — injects the stamp into Gmail and enables communication with the Gmail and SecureStamp APIs.

Gmail OAuth scopes

• gmail.metadata — reads only the From/To/Subject headers of the opened email (the sender for the trust score; the full envelope to verify the ES256 notarial seal). No access to body or attachments.
• gmail.send — sends signed or encrypted emails only when you explicitly request it. Never automatically.

Data collected

• Sender email and domain (via gmail.metadata) to check authentication and trust stamp.
• User email to associate verifications with your SecureStamp account.
• Local verification state in chrome.storage.local (7-day TTL).

Data NOT collected

• Subject, body, attachments, or any other email content
• Google passwords or any other account passwords
• Mailbox history or data from other browser tabs

Management and storage

• Transmission: only sender email/domain → https://securestamp.online/api over HTTPS/TLS 1.3. Gmail API calls go directly to Google.
• Server: AWS DynamoDB us-east-1, AES-256 at rest, 90-day aggregated retention.
• Local: chrome.storage.local (7-day TTL) and the cryptographic key in IndexedDB reside only on your device and are never transmitted.
• OAuth token: issued by Google, held in memory during the session, not stored on our servers.

Data sharing

Never sold or shared with third parties. Used solely on SecureStamp servers for the trust score, and Google’s Gmail API for the operations you request. SecureStamp’s use of Google API data adheres to the Chrome Web Store Limited Use policy.

User controls

• Uninstall from chrome://extensions — all local data (including the cryptographic key) deleted automatically.
• Revoke OAuth access from your Google Account security settings.
• Request server-side deletion: privacy@securestamp.online

3. Outlook Add-in (Office Add-in)

Available on Microsoft AppSource and via manifest URL. Required permission: ReadWriteItem.

Read mode — sender verification

• Sender name and email (item.from): sent to the API to compute the trust score.
• Internet headers (item.internetHeaders.getAsync()): to detect the X-SecureStamp signature field in the email.
• User email address: retrieved from the Office.js mailbox object to associate the verification with the SecureStamp account.

Compose mode — stamp insertion

• The add-in writes an HTML identity block at the top of the outgoing email (item.body.prependAsync()).
• It does not read the email body being composed, nor transmit it to any server.
• It does not access recipients (To, CC, BCC) in any mode.

Data NOT collected

• Body, subject or attachments of emails read or composed
• Recipient lists (To, CC, BCC)
• Previous emails, folders or calendar data
• Office 365 credentials or Microsoft session tokens

Management and storage

• Transmission: only sender email/domain → https://securestamp.online/api over HTTPS/TLS 1.3.
• Server: AWS DynamoDB us-east-1, AES-256 at rest, 90-day retention.
• No local Office storage: does not use RoamingSettings or CustomProperties for personal data.

Data sharing

Never sold or shared with Microsoft or any third party. Used solely on SecureStamp servers.

User controls

• Uninstall from Outlook Settings → Add-ins, or via the Microsoft 365 Admin Center.
• Request deletion: privacy@securestamp.online

4. Public API and developer platform

SecureStamp public API calls log: source IP (anonymized to /24), API key used, domain/email queried, and timestamp. Retained 90 days for rate-limiting and audit purposes. Not shared with third parties.

5. Your rights

Access, rectification, erasure, portability and objection to processing. Contact: privacy@securestamp.online. Maximum response time: 30 business days.

Contact