Privacy Policy

Last updated: April 11, 2026

1. Overview

Silkwind (“we”, “our”, or “us”) is a privacy-first desktop email client developed and maintained by Pulse S.r.l., based in Italy. This Privacy Policy explains how we handle information when you use Silkwind and when you connect third-party accounts such as Google.

2. Google API Services — Limited Use

Silkwind’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data obtained from Google APIs is used only to provide the email client functionality directly to the user. Specifically, Silkwind:

Does not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
Does not transfer Google user data to third parties unless necessary to provide or improve user-facing features, with the user’s explicit consent, for security purposes, or to comply with applicable law.
Does not use or transfer Google user data to develop, train, or improve AI or machine learning models unrelated to the email client functionality.
Does not allow humans to read Google user data, except with the user’s affirmative agreement for specific messages, for security purposes such as investigating abuse, to comply with applicable law, or for the app’s internal operations when the data has been aggregated and anonymised.

3. Information We Access

When you authenticate with Google OAuth2, Silkwind requests access to the following data solely to operate the email client on your device:

Basic profile (openid, email, profile scopes) — your name, email address, and profile picture, used to identify your account within the application.
Email headers — sender, recipient, subject, date, and message identifiers, used to display your inbox and message list.
Email body and attachments — the full content of messages and attached files, rendered locally to display emails and allow attachment downloads.
Send access — the ability to send messages on your behalf when you explicitly compose and submit an email.
Email management — the ability to organise, archive, label, and delete messages within your mailbox.

All of the above is accessed via the Gmail API (scope https://mail.google.com/). Additionally, Silkwind requests the openid, email, and profile scopes to identify your account during authentication. No email content is ever transmitted to Silkwind servers — all processing occurs locally on your device.

4. How We Use Your Information

To authenticate your identity and link your Google account to Silkwind.
To fetch, display, and organise your emails within the application.
To send emails on your behalf when you explicitly compose and send a message.
To manage your mailbox (archive, label, delete) at your explicit direction.

We do not use your information for advertising, profiling, analytics, or any purpose beyond providing the email client functionality you requested.

5. Data Storage

Silkwind is a local-first application. Email data — including headers, message bodies, and attachments — is stored exclusively on your device and never uploaded to any server we operate.

Silkwind does not maintain any server-side infrastructure that processes or stores user email data. There is no backend server, database, or cloud storage operated by Silkwind that handles Google user data. This architecture eliminates entire categories of data breach risk.

OAuth2 tokens are stored securely in your operating system credential store (Keychain on macOS, Credential Manager on Windows, libsecret on Linux) and are never transmitted to our servers or any third party.

6. Data Sharing

We do not sell, trade, share, or transfer your personal information or email data to any third party. No Google user data is shared with analytics providers, advertising networks, data brokers, or any information resellers.

The only external service involved is Google, whose handling of your data is governed by Google’s Privacy Policy.

7. Data Retention and Deletion

Because all data is stored locally on your device, you are in full control of its retention:

Remove your account from Silkwind to delete all locally cached email data associated with that account.
Revoke Silkwind’s access to your Google account at any time via Google Account permissions.
Uninstall the application and delete its data directory to remove all remaining local data.

We do not retain any copy of your data on our servers, because no such servers exist. When you remove your data locally, it is gone — there is no cloud backup to purge.

You may request deletion of any data we may hold about you by contacting privacy@silkwind.app.

8. Data Protection

All communication with Google APIs is encrypted via TLS.
OAuth2 tokens are stored in the OS credential store — never in plaintext files.
No email content or credentials are transmitted to Silkwind infrastructure.
The application requests only the minimum scopes necessary to provide its functionality.
The application source code is available for audit under the AGPL v3 license.

9. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

Access — the right to request a copy of the personal data we process about you.
Rectification — the right to request correction of inaccurate personal data.
Erasure — the right to request deletion of your personal data.
Restriction — the right to request restriction of processing of your personal data.
Portability — the right to receive your personal data in a structured, commonly used format.
Objection — the right to object to processing of your personal data.
Withdraw consent — the right to withdraw consent at any time where processing is based on consent.

Because Silkwind is a local-first application that does not store your data on any server, exercising these rights is straightforward: remove your account from Silkwind or uninstall the application. To revoke access to your Google account, visit Google Account permissions.

For any requests related to your rights, contact us at privacy@silkwind.app.

The data controller is Pulse S.r.l., Italy. You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or with the supervisory authority of your country of residence.

10. Children’s Privacy

Silkwind is not directed at children under the age of 16 (as per GDPR). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information.

11. Third-Party Services

Silkwind connects to the following third-party services at the user’s explicit direction:

Google (Gmail API) — to access and manage email. Governed by Google’s Privacy Policy.
Microsoft (Outlook/Exchange) — to access and manage email. Governed by Microsoft’s Privacy Statement.
IMAP/JMAP servers — to access email on self-hosted or third-party mail servers. Data handling is governed by the respective server operator’s policies.

Silkwind does not connect to any third-party service without the user’s explicit action. No data is sent to any service that the user has not manually configured.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised “Last updated” date. Material changes will be communicated through the application or via email to registered users where possible.

13. Contact

For any questions about this Privacy Policy, contact us at:

Privacy inquiries: privacy@silkwind.app
General support: support@silkwind.app
Company: Pulse S.r.l. — Italy