Privacy Policy for Zenith

Effective Date: July 21, 2025

Welcome to Zenith ("App", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, Zenith. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Effective Date" of this Privacy Policy, and we encourage you to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the App after the date such revised Privacy Policy is posted.

1. Information We Collect

When you use Zenith, we may collect the following information:

A. Information You Provide to Us

• Account Information (via IMAP and SMTP): When you connect an email account to Zenith, you will provide your email address, IMAP server details, SMTP server details, and a password (or an app-specific password, if your email provider requires or recommends one) to access your mail. For standard operation, Zenith stores these details locally on your device. The App will then access and process data from that email account. This includes:
  • Email headers (sender, recipient, subject, dates, etc.)
  • Email body content (text and HTML)
  • Email attachments
  • When you compose and send an email, Zenith will also process the recipient addresses, subject, and body content of the outgoing message.
• Push Notification Credentials: If you choose to enable push notifications, an optional feature, you must provide your IMAP credentials (server, email, and password/app password) to our secure server. Our server uses these credentials to maintain an active connection to your email provider for the sole purpose of listening for new emails to notify you. Your credentials are not stored permanently.

B. Information Collected Automatically

We may collect standard usage data, device information, and diagnostic information to improve our App and services. In addition we collect domain names to enable spam filtering. This data is generally anonymized or aggregated.

2. How We Use Your Information

We use the information we collect in the following ways:

• To Provide and Maintain Our Service:
  • To allow you to access, manage, compose, and send your emails from various providers (via IMAP and SMTP) within a unified inbox in the Zenith app.
  • To display your emails, including headers, body content, and attachments, within the App on your local device.
  • To enable features such as pinning emails, archiving, unsubscribing, and blocking senders/domains.
  • To Provide Push Notifications: If you enable this optional feature, our server uses the credentials you provide to connect to your email account. When a new email is detected, our server triggers a push notification to your device via a third-party service (like Firebase Cloud Messaging). This notification may contain non-sensitive metadata such as the sender's name and email subject. Our server does not read or store the body content of your emails for this purpose.
  • We use the anonymized sender domain data to identify potential spam.
• To Provide AI-Powered Features:
  • Email content (from any connected account) is sent from your local device, through our secure server, to third-party Large Language Model (LLM) APIs to provide AI features such as summaries. Our server acts as a proxy to secure our API keys and manage usage; your email data is not stored on our servers.
  • Zenith does not use your email content or any other personal data collected through the app to develop, improve, or train generalized AI and/or machine learning models.
• To Improve Our App: To understand usage patterns and improve the functionality and user experience of Zenith.
• To Communicate With You: To respond to your inquiries and provide customer support.

3. Data Confidentiality

We do not sell your personal information. Zenith does not use your personal information or email content for serving advertisements. We may share information we have collected about you in certain situations:

• With Our Servers and Third-Party Push Providers:

  To deliver push notifications, your IMAP credentials are transmitted to and processed by our servers as described in this policy. Furthermore, to deliver the notification to your device, we use a third-party push notification service, such as Firebase Cloud Messaging (FCM). This means the notification payload (which may include sender and subject information) is passed through the push provider's infrastructure.

• With Third-Party AI Providers:

  To provide AI-powered features like email summarization, we send email content to third-party AI service providers. We ensure that any provider we use contractually agrees not to use your data to train their models. These providers may retain your data solely for security and compliance purposes.

  Our server acts as an intermediary to forward this data to the third-party AI services' API solely to protect our API keys and enforce usage limits associated with your Zenith subscription. No email data is stored on our servers during this process.

• Transmission to Your Email Provider (SMTP): When you send an email through Zenith, the email content (recipients, subject, body, and attachments) is transmitted securely from your device to your email provider's SMTP server using the credentials you provide. Zenith facilitates this connection but does not store the outgoing email content on its servers.
• By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

4. Data Storage and Security

Zenith is designed with a privacy-first, on-device primary model. For standard app functionality, your email data (headers, body, attachments) and your account credentials (email, password/app password, server details) are stored encrypted locally on your device to enable offline access and fast performance.

For optional, server-dependent features, some data must be processed on our servers:

• Push Notifications: If you enable this feature, your IMAP credentials are sent to our server and held in active memory to maintain a live connection with your mail provider. These credentials are not written to disk or stored permanently in a database on our servers. They are used solely for the purpose of detecting new mail and are discarded if the connection is terminated or you disable the feature in the app.
• AI Features: As described above, email content may pass transiently through our servers when being proxied to an LLM API, but it is not retained on our servers.
• Spam Filtering: To provide our spam filtering service, anonymized sender domain data is processed and may be temporarily stored on our servers to improve and maintain our filtering algorithms. This anonymized data cannot be linked back to individual users or their email accounts.

We use administrative, technical, and physical security measures to help protect your personal information and data transmitted to and from the App. All data communication between the App, our servers, and third-party services is encrypted using industry-standard HTTPS/TLS. Communication with your IMAP and SMTP servers is also encrypted using protocols like SSL/TLS, when supported by your email provider.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

5. Your Rights and Choices

• Accessing and Updating Your Information: You can access and manage your email data directly within the Zenith app.
• Opting-Out of Server Features: Features like Push Notifications are optional. You can enable or disable them at any time within the app's settings. Disabling the feature will terminate any related connection from our server to your email provider.
• Data Deletion: You can request the deletion of any data associated with your use of Zenith that might be indirectly held (such as support correspondence or aggregated analytics). To request data deletion, please email us at support [at] zenithmail.app with "Zenith Data Deletion Request" in the subject line. Please include details of all email accounts you have used with the App to help us identify any relevant information. Note that email data and account credentials stored locally on your device are under your control and can be deleted by uninstalling the app or removing accounts from within the app.

6. Children's Privacy

Zenith is not intended for use by children under the age of 13 (or a higher age if stipulated by local law). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information as soon as possible.

7. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: