Privacy Policy

Kodamail is not affiliated with Google or any of its products.

Gmail and Drive are registered trademarks of Google.

Personal Data

We collect:
Your ISP,  browser used,  ip address (encrypted),  email address (encrypted),  date & time you visited the site.

For emails that contain a tracking image, we also record (and AES encrypt) meta data: subject, sent to, email Id, but not the message itself.

The User acknowledges and agrees that the use of Kodamail (the web service) is of his own free and exclusive decision. Kodamail, and its directors and employees shall not be held liable for any loss or damage arising from the collection and the processing of the recipients personal data and/or as a result of using the web service.

The user agrees that they must have an effective password management system in place that effectively prohibits unauthorised access to all websites including
ie keep your passwords somewhere safe that cannot be accessed by anyone else.
Do not use the same password for multiple websites.
Change your password if you suspect unusual activity.
Do not access your gmail account from a friends or public device.
We do not have access to your google password, all Signing in / authentication is by the OAuth2 protocol provided by Google. warrants that no information recorded by is passed onto any other parties without the express permission of the user, or if required by applicable law. uses Amazon web services.

Credit card information is sent directly to Stripe. We never have access to your credit card information.

All personally identifying information (email addresses, subjects, user names, ip addresses etc) are encrypted at rest using AES 256. Data 'at rest' is data stored in database or other storage methods such as memcached, Redis, CouchBase etc.

Additional Limits on Use of Your Google User Data:

Notwithstanding anything else in this Privacy Policy, if you provide Kodamail access to your Google data, Kodamail's use of that data will be subject to these additional restrictions:

Kodamail will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless complied to by applicable law, or as part of a merger, acquisition, or sale of assets.

Kodamail only stores metadata, it does not store passwords, email bodies or attachments (except where you elect to use our attachment/password protected attachments service in which case your attachment is securely stored using Amazon S3).

Kodamail will not under any circumstances use this Gmail data for serving advertisements, or pass any data on to 3rd parties.
Kodamail will not allow humans to read this data unless we have your affirmative agreement for specific messages, or doing so is necessary for security purposes such as investigating abuse, or to comply with applicable law, or for the App's internal operations and even then only when the data has been aggregated and anonymized.

If you wish to close your account, Kodamail will if requested, remove all your data from our servers.

Connecting to Gmail

When the extension is installed you will be asked to sign in using Google. .

Requests to use OAuth2 and are verified by authenticating the id_token provided by Google.

You can switch off or delete any chrome extension here: chrome extensions.
To view/edit your google account visit: your google account
Apps with access to your account can be found here.

If you want to track/password protect an attachment from Google Drive (optional), you will be asked for permission (from Google) and if permission is granted we use the Google Drive API. Because it's not possible to directly track/password protect a Drive file, the file is uploaded to Amazon S3 and given a secure link that can only be accessed if authorized by you. Any files that you secure this way can be deleted at any time by you. As mentioned previously this is an optional feature available to a paid subscription so you won't be asked for permission for kodamail to access Google Drive unless you decide to use it.

Email tracking

Email tracking services use an image (typically one pixel) embedded in the email. When the email is opened it calls the server, this enables us to record the time it was opened, the type of device used, and the ip address. The IP address can give us the approximate location of the user, however IP addresses from mobile devices can be hundreds of miles away from the users actual location. In addition, many email providers route image calls through proxy servers reflecting the IP address of the proxy rather than the users device.
(which means that relying on the ip address to determine where the user was when they opened the email can be very inaccurate).


Our email address is:
If you wish to encrypt your message our Public Key is:

Version: OpenPGP.js v3.0.10
xsFNBFtudRUBEACEOmsuZYhc9c+DP64325EfCp4D12hwFJL4mg9q+0k3OHn/ gjC2eUa6CrPzeeC/6bSC9YDMMUJQ6tl/NsZYB/3jPq97elFlHRP9QlrM6+fN 3iRE9aSduiokdmfJZfQW6yEQ7NC5ZQ/jaOVRYNcYhVrf5eVE4OhkphArhV7x cAs1A6fiFUCOt0B5aoRXzJKxq8+ZxOmcNPyBxdnsqwaIo5lkj9sXWYgjKSue 1DKg6iqS7GFybv8ZDz/DiRRrgR9kJeyiDfYJiq2XcoRjH/C4w90TyVTa4eoW wblkZx4N6+4rfTL6iORtDCeRVGyRX3Kh1cx+0pf+yCIsIRj8IKCiBbWjTyhJ JaJ9tEdDISGKpLoFYugXDkD8PPFRJr6OL+1VA7jp7tglzguF5lvoayc0v0Za xxgHaOQvVJ78WAWAihMhbu2Wo9eP8hk6UaE5/WDZsC/VjcsRJFuDyNFuSvLw NZFGw2e8pzNZ8gGP31iDdiVbVoF0Ku4OHikSrOQg81F7c/2ULG2W6Tw3p0ZY sl2qri0FNqPD7cIVvCAqvLLa2G1XAMu4tFyZKbtSGonO4LkNOMTDQEazzO1m f2atVy7dfhSBTij0Ed6RtdD2JikWWq/xJSreRtPnhSQg6ceeS863ANY/Ghrg MZ5crP5gt/qYQ86isxyF1/WKuydQzjrNo4katwARAQABzRphZG1pbiA8YWRt aW5Aa29kYW1haWwuY29tPsLBdQQQAQgAKQUCW251FQYLCQcIAwIJEMPuNed1 xw3tBBUICgIDFgIBAhkBAhsDAh4BAAC0xg//eWeIWh7DtOPiQ1V6/vzbSsx1 Z5Doz+Psg+Yw2+WEK5JJdBi4FXxEuyr6o+eXx3Ot3oNGuFs0ueGVeGzlVS0j 8BfBhgXHwIu1pc5vf4Y3AptTEFJ0shFGTBbwJ6OGHeHgKIYUJrnL2aieElhY ncSSm5rCE6BE99lWWRH8/YQvsk6DSV1UPn39QzWB77gibJHEcZ7l2t1mvomh W4BP1dAHHvD3RG4enduSG1vIORHKPHga7487v/O7q3uD4fOQDRf6O1/KnqCX PYveMhAPrw6UgqQDtsO5UYpvp03yTbahbkh1Qm6l2igpK5rw4HokArrLTrVO EV6DVD19qkKGqubnOQdFea2mISRfE5xFuol/W0ZaV3yRDaNnmAdOuqRzqYIp hJtXf3IUPIYd/2NcngrKjHL3hWX93s8F/HGHFoeRMekT4ihgufxRaYiQAdQU Z4993LMaeXbtorLT/HOFjsd7VCg2cl5bOZsxY4t3MqpipWcG5pH5Jm0dADZU nMAAhgGTTeZkf63r+YhXNEl4lJb16npckN0v3Q0nu6W4olT977ehdOI7vQtC /ftMKG6OA6yfbtm7DUdyvX7tFPWxW+rytsXu/alWNlMVYrFHq5DEed3tefCY V6xmziHkkyp3Ngxao/pfj2V8MwF5zFNrOATN5xpmeq/Pc1XjnZkwyQeE6TrO wU0EW251FQEQAKhXyEr3gb0off/24RD+yOjV2WndSIM8CJiMs6eNTPYic7wY 0luMDKls80KmQKHPkKr7GQ1/NTCR3jW+cTPY3sM0Q1sF1uzE4WUU0+K5TVOs Yw25j1X4vIWMWvztUFR4yxHhhU7lF8JDi0Ekx4rJQsZEQ2YN4m2IXPLO9YoE FPzRmEmZ5Quvta0BnGd0LUfzAe5oO0PrfFEhT0FQpfY1N1e4OMIFJvWTGjzv QLFXT07c3qvij9iixwO9Fg2leHPW0Nq5XCkH5fAXkfMNGkOrmxJfy2xD6SGf KPLkynFySQsdCKANsY9EYlrWBBaARQnMHPgA/6opRXhPrqAW+nuvrOu+Q8Xe ZF4TtWUPMyZNszKOYvspeGDpGMN2f/WanHHdfYwplP3cbGAOhhbVQo4QM/2M ZaYcItCQFlAjiPmQVnsA/33U0HX3cLaHQasTkz4G6Pbk2qLCG385CQAmP05i kGXupihoEUhUY0+p+uz2JKonsbFM6cxo7pMDbOv5uSJ1HhObXAAshp6GEtRs g2MlFhmyMpnMP1Moue2RaULbM4X3WjC+WQoI1aDSgBmripUsyXGN4oZwnpsI 13Uoffx3e+jbHdsQoSv8xgrcmgvHDLFuqMmz2htP4ZOi2H4wXIKSYwwZS8gD QV3MJT/ubqKgSOxsWoJmk9ZqGS/gaHRXA6SvABEBAAHCwV8EGAEIABMFAltu dRUJEMPuNed1xw3tAhsMAADEBQ//UZzj7whyssgyysarRTXIyQVENOyK8mLO 7Xaa0Y6u1RNOxqoRhucLHKi2pTLWuquTZ+/2pU+m6FhLhTcnnKGzzZGde4Wz tPLQmwwvPUHxADLFND2jjgUpS4TvAIdjUv8iVTmhnQKB0+w9gIxK54VnL9r2 h+cZmMHtrugcjAT3KtL1blVc8cXFz+Xk+uyn/PhUrJHUJq4qRK9Bq+Ax2ZSE RLr2hkx5LH9ss0ImJU/o287k33+8UAtbtRFGFlG2sV/rrOaaFnvuo+olcfyr YbSL2KwjAXKnTI1CNUTBYrCG5cMBsKQeLUUy1gcMsMMtC6MrIzWdrWZwel1c +koxTVEvDHkq3iq+xdMNWJmeJjE3QiN3D3yv4VLz5cuA6xhXSG+lXZj2Wu5a vWIW2PHtQLdnLexB2bGhyISA/a86hy3a/GdcjRO92PIl89AuZW+8hu0L0I/e VjAul6JkshnrtehGLdeXc6uXOQv1JIzuBR1P2NP2ctQ9Gp3QpHfk28reADEY 5p2MWmAo1eutJ1qdksJVDtaIAGO9qbLACwCsejxGAdCRontscLHp5pRBhfE1 I4ebi/j0ldMfJyKkmKB4r2K/CyZvv3LhpktglcX+XW9BZQodtjnJM0yTjfjH iGlu5klIImK3yNkGbd34ydbmXmI7z7SlWKTTQNj5/mBKmW73hjM= =jKtM -----END PGP PUBLIC KEY BLOCK-----


For encryption we use the open source library provided by

All encryption is processed in your browser, passwords or passphrases are not transmitted to our servers, they are stored temporarily (time is set by you) in your browser whilst you encrypt or decrypt and then deleted from memory. It is essential that you store your passwords/pass phrases somewhere safe, separate from your device, one method is to put them on a memory stick.
We also strongly recommend you download your Private and Public key pair(s) and store on an external memory device.
Your Private and Public key pair(s) are stored in the browsers local storage, if the local storage was cleared (accidental, browser update etc) the data is lost, so please download and backup elsewhere!

With Gmail and many other email providers, your message is updated to their servers as you type and stored as is in plain text - not encrypted. This is a very useful feature as you don't have to remember to save the message, it is constantly being saved as a draft message. If you elect to encrypt your message, your message is not saved by Gmail until after it's encrypted.

Edward Snowden alerted the world to the importance of encyption and our privacy,
you can read more at:

If at any time you are concerned about our privacy policy you can email:

Policy updated: Thursday, October 17, 2019.