Privacy Policy

Kodamail is not affiliated with Google or any of its products.

Gmail and Drive are registered trademarks of Google.

Personal Data

We collect:
Your ISP,  browser used,  ip address (encrypted),  email address (encrypted),  date & time you visited the site.

For emails that contain a tracking image, we also record (and AES encrypt) meta data: subject, sent to, email Id, but not the message itself.

The User acknowledges and agrees that the use of Kodamail (the web service) is of his own free and exclusive decision. Kodamail, and its directors and employees shall not be held liable for any loss or damage arising from the collection and the processing of the recipients personal data and/or as a result of using the web service.

The user agrees that they must have an effective password management system in place that effectively prohibits unauthorised access to all websites including
ie keep your passwords somewhere safe that cannot be accessed by anyone else.
Do not use the same password for multiple websites.
Change your password if you suspect unusual activity.
Do not access your gmail account from a friends or public device.
We do not have access to your google password, all Signing in / authentication is by the "One tap sign in" provided by Google Identity. warrants that no information recorded by is passed onto any other parties without the express permission of the user, or if required by applicable law. uses Amazon web services.

Credit card information is sent directly to Stripe. We never have access to your credit card information.

All personally identifying information (email addresses, subjects, user names, ip addresses etc) are encrypted at rest using AES 256. Data 'at rest' is data stored in database or other storage methods such as memcached, Redis, CouchBase etc.

Additional Limits on Use of Your Google User Data:

Notwithstanding anything else in this Privacy Policy, if you provide Kodamail access to your Google data, Kodamail's use of that data will be subject to these additional restrictions:

Kodamail will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless complied to by applicable law, or as part of a merger, acquisition, or sale of assets.

Kodamail only stores metadata, it does not store passwords, email bodies or attachments (except where you elect to use our attachment/password protected attachments service in which case your attachment is securely stored using Amazon S3).

Kodamail will not under any circumstances use this Gmail data for serving advertisements, or pass any data on to 3rd parties.
Kodamail will not allow humans to read this data unless we have your affirmative agreement for specific messages, or doing so is necessary for security purposes such as investigating abuse, or to comply with applicable law, or for the App's internal operations and even then only when the data has been aggregated and anonymized.

If you wish to close your account, Kodamail will if requested, remove all your data from our servers.

Connecting to Gmail

When the extension is installed you will be asked to sign in using Google. .

Requests to use Google Identity Services and are verified by authenticating the id_token provided by Google.

You can switch off or delete any chrome extension here: chrome extensions.
To view/edit your google account visit: your google account
Apps with access to your account can be found here.

If you want to track/password protect an attachment from Google Drive (optional), you will be asked for permission (from Google) and if permission is granted we use the Google Drive API. Because it's not possible to directly track/password protect a Drive file, the file is uploaded to Amazon S3 and given a secure link that can only be accessed if authorized by you. Any files that you secure this way can be deleted at any time by you. As mentioned previously this is an optional feature available to a paid subscription so you won't be asked for permission for kodamail to access Google Drive unless you decide to use it.

Email tracking

Email tracking services use an image (typically one pixel) embedded in the email. When the email is opened it calls the server, this enables us to record the time it was opened, the type of device used, and the ip address. The IP address can give us the approximate location of the user, however IP addresses from mobile devices can be hundreds of miles away from the users actual location. In addition, many email providers (such as Gmail and Yahoo) route all image calls through a proxy server this reflects the IP address of the proxy rather than the users device.
(which means that relying on the ip address to determine where the user was when they opened the email can be very inaccurate).


Our email address is:
If you wish to encrypt your message our Public Key is:

Version: OpenPGP.js 5.0.1



For encryption we use the open source library provided by

All encryption is processed in your browser, passwords or passphrases are not transmitted to our servers, they are stored temporarily (time is set by you) in your browser whilst you encrypt or decrypt and then deleted from memory. It is essential that you store your passwords/pass phrases somewhere safe, separate from your device, one method is to put them on a memory stick.
We also strongly recommend you download your Private and Public key pair(s) and store on an external memory device.
Your Private and Public key pair(s) are stored in the browsers local storage, if the local storage was cleared (accidental, browser update etc) the data is lost, so please download and backup elsewhere!

With Gmail and many other email providers, your message is updated to their servers as you type and stored as is in plain text** - not encrypted. This is a very useful feature as you don't have to remember to save the message, it is constantly being saved as a draft message. If you elect to encrypt your message, your message is not saved by Gmail until after it's encrypted.
(Gmail does however save the subject line and whom the email is being sent to. The subject line is never encrypted, We adhere to the OpenPGP standard which largely respects the SMTP protocol. In PGP, the subject line is part of the header packet which is not end-to-end encrypted.)

**(clarification, 12-May-22: Google I believe store your emails in encrypted form (at rest) on their servers. However they have the encryption keys and so can "read" your data unless you have encrypted your message in which case Google cannot and only the owner of the private key can decrypt it. I also believe they go to great lengths to ensure your data is safe and only machine readable unless the authorities demand them to hand over the email data.)

Edward Snowden alerted the world to the importance of encyption and our privacy,
you can read more at:

If at any time you are concerned about our privacy policy you can email:

Policy updated: December 7, 2022.